CVE-2026-12003

To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...

CVE-2024-40137

Dolibarr ERP CRM before 19.0.2-php8.2 was discovered to contain a remote code execution RCE vulnerability via the Computed field parameter under the Users Module Setup function...

Dolibarr ERP CRM vulnerable to remote code execution (RCE)

Dolibarr ERP CRM before 19.0.2 was discovered to contain a remote code execution RCE vulnerability via the Computed field parameter under the Users Module Setup function...

GHSA-VPRP-94P9-5JP8 Dolibarr ERP CRM vulnerable to remote code execution (RCE)

Dolibarr ERP CRM before 19.0.2 was discovered to contain a remote code execution RCE vulnerability via the Computed field parameter under the Users Module Setup function...

CVE-2024-40137

Dolibarr ERP CRM before 19.0.2-php8.2 was discovered to contain a remote code execution RCE vulnerability via the Computed field parameter under the Users Module Setup function...

CVE-2024-40137

Dolibarr ERP CRM before 19.0.2-php8.2 was discovered to contain a remote code execution RCE vulnerability via the Computed field parameter under the Users Module Setup function...

UBUNTU-CVE-2024-40137

Dolibarr ERP CRM before 19.0.2-php8.2 was discovered to contain a remote code execution RCE vulnerability via the Computed field parameter under the Users Module Setup function...

CVE-2024-40137

Dolibarr ERP CRM before 19.0.2-php8.2 was discovered to contain a remote code execution RCE vulnerability via the Computed field parameter under the Users Module Setup function...

PT-2024-28793 · Unknown · Dolibarr Erp/Crm

Name of the Vulnerable Software and Affected Versions: Dolibarr ERP CRM versions prior to 19.0.2 Description: The issue is related to a remote code execution RCE vulnerability. It can be exploited via the Computed field parameter under the Users Module Setup function. Recommendations: For version...

CVE-2024-40137

Dolibarr ERP CRM before 19.0.2-php8.2 was discovered to contain a remote code execution RCE vulnerability via the Computed field parameter under the Users Module Setup function...

Code injection

When the Genie Company Aladdin Connect garage door opener Retrofit-Kit Model ALDCM is placed into configuration mode the web servers “Garage Door Control Module Setup” page is vulnerable to XSS via a broadcast SSID name containing malicious code with client side Java Script and/or HTML. This allo...

Genie Aladdin Connect garage door opener Cross-site scripting vulnerability

Genie Aladdin Connect garage door opener is a garage door opener from Genie. A security vulnerability exists in the Genie Aladdin Connect garage door opener Retrofit-Kit Model ALDCM that stems from a cross-site scripting XSS vulnerability on the Garage Door Control Module Setup page...

SUSE CVE-2015-0267

The Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a symlink attack on a temporary file...

SUSE CVE-2015-0794

modules.d/90crypt/module-setup.sh in the dracut package before 037-17.30.1 in openSUSE 13.2 allows local users to have unspecified impact via a symlink attack on /tmp/dracutblockuuid.map...

Oracle Linux 7 : kexec-tools (ELSA-2015-0986)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2015-0986 advisory. 2.0.7-19.0.1.el71.2 - kdumpctl: exclude defaulthugepagesz setting from kdump kernel cmdline Sriharsha Yadagudde Orabug: 19134999 - kdumpctl: verify if kernel...

kexec-tools: insecure use of /tmp/*$$* filenames

It was found that the module-setup.sh script provided by kexec-tools created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files...

kexec-tools security, bug fix, and enhancement update

2.0.7-19.0.1.el71.2 - kdumpctl: exclude defaulthugepagesz setting from kdump kernel cmdline Sriharsha Yadagudde Orabug: 19134999 - kdumpctl: verify if kernel support securelevel interface Sriharsha Yadagudde Orabug: 18905671 2.0.7-19.2 - dracut-module-setup: Enhance kdump to support the bind...

PT-2015-4553 · Red Hat +2 · Kexec-Tools +3

Name of the Vulnerable Software and Affected Versions: kexec-tools versions prior to 2.0.7-19 Description: The issue allows local users to write to arbitrary files via a symlink attack on a temporary file. This is related to the Red Hat module-setup.sh script for kexec-tools in Red Hat Enterprise...