ROS-20250911-11

A vulnerability in Cloud-init cloud server configuration tool is related to incorrect assignment of permissions for a critical resource. Exploitation of the vulnerability could allow an attacker to execute arbitrary commands A vulnerability in the Cloud-Init cloud virtual machine provisioning too...

Authentication Bypass

github.com/navidrome/navidrome is vulnerable to Authentication Bypass. The vulnerability is due to flawed authentication logic, which allows an attacker to authenticate using any non-existent username and a salted hash of an empty password...

CVE-2024-12582 Skupper: skupper-cli: flawed authentication method may lead to arbitrary file read or denial of service

A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the...

Optigo ONS-S8 安全漏洞

The Optigo ONS-S8 is an intelligent industrial switch from Optigo. A security vulnerability exists in Optigo ONS-S 81.3.7 and earlier versions, which stems from a web server containing an incomplete authentication process that could lead to an attacker completing authentication without a password...

BSA-004 Security Update for subversion

Peter Samuelson uploaded new packages for subversion which fixed the following security problems: CVE-2010-3315 When "SVNPathAuthz shortcircuit" is enabled, authz authentication in the moddavsvn module for the Apache HTTP Server is flawed. Remote authenticated users can bypass intended access...