69 matches found
RHEL 9 : rpm (RHSA-2024:0453)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0453 advisory. The RPM Package Manager RPM is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and...
CVE-2023-47629 Privilege escalation through email sign-up in datahub
DataHub is an open-source metadata platform. In affected versions sign-up through an invite link does not properly restrict users from signing up as privileged accounts. If a user is given an email sign-up link they can potentially create an admin account given certain preconditions. If the defau...
Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2023-1202)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2023-1174)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 2.10.0 : rpm (EulerOS-SA-2023-1174)
According to the versions of the rpm packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were...
EulerOS Virtualization 2.10.1 : rpm (EulerOS-SA-2023-1153)
According to the versions of the rpm packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were...
FreeBSD : rpm4 -- Multiple Vulnerabilities (0c52abde-717b-11ed-98ca-40b034429ecf)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 0c52abde-717b-11ed-98ca-40b034429ecf advisory. - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a...
CVE-2021-35938
A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system...
AZL-10651 CVE-2021-3639 affecting package mod_auth_mellon for versions less than 0.16.0-4
A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threa...
squid:4 security and bug fix update
libecap squid 7:4.15-3 - Resolves: 1941506 - CVE-2021-28116 squid:4/squid: out-of-bounds read in WCCP protocol data may lead to information disclosure 7:4.15-2 - Resolves: 2006121 - SQUID shortens FTP Link wrong that contains a semi-colon and as a result is not able to download zip file.CODE 404 ...
Path DEAD on Newly Installed or Existing WAN Link on Citrix SD-WAN
After a new WAN link is added to Citrix SD-WAN, the WAN path state is shown as DEAD...
ROS-2-1572
2.1572 Multiple Exim Server Vulnerabilities 1. Vulnerability description: CVE-2020-28007 A vulnerability in the Exim message forwarding agent, is related to a symbolic link in the Exim log directory. Exploitation of the vulnerability could allow an attacker to create a special symbolic link to a...
rpm 后置链接漏洞
rpm is a powerful command-line driven package management tool used to install, uninstall, verify, query and update packages on Linux systems. A security vulnerability exists in rpm that originates from a symbolic link issue that occurs when rpm sets the required permissions and credentials after...
USN-2906-1 cpio vulnerabilities
Alexander Cherepanov discovered that GNU cpio incorrectly handled symbolic links when used with the --no-absolute-filenames option. If a user or automated system were tricked into extracting a specially-crafted cpio archive, a remote attacker could possibly use this issue to write arbitrary files...
StarOffice/OpenOffice symbolic links vulnerability
symlink problem during temporary files creation...
Qualcomm Eudora 6.x - Embedded Hyperlink URI Obfuscation
Qualcomm Eudora 6.x - Embedded Hyperlink URI Obfuscation source: https://www.securityfocus.com/bid/10305/info It has been reported that the Qualcomm Eudora MTA is prone to a URI obfuscation weakness that may hide the true contents of a link. The problem occurs when a user@location URI is formatte...
Symbolic link problem in semi/wemi
Insecure temporary files handling...
ghostscript symbolic link problem
Symboli link problem during temporary files creation in ps2epsi...
CVE-2002-0178
uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands...
FreeBSD-SA-02:25.bzip2
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:25 Security Advisory The FreeBSD Project Topic: bzip2 contains multiple security vulnerabilities Category: core/ports Module: bzip2 Announced: 2002-05-20 Credits: Volker...