TOTOLINK CP450 安全漏洞

TOTOLINK CP450 is an outdoor wireless customer terminal device developed by TOTOLINK Corporation. It is primarily used to provide wireless broadband access services, especially suitable for wireless network coverage in rural or remote areas. The TOTOLINK CP450 version 4.1.0cu.747 contains a...

CVE-2026-45222

Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, allowing local attackers to read bearer tokens and API credentials stored in /.summarize/daemon.json...

CVE-2026-29518

A flaw was found in rsync. An rsync daemon configured with "use chroot = no" is exposed to a time-of-check / time-of-use race on parent path components. A local attacker with write access to a module can replace a parent directory component with a symlink between the receiver's check and its open...

@steipete/summarize allows local attackers to read bearer tokens and API credentials stored in ~/.summarize/daemon.json

Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, allowing local attackers to read bearer tokens and API credentials stored in /.summarize/daemon.json...

CVE-2026-45222 Summarize Insecure Daemon Configuration File Permissions

Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, allowing local attackers to read bearer tokens and API credentials stored in /.summarize/daemon.json...

PT-2026-39728

Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, allowing local attackers to read bearer tokens and API credentials stored in /.summarize/daemon.json...

CVE-2026-29128

IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components e.g., zebra, bgpd, ospfd, and ripd that are owned by root but world-readable. The configuration files e.g., zebra.conf, bgpd.conf, ospfd.conf, ripd.conf contain hardcoded or otherwise...

OPENSUSE-SU-2026:20262-1 Security update for docker-stable

This update for docker-stable fixes the following issues: - Enable SELinux in default daemon.json config --selinux-enabled. This has no practical impact on non-SELinux systems bsc1252290. - Remove git-core recommends on SLE. Most SLE systems have installRecommends=yes by default and thus end up...

CVE-2026-0966

The API function sshgethexa is vulnerable, when 0-lenght input is provided to this function. This function is used internally in sshgetfingerprinthash and sshprinthexa deprecated, which is vulnerable to the same input length is provided by the calling application. The function is also used...

Incorrect Execution-Assigned Permissions

Overview Affected versions of this package are vulnerable to Incorrect Execution-Assigned Permissions when initialising host directories with 711 and 755 permissions instead of 700. An attacker can gain unauthorized access to sensitive data and potentially escalate privileges by accessing...

CVE-2025-8453

CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation and arbitrary code execution when a privileged engineer user with console access modifies a configuration file used by a root-level daemon to execute custom scripts...

CVE-2025-8453

CVE-2025-8453 describes a CWE-269 vulnerability in Schneider Electric Saitel DR RTU (and related RTU products) where a privileged engineer with console access can modify a configuration file used by a root‑level daemon to execute scripts, enabling privilege escalation and potential arbitrary code...

OPENSUSE-SU-2019:1506-1 Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork

This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues: Security issues fixed: - CVE-2019-5736: containerd: Fixing container breakout vulnerability bsc1121967. - CVE-2019-6486: go security release, fixing crypto/elliptic CPU...

CVE-2018-3963

An exploitable command injection vulnerability exists in the DHCP daemon configuration of the CUJO Smart Firewall. When adding a new static DHCP address, its corresponding hostname is inserted into the dhcpd.conf file without prior sanitization, allowing for arbitrary execution of system commands...

docker-engine security update

1.8.3-1.0.1 - Enable configuration of Docker daemon via sysconfig orabug 21804877 - Add documentation files to binary RPM 1.8.3 - Fix layer IDs lead to local graph poisoning CVE-2014-8178 - Fix manifest validation and parsing logic errors allow pull-by-digest validation bypass CVE-2014-8179 - Add...

Raidsonic NAS Devices Unauthenticated Remote Command Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

Raidsonic NAS Devices Unauthenticated Remote Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Raidsonic NAS Devices Unauthenticated...

Дырка в snmpd под HPUX

Конфигурационный файл открыт на запись...

ecurity Advisory: FreeBSD-SA-00:21.ssh [REVISED]

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:21 Security Advisory FreeBSD, Inc. Topic: ssh port listens on extra network port REVISED Category: ports Module: ssh Announced: 2000-06-07 Credits: Jan Koum [email protected]...

LCDproc Detection

LCDproc is a client/server suite which contains drivers for LCD devices. The remote service can be used to display messages on the LCD display attached to the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; ifdescription...