MiracleLinux 9 : nodejs:20 (AXSA:2024-8726:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8726:01 advisory. nodejs: Bypass network import restriction via data URL CVE-2024-22020 nodejs: fs.lstat bypasses permission model CVE-2024-22018 nodejs:...

MiracleLinux 8 : nodejs:20 (AXSA:2024-8725:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8725:01 advisory. node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-28863 nodejs: Bypass network import restrictio...

Astra Linux - уязвимость в oath-toolkit

pamoath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink...

Updated oath-toolkit packages fix security vulnerability

pamoath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink. CVE-2024-47191...

CVE-2024-47191

pamoath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink...

CVE-2024-47191

CVE-2024-47191 affects oath-toolkit’s PAM module pam_oath.so, with vulnerable versions 2.6.7–2.6.11 (pre-2.6.12). The flaw arises during PAM code execution as root, where the user-credentials file handling can mishandle access to users’ files (e.g., fchown called while a symlink is present), enab...

SUSE CVE-2024-47191

pamoath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink...

Authorization Bypass

Overview Affected versions of this package are vulnerable to Authorization Bypass via fs.fchown or fs.fchmod operations which can use a "read-only" file descriptor to change the owner and permissions of a file. Note: This is only exploitable for users using the experimental permission when the...

Linux systemd Symlink Dereference Via chown_one() Exploit

Linux suffers from an issue with systemd where chownone can dereference symlinks. systemd: chownone can dereference symlinks CVE-2018-15687 I am sending this bug report to Ubuntu, even though it's an upstream bug, as requested at...

Debian DLA-1399-1 : ruby-passenger security update

Two flaws were discovered in ruby-passenger for Ruby Rails and Rack support that allowed attackers to spoof HTTP headers or exploit a race condition which made privilege escalation under certain conditions possible. CVE-2015-7519 Remote attackers could spoof headers passed to applications by usin...