Veeam Backup And Replication 安全漏洞

Veeam Backup and Replication is a backup and replication software developed by the American company Veeam. There is a security vulnerability in Veeam Backup and Replication, which may allow authenticated users with the role of backup administrators to write arbitrary files on Linux-based servers...

Linux Distros Unpatched Vulnerability : CVE-2026-6868

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HTTP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVE-2026-6868 Note that Nessus relies on the presence of...

[SECURITY] Fedora 42 Update: cockpit-357-2.fc42

The Cockpit Web Console enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more...

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, according to findings from the Microsoft Defender Security Research Team. "Instead of exposing command execution through URL parameters or request...

Linux Distros Unpatched Vulnerability : CVE-2025-14905

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the schemaattrenumcallback function within the schema.c file. This...

GoBruteforcer Botnet Targets Crypto Project Databases by Exploiting Weak Credentials

A new wave of GoBruteforcer attacks has targeted databases of cryptocurrency and blockchain projects to co-opt them into a botnet that's capable of brute-forcing user passwords for services such as FTP, MySQL, PostgreSQL, and phpMyAdmin on Linux servers. "The current wave of campaigns is driven b...

CVE-2025-14728

Rapid7 Velociraptor versions before 0.75.6 contain a directory traversal issue on Linux servers that allows a rogue client to upload a file which is written outside the datastore directory. Velociraptor is normally only allowed to write in the datastore directory. The issue occurs due to...

EUVD-2020-28269

Malware in sbrugna...

EUVD-2024-16988

Malicious code in bioql PyPI...

Low: Red Hat Security Advisory: cockpit security update

An update for cockpit is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

ALSA-2024:9325 Low: cockpit security update

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fixes: cockpit: Authenticated user can kill any process when enabling...

Low: cockpit security update

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fixes: cockpit: Authenticated user can kill any process when enabling...

New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking

Misconfigured and vulnerable Linux servers are the target of an ongoing campaign that delivers a stealthy malware dubbed perfctl with the primary aim of running a cryptocurrency miner and proxyjacking software. "Perfctl is particularly elusive and persistent, employing several sophisticated...

PT-2024-12430 · Apache · Apache Rocketmq

Name of the Vulnerable Software and Affected Versions: Apache RocketMQ affected versions not specified Description: The issue concerns a stealthy malware named perfctl, which targets millions of Linux servers. It exploits over 20,000 common misconfigurations and a critical vulnerability in Apache...

CVE-2024-25659

In Infinera TNMS Transcend Network Management System 19.10.3, an insecure default configuration of the internal SFTP server on Linux servers allows remote attacker to access files and directories outside the SFTP user home directory...

CVE-2024-25659

In Infinera TNMS Transcend Network Management System 19.10.3, an insecure default configuration of the internal SFTP server on Linux servers allows remote attacker to access files and directories outside the SFTP user home directory...

CVE-2024-25659

In Infinera TNMS Transcend Network Management System 19.10.3, an insecure default configuration of the internal SFTP server on Linux servers allows remote attacker to access files and directories outside the SFTP user home directory...

CVE-2024-25659

Infinera TNMS (Transcend Network Management System) version 19.10.3 is affected by an insecure default configuration of the internal SFTP server on Linux, which can allow a remote attacker to access files and directories outside the SFTP user home directory. The CVE-2024-25659 entry notes a netwo...

CVE-2024-6500

The InPost for WooCommerce plugin and InPost PL plugin for WordPress are vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'parserequest' function in all versions up to, and including, 1.4.0 for InPost for WooCommerce as well as 1.4.4 for InPost PL...

CVE-2024-6500 InPost for WooCommerce <= 1.4.0 and InPost PL <= 1.4.4 - Missing Authorization to Unauthenticated Arbitrary File Read and Delete

The InPost for WooCommerce plugin and InPost PL plugin for WordPress are vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'parserequest' function in all versions up to, and including, 1.4.0 for InPost for WooCommerce as well as 1.4.4 for InPost PL...