15 matches found
CVE-2026-53200
The CVE refers to the Linux kernel KVM on ARM64 where the XN bit handling was broken when FEAT_XNX is not enabled. Specifically, a FIELD_PREP() mask used to clear XN[0] manipulated the wrong bit, unconditionally granting execute permissions. The issue is resolved by correcting the bit manipulatio...
Pi Agent: Race condition in Pi auth.json writes could expose stored credentials
Pi auth.json writes could briefly expose stored credentials to local users Pi stored API keys and OAuth credentials in auth.json. A race condition in the file write path could briefly create or rewrite this file with permissions derived from the process umask before tightening the file to...
kernel: ovl: fix null pointer dereference in ovl_permission()
In the Linux kernel, the following vulnerability has been resolved: ovl: fix null pointer dereference in ovlpermission Following process: P1 P2 pathlookupat linkpathwalk inodepermission ovlpermission ovlipathrealinode, &realpath path-dentry = ovlidentryupperinode dropcache dentrykillovldentry...
Important: kernel-livepatch-4.14.355-275.603
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential oob read in nilfsbtreecheckdelete CVE-2024-47757 In the Linux kernel, the following vulnerability has been resolved: ext4: fix double brelse the buffer of the extents path CVE-2024-49882 In t...
CVE-2022-36109
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use...
Insecure Permissions
Overview Affected versions of this package are vulnerable to Insecure Permissions due to the gem file containing world-writeable files. This means everyone who is not the owner Group and Public with access to the instance where this release had been installed could modify the world-writable files...
container-tools:ol8 security update
buildah 1.19.7-2.0.1 - Fixes troubles with oracle registry login Orabug: 29937283 1.19.7-2 - revert changes to the state of 3.0-8.4.0 - Related: 1954702 conmon 2:2.0.26-3 - fix 'Permission on /dev/null are changing from 666 to 777 after running podman as root rhel-8.4.0.z' - Resolves: 1961682...
SUSE: Security Advisory (SUSE-SU-2016:1351-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : roundcubemail (openSUSE-2020-1516)
This update for roundcubemail fixes the following issues : roundcubemail was upgraded to 1.3.15 This is a security update to the LTS version 1.3. boo1175135 - Security: Fix cross-site scripting XSS via HTML messages with malicious svg content CVE-2020-16145 - Security: Fix cross-site scripting XS...
SUSE-SU-2020:0434-1 Security update for pdsh, slurm_18_08
This update for pdsh, slurm1808 fixes the following issues: Slurm was included in the 18.08 release, as 'slurm1808' package. The version 18.08.9 contains all recent security fixes, including: - CVE-2019-19728: Fixed a privilege escalation with srun, where --uid might have unintended side effects...
Security update for otrs (moderate)
This update for otrs to version 4.0.32 fixes the following issues: These security issues were fixed: - CVE-2018-16586: An attacker could have sent a malicious email to an OTRS system. If a logged in user opens it, the email could have caused the browser to load external image or CSS resources...
Fedora 27 : community-mysql (2017-9e28c78e07)
A quarter year regular dose of fixed CVE's. https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-20.html . rhbz1497694 : Fix owner and perms on log file in post script CVE fixes: rhbz1503701 CVE-2017-10155 CVE-2017-10227 CVE-2017-10268 CVE-2017-10276 CVE-2017-10279 CVE-2017-10283 CVE-2017-102...
SUSE-SU-2017:1763-1 Security update for clamav
This update for clamav fixes the following issues: Security issue fixed: - CVE-2012-6706: Fixed an arbitrary memory write in VMSFDELTA filter in libclamunrar bsc1045490 Non security issue fixed: - Fix permissions of /var/spool/amavis. bsc815106...
Mandriva Linux Security Advisory : setup (MDVSA-2015:184)
Updated setup package fixes security vulnerability : An issue has been identified in Mandriva Business Server 2's setup package where the /etc/shadow and /etc/gshadow files containing password hashes were created with incorrect permissions, making them world-readable mga14516. This update fixes...
Oracle Linux 5 : bind (ELSA-2012-1267)
The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2012-1267 advisory. 30:9.3.6-20.P1.4 - bind-chroot-admin: set correct permissions on /etc/named.conf during update 30:9.3.6-20.P1.3 - fix CVE-2012-4244 Tenable has extracted the...