81 matches found
SUSE-SU-2021:0563-1 Security update for avahi
This update for avahi fixes the following issues: - CVE-2021-26720: drop privileges when invoking avahi-daemon-check-dns.sh bsc1180827 - Add sudo to requires: used to drop privileges...
SUSE-SU-2021:0545-1 Security update for postgresql13
This update for postgresql13 fixes the following issues: Upgrade to version 13.2: - Updating stored views and reindexing might be needed after applying this update. - CVE-2021-3393, bsc1182040: Fix information leakage in constraint-violation error messages. - CVE-2021-20229, bsc1182039: Fix failu...
net-snmp: Improper Privilege Management in EXTEND MIB may lead to privileged commands execution
A flaw was found in Net-SNMP through version 5.73, where an Improper Privilege Management issue occurs due to SNMP WRITE access to the EXTEND MIB allows running arbitrary commands as root. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...
Apple macOS Catalina Privilege Permission and Access Control Issues Vulnerability
Apple macOS Catalina is a specialized operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS Catalina versions prior to 10.15, which stems from a malicious application that may be able to access restricted files. No details of the vulnerability...
Android Privilege Permission and Access Control Issues Vulnerability
Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA. A vulnerability exists in the Android-11 version with privilege permission and access control issues. An attacker can exploit the vulnerability to cause local information about wireless data to b...
The vulnerability of the pg_ctlcluster script in the postgresql-common package involves insecure privilege management. This allows attackers to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the pgctlcluster script in the postgresql-common package is related to an access rights rollback error during the creation of temporary directories for sockets/stats. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrit...
McAfee Endpoint Security Privilege Permission and Access Control Issues Vulnerability
McAfee Endpoint Security ENS is the United States McAfee McAfee company's set of framework for providing intelligent collaboration and advanced threat defense. The framework supports the entire threat defense lifecycle of real-time communications control and actionable threat forensics and so on....
Bitdefender Antivirus for Mac Permission License and Access Control Issues Vulnerability (CNVD-2020-52440)
SOFTWIN BitDefender Antivirus is a suite of antivirus programs from the Romanian company SOFTWIN. A vulnerability exists in BDLDaemon in versions prior to Bitdefender Antivirus for Mac 8.0.0 with privilege permission and access control issues. The vulnerability stems from a lack of effective...
Linux Administrative Tools for Intel Network Adapters Privilege Permission and Access Control Issues Vulnerability
Linux Administrative Tools for Intel Network Adapters is a Linux-based administrative tool for Intel network adapters from Intel. A vulnerability exists in Linux Administrative Tools for Intel Network Adapters prior to version 24.3 for privilege permission and access control issues. The...
Google Chrome Permissions License and Access Control Issues Vulnerability (CNVD-2019-38243)
Google Chrome is a web browser from Google, an American company. A vulnerability exists in Google Chrome prior to version 78.0.3904.70 with privilege permission and access control issues. A remote attacker can exploit this vulnerability to bypass the CSP protection mechanism and perform...
WordPress advanced-ajax-page-loader plugin permissions permission and access control issues vulnerability
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. advanced-ajax-page-loader is an AJAX page loading plugin used in it. The WordPress advanced-ajax-page-loader plugin is...
Zoho ManageEngine OpManager Permission License and Access Control Issues Vulnerability
Zoho ManageEngine OpManager is a suite of network, server and virtualization monitoring software from Zoho. A vulnerability exists in Zoho ManageEngine OpManager due to privilege permission and access control issues. An attacker could use this vulnerability to execute commands on the server...
Rancher Labs Rancher Privilege Permission and Access Control Issues Vulnerability (CNVD-2019-43042)
Rancher Labs Rancher is the United States Rancher Labs, Inc. of a set of open source enterprise-class container management platform. A vulnerability exists in Rancher Labs Rancher with privilege permission and access control issues. An attacker can exploit this vulnerability to gain administrator...
Intel Quartus Software Privilege License and Access Control Issues Vulnerability
Intel Quartus Software is a suite of software for hardware programming from the American company Intel Intel. A vulnerability exists in Intel Quartus Software due to a privilege license and access control issue. The vulnerability arises from a lack of effective privilege permission and access...
Synology SSL VPN Client Privilege Permission and Access Control Issues Vulnerability
Synology SSL VPN Client is a VPN client software for secure connection to Synology NAS from Synology, Taiwan, China. A vulnerability exists in Synology SSL VPN Client with privilege permission and access control issues. An attacker can exploit this vulnerability to conduct a man-in-the-middle...
Synology Router Manager Privilege Permission and Access Control Issues Vulnerability
Synology Router Manager SRM is a software for configuring and managing Synology routers from Synology Inc. of Taiwan, China. A vulnerability exists in Synology Router Manager with privilege permission and access control issues. An attacker could exploit this vulnerability to obtain sensitive...
PT-2018-2000 · Kubernetes · Minikube
Name of the Vulnerable Software and Affected Versions: minikube versions 0.3.0 through 0.29.0 Description: The issue is related to privilege management errors in the minikube command-line utility. It allows a remote attacker to execute arbitrary code. In certain VM environments where the IP is ea...
SUSE-SU-2015:1511-1 Security update for libgcrypt
This update fixes the following issues: Security: Fixed data-dependent timing variations in modular exponentiation related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks are Practical bsc920057 Bugfixes: don't drop privileges when locking secure memory bsc938343...
FreeBSD : PostgreSQL -- multiple privilege issues (42d42090-9a4d-11e3-b029-08002798f6ff)
PostgreSQL Project reports : This update fixes CVE-2014-0060, in which PostgreSQL did not properly enforce the WITH ADMIN OPTION permission for ROLE management. Before this fix, any member of a ROLE was able to grant others access to the same ROLE regardless if the member was given the WITH ADMIN...
OpenJDK: MBeanServer insufficient privilege restrictions (JMX, 8006446)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX...