CVE-2024-37408

fprintd through 1.94.3 lacks a security attention mechanism, and thus unexpected actions might be authorized by "auth sufficient pamfprintd.so" for Sudo. NOTE: the supplier disputes this because they believe issue resolution would involve modifying the PAM configuration to restrict pamfprintd.so ...

GHSA-5CJR-78CQ-3WRG Improper account password reset in Craft CMS

Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality. Specifically, the attacker must...

SUSE-SU-2018:3686-1 Security update for openssh

This update for openssh fixes the following issues: - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration ...

SUSE-SU-2018:1832-1 Security update for unixODBC

This update for unixODBC to version 2.3.6 fixes the following issues: - CVE-2018-7409: Buffer overflow in unicodetoansicopy was fixed in 2.3.5 bsc1082290 - CVE-2018-7485: Swapped arguments in SQLWriteFileDSN in odbcinst/SQLWriteFileDSN.c bsc1082484 Other fixes: - Enabled --enable-fastvalidate...

DSA-2452-1 apache2 - insecure default configuration

Bulletin has no description...