MiracleLinux 4 : mod_wsgi-3.2-6.AXS4 (AXSA:2014-409:01)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2014-409:01 advisory. The modwsgi adapter is an Apache module that provides a WSGI compliant interface for hosting Python based web applications within Apache. The adapter...

CVE-2022-38170

In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the --daemon flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via th...

EUVD-2002-0080

Malware in sbrugna...

EUVD-2004-0978

Malware in sbrugna...

EUVD-2014-3002

Malware in sbrugna...

EUVD-2006-6458

Malware in sbrugna...

Inspektor Gadget Security Policies Can be Bypassed

Security policies like allowed-gadgets, disallow-pulling, verify-image can be bypassed by a malicious client. Impact Users running ig in daemon mode or IG on Kubernetes that rely on any of the features mentioned above are vulnerable to this issue. In order to exploit this, the client needs access...

GHSA-PV22-FQCJ-7XWH Inspektor Gadget Security Policies Can be Bypassed

Security policies like allowed-gadgets, disallow-pulling, verify-image can be bypassed by a malicious client. Impact Users running ig in daemon mode or IG on Kubernetes that rely on any of the features mentioned above are vulnerable to this issue. In order to exploit this, the client needs access...

Security update for iperf

This update for iperf fixes the following issues: update to 3.17.1 bsc1224262, CVE-2024-26306: BREAKING CHANGE: iperf3's authentication features, when used with OpenSSL prior to 3.2.0, contain a vulnerability to a side-channel timing attack. To address this flaw, a change has been made to the...

SUSE CVE-2004-0980

Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 through 3.0.11b8, when running in daemon mode with certain service types in use, allows remote servers to execute arbitrary code...

SUSE CVE-2014-0240

The modwsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes...

CVE-2022-38170

In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the --daemon flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via th...

PT-2022-24256 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.3.4 Description: The issue is related to an insecure umask configuration in Apache Airflow when running with the --daemon flag. This could lead to a race condition, resulting in world-writable files in the...

Apache Airflow 竞争条件问题漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is characterized by scalability and dynamic monitoring. A security vulnerability exists in Apache Airflow versions prior to 2.3.4, which stems fr...

Ubuntu: Security Advisory (USN-2431-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4540-1 atftp vulnerabilities

Denis Andzakovic discovered that atftpd incorrectly handled certain malformed packets. A remote attacker could send a specially crafted packet to cause atftpd to crash, resulting in a denial of service. CVE-2019-11365 Denis Andzakovic discovered that atftpd did not properly lock the thread list...

Denial Of Service (DoS)

fetchmail is vulnerable to denial of service. A flaw was found in fetchmail. When fetchmail is run in double verbose mode "-v -v", it could crash upon receiving certain, malformed mail messages with long headers. A remote attacker could use this flaw to cause a denial of service if fetchmail was...

Privilege Escalation

modwsgi is vulnerable to privilege escalation attacks. The vulnerability exists as the modwsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via...

Information Disclosure

qemu-kvm-rhev is vulnerable to information disclosure attacks. The vulnerability exists as qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files...

openldap: denial of service

By sending a crafted packet, an attacker can cause the OpenLDAP daemon to crash with a SIGABRT. This is due to an assert call within the bergetnext method io.c line 682 that is hit when decoding tampered BER data. The following proof of concept exploit can be used to trigger the condition: echo...