331 matches found
The vulnerability of the Display Key Combination Fast Access swhkd in the Wayland display server protocol allows a hacker to access protected information or cause a service failure.
The vulnerability of the Display Key Combination daemon swhkd in the Wayland display server protocol implementation relates to the ability to save the PID of a process in the file /tmp/swhkd.pid and incorporate the PID of an existing process into it. Exploiting this vulnerability can allow a remo...
SWHKD 后置链接漏洞
SWHKD is a display protocol independent hotkey daemon made in Rust. A denial of service vulnerability exists in SWHKD version 1.1.5, which stems from the insecure use of the /tmp/swhks.pid pathname and can be exploited by an attacker to potentially cause a denial of service...
openSUSE 15 Security Update : chrony (openSUSE-SU-2022:0845-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:0845-1 advisory. - A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd...
Zabbix Sia Zabbix 安全漏洞
Zabbix Sia Zabbix is an open source monitoring system from the Latvian company Zabbix SIA Zabbix Sia. The system supports network monitoring, server monitoring, cloud monitoring and application monitoring. A security vulnerability exists in Zabbix that stems from the DACOVERRIDE SELinux function...
SUSE SLES12 Security Update : chrony (SUSE-SU-2021:4147-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2021:4147-1 advisory. Chrony was updated to 4.1: Add support for NTS servers specified by IP address matching Subject Alternative Name in server certificate Add...
Advisory ROSA-SA-2021-1935
Software: openldap 2.4.44 OS: Cobalt 7.9 CVE-ID: CVE-2017-14159 CVE-Crit: MEDIUM CVE-DESC: slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping the privileges of a non-root account, which could allow local users to kill arbitrary processes using access to that non-root account t...
EulerOS Virtualization for ARM 64 3.0.2.0 : chrony (EulerOS-SA-2021-2110)
According to the version of the chrony package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A flaw was found in chrony when creating the PID file under the /var/run/chrony folder. The file is created during chronyd...
Input validation
It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform - Continuous Delivery EAP-CD introducing regression. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script ...
CVE-2020-14317
It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform - Continuous Delivery EAP-CD introducing regression. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script ...
unbound security, bug fix, and enhancement update
1.7.3-15 - Fix SPEC file to not check md5 mtime and size of /var/lib/unbound/root.key - Resolves: rhbz1714175 - Use system-wide crypto policy setting PROFILE=SYSTEM instead of custom setting - Resolves: rhbz1842837 - Enable additional logging in unbound - Resolves: rhbz1850460 - security hardenin...
OPENSUSE-SU-2021:0754-1 Security update for exim
This update for exim fixes the following issues: Exim was updated to exim-4.94.2 security update boo1185631 CVE-2020-28007: Link attack in Exim's log directory CVE-2020-28008: Assorted attacks in Exim's spool directory CVE-2020-28014: Arbitrary PID file creation CVE-2020-28011: Heap buffer overfl...
Security update for exim (critical)
openSUSE Security Update: Security update for exim Announcement ID: openSUSE-SU-2021:0753-1 Rating: critical References: 1079832 1136587 1142207 1154183 1160726 1171490 1171877 1173693 1185631 Cross-References: CVE-2017-1000369 CVE-2017-16943 CVE-2017-16944 CVE-2018-6789 CVE-2019-10149...
Security update for exim (critical)
openSUSE Security Update: Security update for exim Announcement ID: openSUSE-SU-2021:0754-1 Rating: critical References: 1079832 1171490 1171877 1173693 1185631 Cross-References: CVE-2017-1000369 CVE-2017-16943 CVE-2017-16944 CVE-2018-6789 CVE-2019-16928 CVE-2020-12783 CVE-2020-28007 CVE-2020-280...
UBUNTU-CVE-2021-27216
Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a deletepidfile race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options...
The vulnerability of the Chrony daemon in the implementation of the Network Time Protocol (NTP) allows a attacker to cause a service failure.
The vulnerability of the Chrony daemon in the implementation of the Network Time Protocol NTP is related to an incorrect definition of the link before accessing the file in the /var/run/chrony directory. Exploiting this vulnerability could allow a attacker to cause a service failure by using a...
MGASA-2021-0154 Updated unbound packages fix a security vulnerability
Unbound contains a local vulnerability that would allow for a local symlink attack. When writing the PID file Unbound creates the file if it is not there, or opens an existing file for writing. In case the file was already present, it would follow symlinks if the file happened to be a symlink...
USN-4808-1 tinyproxy vulnerability
It was discovered that Tinyproxy created its pid file with insecure permissions. An attacker could use the vulnerability to cause arbitrary processes to be killed, resulting in a denial of service...
EulerOS Virtualization 3.0.6.6 : chrony (EulerOS-SA-2021-1462)
According to the version of the chrony packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created...
EulerOS Virtualization 3.0.2.6 : chrony (EulerOS-SA-2021-1429)
According to the version of the chrony package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created...
OESA-2021-1083 unbound security update
Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards. To help increase online privacy, Unbound supports DNS-over-TLS which allows clients to encrypt their communication. Unbound is available for most...