Lucene search
+L

8 matches found

suse
suse
added 2026/03/17 4:32 p.m.6 views

Security update for kea

This update for kea fixes the following issues: Update to release 2.6.3 bsc1243240: CVE-2025-32801: Loading a malicious hook library can lead to local privilege escalation. CVE-2025-32802: Insecure handling of file paths allows multiple local attacks. CVE-2025-32803: Insecure file permissions can...

8.5CVSS5.8AI score0.00233EPSS
Exploits0References8
nessus
nessus
added 2025/06/27 12:0 a.m.6 views

Oracle Linux 10 : kea (ELSA-2025-9178)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-9178 advisory. - Fix for: CVE-2025-32801, CVE-2025-32802, CVE-2025-32803 Tenable has extracted the preceding description block directly from the Oracle Linux securit...

7.8CVSS5.6AI score0.00233EPSS
Exploits0References4
openvas
openvas
added 2025/06/20 12:0 a.m.6 views

Fedora: Security Advisory (FEDORA-2025-dc6ec0a8e2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS5.5AI score0.00233EPSS
Exploits0References8
osv
osv
added 2025/05/28 5:15 p.m.3 views

CVE-2025-32801

Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through...

7.8CVSS7AI score0.00233EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/05/28 5:3 p.m.14 views

CVE-2025-32801 Loading a malicious hook library can lead to local privilege escalation

Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through...

7.8CVSS6.9AI score0.00233EPSS
Exploits0References1
cvelist
cvelist
added 2025/05/28 5:3 p.m.22 views

CVE-2025-32801 Loading a malicious hook library can lead to local privilege escalation

Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through...

7.8CVSS0.00233EPSS
Exploits0References1
circl
circl
added 2025/05/28 2:42 p.m.13 views

CVE-2025-32801

creationtimestamp| type| source ---|---|--- 2025-05-28 14:42:56+00:00| seen| https://seclists.org/oss-sec/2025/q2/176 2025-05-28 15:24:20+00:00| seen| https://seclists.org/oss-sec/2025/q2/177 2025-05-28 16:15:52+00:00| seen| https://seclists.org/oss-sec/2025/q2/178 2025-05-28 16:25:37+00:00| seen...

7.8CVSS5.7AI score0.00233EPSS
Exploits0References17
ubuntucve
ubuntucve
added 2025/05/28 12:0 a.m.10 views

CVE-2025-32801

Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through...

7.8CVSS5.8AI score0.00233EPSS
Exploits0References3
Rows per page
Query Builder