38 matches found
EUVD-2026-22962
A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...
CVE-2022-31258
In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink...
CVE-2025-67736 Authenticated SQL Injection in FreePBX tts (Text To Speech) module
The FreePBX module tts Text to Speech for FreePBX, an open-source web-based graphical user interface GUI that manages Asterisk. Versions prior to 16.0.5 and 17.0.5 are vulnerable to SQL injection by authenticated users with administrator access. Authenticated users with administrative access to t...
SUSE SLES15 / openSUSE 15 Security Update : rabbitmq-server (SUSE-SU-2025:3809-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:3809-1 advisory. - CVE-2025-50200: prevented logging of Basic Auth header from HTTP requests bsc1245105 - fixed a bad logrotate configuration...
SUSE-SU-2025:3809-1 Security update for rabbitmq-server
This update for rabbitmq-server fixes the following issues: - CVE-2025-50200: prevented logging of Basic Auth header from HTTP requests bsc1245105 - fixed a bad logrotate configuration that allowed escalation from rabbitmq to root, /var/log/rabbitmq ownership is now 750 bsc1246091...
EUVD-2022-52827
Malicious code in bioql PyPI...
CVE-2025-23394 daily-backup.sh script in cyrus-imapd allows escalation from cyrus to root
A UNIX Symbolic Link Symlink Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue affects openSUSE Tumbleweed cyrus-imapd before 3.8.4-2.1...
CVE-2020-8781
Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process...
CVE-2019-12791
A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root via the password reset form...
CVE-2024-22029 tomcat packaging allows for escalation to root from tomcat user
Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root...
CentOS 7 : kpatch-patch (RHSA-2021:2727)
The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2727 advisory. - In the Linux kernel before 5.12.4, net/bluetooth/hcievent.c has a use-after-free when destroying an hcichan, aka CID-5c4c8c954409. This leads to...
SUSE CVE-2022-31253
A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior ...
CVE-2022-31253
A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior ...
NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2022-0009)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - In drivers/target/targetcorexcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by...
Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-003)
The version of kernel installed on the remote host is prior to 5.10.50-44.132. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.10-2022-003 advisory. An out-of-bounds write flaw was found in the Linux kernel's seqfile in the Filesystem layer. This flaw allows a loc...
Rocky Linux 8 : kernel (RLSA-2021:2714)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:2714 advisory. - net/bluetooth/hcirequest.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. CVE-2021-32399 - fs/seqfile.c in...
AlmaLinux 8 : kernel (ALSA-2021:2714)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:2714 advisory. - net/bluetooth/hcirequest.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. CVE-2021-32399 - fs/seqfile.c in t...
Ubuntu 16.04 ESM / 18.04 LTS : Linux kernel vulnerability (USN-5014-1)
The remote Ubuntu 16.04 ESM / 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5014-1 advisory. It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local...
Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9407)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9407 advisory. - seqfile: disallow extremely large seq buffer allocations Eric Sandeen Orabug: 33135633 CVE-2021-33909 - net/mlx4: Fix EEPROM dump support Vladyslav...
OracleVM 3.4 : kernel-uek (OVMSA-2021-0025)
The remote OracleVM system is missing necessary patches to address security updates: - A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memor...