PT-2023-14030 · Nokia · Nokia Nfm-T

Name of the Vulnerable Software and Affected Versions: NOKIA NFM-T version R19.9 Description: An issue exists in the VM Manager WebUI under the endpoint "/cgi-bin/R19.9/viewlog.pl" via the logfile parameter, allowing a remote authenticated attacker to read arbitrary files due to an Absolute Path...

PT-2023-8433 · Nextcloud +1 · Nextcloud Enterprise Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 25.0.0 through 25.0.10 Nextcloud Server versions 26.0.0 through 26.0.5 Nextcloud Server versions 27.0.0 through 27.0.0 prior to 27.1.0 Nextcloud Enterprise Server versions 25.0.0 through 25.0.10 Nextcloud Enterprise...

dnsmasq security and bug fix update

2.79-31 - Do not create and search --local and --address=/x/ domains 2233542 2.79-30 - Make create logfile writeable by root 2156789 2.79-29 - Fix also dynamically set resolvers over dbus 2186481 2.79-28 - Correct possible crashes when server=/example.net/ is used 2186481 2.79-27 - Limit offered...

VulnCheck KEV: CVE-2021-21234

spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this...

dnsmasq security and bug fix update

2.85-14 - Backport Coverity fix to hide detected issue 2156789 2.85-13 - Rebuild with modified gating settings 2.85-12 - Make create logfile writeable by root 2156789 2.85-11 - Do not create and search --local and --address=/x/ domains 2209031 2.85-10 - Fix also dynamically set resolvers over dbu...

liblouis: buffer overflow in lou_logFile function at logginc.c

Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the loulogFile function at logginc.c endpoint...

SUSE-SU-2023:3887-1 Security update for iperf

This update for iperf fixes the following issues: - update to 3.15 bsc1215662, ESNET-SECADV-2023-0002: Several bugs that could allow the iperf3 server to hang waiting for input on the control connection has been fixed ESnet Software Security Advisory ESNET-SECADV-2023-0002 A bug that caused garbl...

DEBIAN-CVE-2023-26767

Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the loulogFile function at logginc.c endpoint...

Arris DG3450 AR01.02.056.18_041520_711.NCS.10 XSS / Missing Authentication

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Arris DG3450 Cable Gateway vulnerable version: AR01.02.056.18041520711.NCS.10 fixed version: - CVE number: CVE-2023-27571, CVE-2023-2757...

SUSE CVE-2006-0745

X.Org server xorg-server 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and 1 execute arbitrary code via the -modulepath command line optio...

SUSE CVE-2006-2644

AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive...

SUSE CVE-2016-1255

The pgctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04...

SUSE CVE-2017-9271

The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used...

SUSE CVE-2018-14665

A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root...

openSUSE 15 Security Update : EternalTerminal (openSUSE-SU-2023:0041-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0041-1 advisory. - In Eternal Terminal 6.2.1, etserver and etclient have predictable logfile names in /tmp. CVE-2022-48257 - In Eternal Terminal 6.2.1, etserver a...

PT-2023-2376 · Liblouis +7 · Liblouis +7

Name of the Vulnerable Software and Affected Versions: Liblouis version 3.24.0 Description: The issue is related to a buffer overflow vulnerability in the lou logFile function of the Liblouis translator, which is caused by copying a buffer without checking the size of the input data. This can be...

CVE-2022-48257

In Eternal Terminal 6.2.1, etserver and etclient have predictable logfile names in /tmp...

CVE-2022-48257

In Eternal Terminal 6.2.1, etserver and etclient have predictable logfile names in /tmp...

Code injection

In Eternal Terminal 6.2.1, etserver and etclient have predictable logfile names in /tmp...

CVE-2022-48257

CVE-2022-48257 affects EternalTerminal