59 matches found
Juju: CloudSpec method leaking cloud credentials
Impact If a user has login permission to a controller and knows the controller model UUID, they can call the CloudSpec method on the Controller facade and get cloud credentials used to bootstrap the controller. The CloudSpec API is called by workers running in the controller to maintain connectio...
EUVD-2026-16565
Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential will lead into full access to the affected component. Limit access to the doveadm http service port,...
CVE-2025-59032
CVE-2025-59032 affects ManageSieve: the AUTHENTICATE command crashes when a literal is used as the SASL initial response, potentially making the ManageSieve service unavailable for other users. Practical impact is availability denial of the service. Remediation provided in the entry is to upgrade...
PT-2026-28364
Name of the Vulnerable Software and Affected Versions Doveadm affected versions not specified Description Doveadm credentials are verified using direct comparison, which is susceptible to a timing oracle attack. An attacker could potentially determine the configured credentials, leading to full...
Security update for kernel-livepatch-MICRO-6-0_Update_7
This update for kernel-livepatch-MICRO-6-0Update7 fixes the following issues: CVE-2025-38664: ice: Fix a null pointer dereference in icecopyandinitpkg bsc1248631 CVE-2025-38618: vsock: Do not allow binding to VMADDRPORTANY bsc1249207 CVE-2025-38617: net/packet: fix a race in packetsetring and...
SUSE-SU-2025:3927-1 Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP6)
This update for the Linux Kernel 6.4.0-1506002338 fixes several issues. The following security issues were fixed: - CVE-2025-38664: ice: Fix a null pointer dereference in icecopyandinitpkg bsc1248631. - CVE-2025-38617: net/packet: fix a race in packetsetring and packetnotifier bsc1249208. -...
SUSE-SU-2025:3880-1 Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP6)
This update for the Linux Kernel 6.4.0-1506001023 fixes several issues. The following security issues were fixed: - CVE-2025-38664: ice: Fix a null pointer dereference in icecopyandinitpkg bsc1248631. - CVE-2025-38617: net/packet: fix a race in packetsetring and packetnotifier bsc1249208. -...
PT-2025-23067
Name of the Vulnerable Software and Affected Versions Fortinet FortiClientWindows versions 7.2.0 through 7.2.1 Description The issue allows an unauthorized remote attacker to view application information by navigating to a hosted webpage, if Windows is configured to accept incoming connections to...
PT-2025-16826 · Unknown · Telecontrol Server Basic
Name of the Vulnerable Software and Affected Versions: TeleControl Server Basic versions prior to 3.1.2.2 Description: The issue allows an authenticated remote attacker to bypass authorization controls, read from and write to the application's database, and execute code with "NT...
PT-2025-16822 · Unknown · Telecontrol Server Basic
Name of the Vulnerable Software and Affected Versions: TeleControl Server Basic versions prior to 3.1.2.2 Description: The issue allows an authenticated remote attacker to bypass authorization controls, read from and write to the application's database, and execute code with "NT...
PT-2025-16866 · Unknown · Telecontrol Server Basic
Name of the Vulnerable Software and Affected Versions: TeleControl Server Basic versions prior to 3.1.2.2 Description: The issue allows an authenticated remote attacker to bypass authorization controls, read from and write to the application's database, and execute code with "NT...
PT-2025-16830 · Unknown · Telecontrol Server Basic
Name of the Vulnerable Software and Affected Versions: TeleControl Server Basic versions prior to 3.1.2.2 Description: The issue allows an authenticated remote attacker to bypass authorization controls, read from and write to the application's database, and execute code with "NT...
PT-2025-16841 · Unknown · Telecontrol Server Basic
Name of the Vulnerable Software and Affected Versions: TeleControl Server Basic versions prior to 3.1.2.2 Description: The issue allows an authenticated remote attacker to bypass authorization controls, read from and write to the application's database, and execute code with "NT...
PT-2025-16862 · Unknown · Telecontrol Server Basic
Name of the Vulnerable Software and Affected Versions: TeleControl Server Basic versions prior to 3.1.2.2 Description: The issue allows an authenticated remote attacker to bypass authorization controls, read from and write to the application's database, and execute code with "NT...
PT-2025-16847 · Unknown · Telecontrol Server Basic
Name of the Vulnerable Software and Affected Versions: TeleControl Server Basic versions prior to 3.1.2.2 Description: The issue allows an authenticated remote attacker to bypass authorization controls, read from and write to the application's database, and execute code with "NT...
PT-2025-16869 · Unknown · Telecontrol Server Basic
Name of the Vulnerable Software and Affected Versions: TeleControl Server Basic versions prior to 3.1.2.2 Description: A SQL injection vulnerability has been identified in the affected application through the internally used ExportCertificate method. This could allow an authenticated remote...
PT-2025-16831 · Unknown · Telecontrol Server Basic
Name of the Vulnerable Software and Affected Versions: TeleControl Server Basic versions prior to 3.1.2.2 Description: The issue allows an authenticated remote attacker to bypass authorization controls, read from and write to the application's database, and execute code with "NT...
PT-2025-16823 · Unknown · Telecontrol Server Basic
Name of the Vulnerable Software and Affected Versions: TeleControl Server Basic versions prior to 3.1.2.2 Description: The issue allows an authenticated remote attacker to bypass authorization controls, read from and write to the application's database, and execute code with "NT...
PT-2025-16821 · Unknown · Telecontrol Server Basic
Name of the Vulnerable Software and Affected Versions: TeleControl Server Basic versions prior to 3.1.2.2 Description: A SQL injection vulnerability has been identified in the affected application through the internally used UpdateOpcSettings method. This could allow an authenticated remote...
PT-2025-16817 · Unknown · Telecontrol Server Basic
Name of the Vulnerable Software and Affected Versions: TeleControl Server Basic versions prior to 3.1.2.2 Description: A SQL injection vulnerability has been identified in the affected application through the internally used UpdateSmtpSettings method. This could allow an authenticated remote...