41 matches found
USN-7912-2: CUPS vulnerability
USN-7912-1 fixed vulnerabilities in CUPS. This update provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: Johannes Meixner and Paul Zirnik discovered that CUPS incorrectly handled clients that send messages slowly. A remote...
EUVD-2008-3445
Malware in sbrugna...
EUVD-2024-22943
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-32801
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points...
SUSE CVE-2025-32802
Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions...
CVE-2024-25622 H2O ignores headers configuration directives
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The configuration file of h2o has scopes, and the inner scopes e.g., path level are expected to inherit t...
CVE-2024-25622 H2O ignores headers configuration directives
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The configuration file of h2o has scopes, and the inner scopes e.g., path level are expected to inherit t...
CVE-2024-25622
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The configuration file of h2o has scopes, and the inner scopes e.g., path level are expected to inherit t...
EulerOS 2.0 SP8 : subscription-manager (EulerOS-SA-2024-1302)
According to the versions of the subscription-manager packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bu...
CentOS 7 : subscription-manager (RHSA-2023:4701)
The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4701 advisory. - A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1...
K000137798: Dbus Subscription Manager vulnerability CVE-2023-3899
Security Advisory Description A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By usi...
CVE-2023-3899 Subscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration
A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the...
CVE-2023-3899
A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the...
[SECURITY] [DSA 5477-1] samba security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5477-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 14, 2023 https://www.debian.org/security/faq -...
CVE-2008-3459
Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted 1 lladdr and 2 iproute configuration directives, probably related to shell metacharacters...
NewStart CGSL CORE 5.04 / MAIN 5.04 : ntp Multiple Vulnerabilities (NS-SA-2019-0029)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ntp packages installed that are affected by multiple vulnerabilities: - A vulnerability was discovered in the NTP server's parsing of configuration directives. A remote, authenticated attacker could cause ntpd to crash by...
EulerOS Virtualization 3.0.1.0 : ntp (EulerOS-SA-2019-1556)
According to the versions of the ntp packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability was discovered in the NTP server's parsing of configuration directives. A remote, authenticated attacker could cause...
Denial Of Service (DoS)
Network Time Protocol NTP is vulnerable to denial of service DOS attacks. This occurs in the NTP server's parsing of configuration directives. A remote, authenticated attacker could cause ntpd to crash by sending a crafted message...
Privilege Escalation
xinetd is vulnerable to privilege escalation attacks. The vulnerability exists as xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging anothe...
UBUNTU-CVE-2018-18249
Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the attacker, such as a name=$PATH$APACHERUNDIR$APACHERUNUSER parameter to /icingaweb2/navigation/add or /icingaweb2/dashboard/new-dashlet...