Security update for PackageKit

This update for PackageKit fixes the following issue: CVE-2026-41651: race condition allows for arbitrary RPM package installation as root and can lead to LPE bsc1262220. Special Instructions and Notes: Patch Instructions: To install this SUSE update use the SUSE recommended installation methods...

CVE-2025-45311

Insecure permissions in fail2ban-client v0.11.2 allows attackers with limited sudo privileges to perform arbitrary operations as root. NOTE: this is disputed by multiple parties because the action for a triggered rule can legitimately be an arbitrary operation as root. Thus, the software is...

CVE-2025-45311

Insecure permissions in fail2ban-client v0.11.2 allows attackers with limited sudo privileges to perform arbitrary operations as root. NOTE: this is disputed by multiple parties because the action for a triggered rule can legitimately be an arbitrary operation as root. Thus, the software is...

CVE-2025-20333

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper...

CVE-2025-20306

Cisco Secure Firewall Management Center (FMC) CMD injection vulnerability (CVE-2025-20306) affects the web-based management interface. An authenticated administrator can exploit insufficient input validation of HTTP request parameters to execute arbitrary commands as root on the underlying OS. Ex...

CVE-2023-30504

Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the...

PT-2023-2910 · Aruba · Aruba Edgeconnect Enterprise

Name of the Vulnerable Software and Affected Versions: Aruba EdgeConnect Enterprise affected versions not specified Description: Vulnerabilities exist in the command line interface of Aruba EdgeConnect Enterprise that allow remote authenticated users to run arbitrary commands on the underlying...

CVE-2022-20901

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...

CVE-2022-20904

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...

CVE-2020-15704

The modprobe child process in the ./debian/patches/loadpppgenericifneeded patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBEOPTIONS environment variable to read arbitrary root files. Fixed in 2.4.5-5ubuntu1.4, 2.4.5-5.1ubuntu2.3+esm2,...

CVE-2020-15704

The modprobe child process in the ./debian/patches/loadpppgenericifneeded patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBEOPTIONS environment variable to read arbitrary root files. Fixed in 2.4.5-5ubuntu1.4, 2.4.5-5.1ubuntu2.3+esm2,...

Command Execution Vulnerability in the pelco Sarix Enhanced Dot1xSetupController.php File

pelco Sarix Enhanced is a webcam. A command execution vulnerability exists in the pelco Sarix Enhanced Dot1xSetupController.php file. The vulnerability is caused due to the program failing to properly perform validity checks when processing user-submitted data, allowing an attacker who has been...

CVE-2016-8585

adminsystime.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter...

CVE-2017-6619

A vulnerability in the web-based GUI of Cisco Integrated Management Controller IMC 3.01c could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize user-supplied HTTP inpu...

CVE-2016-2875

IBM Security QRadar SIEM 7.1.x and 7.2.x before 7.2.7 allows remote authenticated users to execute arbitrary OS commands as root via unspecified vectors...

OP5 5.3.5/5.4.0/5.4.2/5.5.0/5.5.1 - 'license.php' Remote Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'OP5 license.php Remote Command Execution', 'Description' = %q This module exploits an arbitrary root command execution...

OP5 5.3.5/5.4.0/5.4.2/5.5.0/5.5.1 - 'welcome' Remote Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'OP5 welcome Remote Command Execution', 'Description' = %q This module exploits an arbitrary root command execution vulnerabilit...

mount.cifs chdir() Arbitrary root File Identification

No description provided by source...

CVE-2012-2203

IBM Global Security Kit aka GSKit before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, uses the PKCS 12 file format for certificate objects without enforcing file integrity, which makes it easier for remote attackers to spoof SSL servers via...

OP5 welcome Remote Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'OP5 welcome Remot...