Lucene search
K

31 matches found

SUSE CVE
SUSE CVE
added 2025/05/21 12:51 a.m.5 views

SUSE CVE-2025-3931

A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks,...

7.8CVSS6.7AI score0.00152EPSS
Exploits0References3
CVE
CVE
added 2025/05/14 11:54 a.m.94 views

CVE-2025-3931

Yggdrasil (the system daemon that uses a D-Bus message broker to route data to worker processes) has a local privilege escalation flaw (CVE‑2025‑3931) due to missing authentication/authorization when dispatching messages to workers. An attacker with local system access could leverage this unprote...

7.8CVSS7.6AI score0.00152EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/05/14 11:52 a.m.3 views

yggdrasil: Local privilege escalation in yggdrasil

A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks,...

7.8CVSS5.8AI score0.00152EPSS
Exploits0References5
Prion
Prion
added 2022/08/18 5:15 a.m.16 views

Design/Logic Flaw

An issue was discovered in HestiaCP before v1.3.5. Attackers are able to arbitrarily install packages due to values taken from the pgk parameter in the update request being transmitted to the operating system's package manager...

5CVSS7.5AI score0.00626EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/08/18 12:0 a.m.6 views

HestiaCP 安全漏洞

HestiaCP is a lightweight and powerful control panel for modern networks. A security vulnerability exists in HestiaCP versions prior to v1.3.5, which stems from the value obtained from the pgk parameter in an update request being transmitted to the operating system's package manager, allowing an...

7.5CVSS7.3AI score0.00626EPSS
Exploits0References3
NVD
NVD
added 2020/03/16 10:15 p.m.30 views

CVE-2020-7982

An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary...

8.1CVSS8AI score0.01588EPSS
Exploits3References4
CVE
CVE
added 2020/03/16 9:5 p.m.89 views

CVE-2020-7982

OpenWrt/OpenWrt-derived builds are affected by CVE-2020-7982. A bug in the opkg package manager fork (before 2020-01-25) misparses embedded checksums in the signed repository index, enabling a man-in-the-middle attacker to inject arbitrary package payloads that are installed without verification....

8.1CVSS7.9AI score0.01588EPSS
Exploits3References4Affected Software2
CNVD
CNVD
added 2018/06/19 12:0 a.m.4 views

SUSE open build service file upload vulnerability

SUSE open build service OBS is a software distribution system. It enables building and distributing software packages from source code in an automated, consistent and repeatable manner. A security vulnerability exists in SUSE OBS. A remote attacker could exploit this vulnerability to upload...

9.8CVSS8.1AI score0.0155EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2015/07/21 12:0 a.m.6 views

The vulnerability of the Ubuntu operating system, which allows a hacker to load and execute arbitrary installation packages

The vulnerability of the Ubuntu operating system’s unattended upgrades is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to download and execute arbitrary installation packages when the force-control and force-confnew options are...

6.8CVSS5.7AI score0.01435EPSS
Exploits0References4Affected Software1
securityvulns
securityvulns
added 2004/11/23 12:0 a.m.59 views

iDEFENSE Security Advisory 11.22.04: Sun Java Plugin Arbitrary Package Access Vulnerability

Sun Java Plugin Arbitrary Package Access Vulnerability iDEFENSE Security Advisory 11.22.04 www.idefense.com/application/poi/display?id=158&type=vulnerabilities November 22, 2004 I. BACKGROUND Java Plug-in technology, included as part of the Java 2 Runtime Environment, Standard Edition JRE,...

9.3CVSS0.2AI score0.17018EPSS
Exploits0
exploitpack
exploitpack
added 2002/07/08 12:0 a.m.24 views

Apple Mac OSX 10.1.x - SoftwareUpdate Arbitrary Package Installation

Apple Mac OSX 10.1.x - SoftwareUpdate Arbitrary Package Installation source: https://www.securityfocus.com/bid/5176/info A vulnerability has been reported for MacOS X where an attacker may use SoftwareUpdate to install malicious software on the vulnerable system. SoftwareUpdate uses HTTP, without...

0.3AI score
Exploits0
Rows per page
Query Builder