31 matches found
SUSE CVE-2025-3931
A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks,...
CVE-2025-3931
Yggdrasil (the system daemon that uses a D-Bus message broker to route data to worker processes) has a local privilege escalation flaw (CVE‑2025‑3931) due to missing authentication/authorization when dispatching messages to workers. An attacker with local system access could leverage this unprote...
yggdrasil: Local privilege escalation in yggdrasil
A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks,...
Design/Logic Flaw
An issue was discovered in HestiaCP before v1.3.5. Attackers are able to arbitrarily install packages due to values taken from the pgk parameter in the update request being transmitted to the operating system's package manager...
HestiaCP 安全漏洞
HestiaCP is a lightweight and powerful control panel for modern networks. A security vulnerability exists in HestiaCP versions prior to v1.3.5, which stems from the value obtained from the pgk parameter in an update request being transmitted to the operating system's package manager, allowing an...
CVE-2020-7982
An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary...
CVE-2020-7982
OpenWrt/OpenWrt-derived builds are affected by CVE-2020-7982. A bug in the opkg package manager fork (before 2020-01-25) misparses embedded checksums in the signed repository index, enabling a man-in-the-middle attacker to inject arbitrary package payloads that are installed without verification....
SUSE open build service file upload vulnerability
SUSE open build service OBS is a software distribution system. It enables building and distributing software packages from source code in an automated, consistent and repeatable manner. A security vulnerability exists in SUSE OBS. A remote attacker could exploit this vulnerability to upload...
The vulnerability of the Ubuntu operating system, which allows a hacker to load and execute arbitrary installation packages
The vulnerability of the Ubuntu operating system’s unattended upgrades is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to download and execute arbitrary installation packages when the force-control and force-confnew options are...
iDEFENSE Security Advisory 11.22.04: Sun Java Plugin Arbitrary Package Access Vulnerability
Sun Java Plugin Arbitrary Package Access Vulnerability iDEFENSE Security Advisory 11.22.04 www.idefense.com/application/poi/display?id=158&type=vulnerabilities November 22, 2004 I. BACKGROUND Java Plug-in technology, included as part of the Java 2 Runtime Environment, Standard Edition JRE,...
Apple Mac OSX 10.1.x - SoftwareUpdate Arbitrary Package Installation
Apple Mac OSX 10.1.x - SoftwareUpdate Arbitrary Package Installation source: https://www.securityfocus.com/bid/5176/info A vulnerability has been reported for MacOS X where an attacker may use SoftwareUpdate to install malicious software on the vulnerable system. SoftwareUpdate uses HTTP, without...