Updated perl-HTTP-Daemon package fixes a security vulnerability

The updated package fixes a security vulnerability: HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. CVE-2026-8450...

CVE-2026-8450 HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file()

HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or append. Untruste...

HTTP::Daemon 安全漏洞

HTTP::Daemon is a simple HTTP class developed under the open-source license of libwww-perl. Versions of HTTP::Daemon prior to version 6.17 contained security vulnerabilities. These vulnerabilities stemmed from the use of the Perl’s 2-arg open method to open string parameters, which could lead to ...

CVE-2026-8259

CVE-2026-8259 affects Tenda AC6 firmware version 2.0/15.03.06.23, where an unknown function in the HTTPD component’s /goform/telnet endpoint mishandles the lan.ip parameter, leading to an OS command injection. This allows remote exploitation with high impact on confidentiality, integrity, and ava...

Fedora 44 : nix (2026-8c7366e046)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-8c7366e046 advisory. - update to 2.34 - https://nix.dev/manual/nix/2.34/release-notes/rl-2.33.html - https://nix.dev/manual/nix/2.34/release-notes/rl-2.34.html - includes fix for...

Red Hat System Security Services Daemon 安全漏洞

The Red Hat System Security Services Daemon is a daemon process component in Linux developed by Red Hat Inc. There is a security vulnerability associated with the Red Hat System Security Services Daemon. This vulnerability stems from the improper handling of raw pipe bytes by the...

EUVD-2026-20872

LXD: VM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf...

Juniper Junos OS Vulnerability (JSA107810)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA107810 advisory. - An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon chassisd of Juniper Networks Junos OS on SRX1600, SRX2300 and SRX4300...

CVE-2021-27146

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / CUadmin credentials for an ISP...

Advisory ROSA-SA-2026-3199

Software: rsync 3.1.3 OS: ROSA Virtualization 2.1 unaffected versions = rsync-3.1.3-23.rv3 affected versions rsync-3.1.3-23.rv3 CVE-ID: CVE-2024-12087 BDU-ID: 2025-00377 CVE-Crit: HIGH CVE-DESC.: A configuration vulnerability in the --inc-recursive configuration of the rsyncd daemon of the Rsync...

MiracleLinux 9 : gpsd-minimal-3.26.1-1.el9_7.1 (AXSA:2026-055:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-055:01 advisory. gpsd: gpsd: Denial of Service due to malformed NAVCOM packet parsing CVE-2025-67269 gpsd: gpsd: Arbitrary code execution via heap-based out-of-bounds...

MiracleLinux 7 : dbus-1.10.24-14.el7 (AXSA:2020-220:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-220:01 advisory. dbus: denial of service via file descriptor leak CVE-2020-12049 Tenable has extracted the preceding description block directly from the MiracleLinux security...

ALSA-2026:0770 Important: gpsd security update

gpsd is a service daemon that mediates access to a GPS sensor connected to the host computer by serial or USB interface, making its data on the location/course/velocity of the sensor available to be queried on TCP port 2947 of the host computer. With gpsd, multiple GPS client applications such as...

CVE-2021-27161

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 1234 credentials for an ISP...

CVE-2021-27158

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded L1vt1m4eng / 888888 credentials for an ISP...

CVE-2023-25152

Wings is Pterodactyl's server control plane. Affected versions are subject to a vulnerability which can be used to create new files and directory structures on the host system that previously did not exist, potentially allowing attackers to change their resource allocations, promote their...

USN-7948-1 gpsd vulnerabilities

It was discovered that GPSd incorrectly handled processing NMEA2000 packets. An attacker could use this issue to cause GPSd to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2025-67268 It was discovered that GPSd incorrectly handled processing NAVCOM packets. An...

CVE-2025-67268

gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/drivernmea2000.c file. The hnd129540 function, which handles NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to validate the user-supplied satellite count against the size of the skyview...

Linux Distros Unpatched Vulnerability : CVE-2025-12744

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the ABRT daemon's handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them direct...

PT-2025-48799

Name of the Vulnerable Software and Affected Versions ABRT affected versions not specified Description The Automatic Bug Reporting Tool ABRT has a flaw in its handling of user-supplied mount information. ABRT copies up to 12 characters from an untrusted input and places them directly into a shell...