8 matches found
Security update for kea
This update for kea fixes the following issues: Update to release 2.6.3 bsc1243240: CVE-2025-32801: Loading a malicious hook library can lead to local privilege escalation. CVE-2025-32802: Insecure handling of file paths allows multiple local attacks. CVE-2025-32803: Insecure file permissions can...
Oracle Linux 10 : kea (ELSA-2025-9178)
The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-9178 advisory. - Fix for: CVE-2025-32801, CVE-2025-32802, CVE-2025-32803 Tenable has extracted the preceding description block directly from the Oracle Linux securit...
Fedora: Security Advisory (FEDORA-2025-dc6ec0a8e2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-32801
Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through...
CVE-2025-32801 Loading a malicious hook library can lead to local privilege escalation
Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through...
CVE-2025-32801 Loading a malicious hook library can lead to local privilege escalation
Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through...
CVE-2025-32801
creationtimestamp| type| source ---|---|--- 2025-05-28 14:42:56+00:00| seen| https://seclists.org/oss-sec/2025/q2/176 2025-05-28 15:24:20+00:00| seen| https://seclists.org/oss-sec/2025/q2/177 2025-05-28 16:15:52+00:00| seen| https://seclists.org/oss-sec/2025/q2/178 2025-05-28 16:25:37+00:00| seen...
CVE-2025-32801
Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through...