Fedora 45 : perl-Crypt-PasswdMD5 (2026-5f1dfcb5c8)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-5f1dfcb5c8 advisory. Automatic update for perl-Crypt-PasswdMD5-1.4.3-1.fc45. Changelog Sat May 23 2026 Paul Howarth - 1.4.3-1 - Update to 1.43 - Replace use of the...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : polkit vulnerabilities (USN-8173-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8173-1 advisory. It was discovered that polkit incorrectly handled nested elements in XML policy files. If an administrator were tricked into installi...

EUVD-2018-18430

Malware in sbrugna...

EUVD-2009-3832

Malware in sbrugna...

EulerOS 2.0 SP12 : polkit (EulerOS-SA-2025-2021)

According to the versions of the polkit packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This...

SUSE-SU-2025:20662-1 Security update for polkit

This update for polkit fixes the following issues: - CVE-2025-7519: Fixed that a XML policy file with a large number of nested elements may lead to out-of-bounds write bsc1246472...

Security update for polkit

This update for polkit fixes the following issues: CVE-2025-7519: Fixed that a XML policy file with a large number of nested elements may lead to out-of-bounds write bsc1246472. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

SUSE-SU-2025:02528-1 Security update for polkit

This update for polkit fixes the following issues: - CVE-2025-7519: Fixed a XML policy file with a large number of nested elements that may lead to out-of-bounds write. bsc1246472...

Configure Audit Rules for SELinux

SELinux is a mandatory access control function component of Linux. It is used to implement fine-grained permission control on processes and files. You are advised to audit configurations of SELinux configuration files and policy files and record modification logs. If SELinux audit is not...

CVE-2024-52800 Potential XXE (XML External Entity Injection) vulnerability in veraPDF CLI

veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. This doesn't affect the standard validation and policy checks functionality...

CVE-2024-52800 Potential XXE (XML External Entity Injection) vulnerability in veraPDF CLI

veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. This doesn't affect the standard validation and policy checks functionality...

GHSA-QXQF-2MFX-X8JW veraPDF has potential XSLT injection vulnerability when using policy files

Impact Executing policy checks using custom schematron files invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. Patches This has been patched and users should upgrade to veraPDF v1.24.2 Workarounds This doesn't affect the standard validation an...

veraPDF has potential XSLT injection vulnerability when using policy files

Impact Executing policy checks using custom schematron files invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. Patches This has been patched and users should upgrade to veraPDF v1.24.2 Workarounds This doesn't affect the standard validation an...

CVE-2024-28109 Potential XSLT injection vulnerability when using policy files

veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution RCE vulnerability. This vulnerability is fixed in 1.24.2...

CVE-2024-28109 Potential XSLT injection vulnerability when using policy files

veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution RCE vulnerability. This vulnerability is fixed in 1.24.2...

SUSE CVE-2007-6243

Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting XSS attacks...

SUSE CVE-2008-4822

Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy...

ZOHO ManageEngine ADSelfService Plus 信息泄露漏洞

A security vulnerability exists in ZOHO ManageEngine ADSelfService Plus, ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. The vulnerability is caused by ManageEngine ADSelfService Plus under build 6116 storing the password...

CVE-2020-7810

hslogin2.dll ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. This is due to a lack of integrity verification of the policy files referenced in the update process, and a remote attacke...

Design/Logic Flaw

hslogin2.dll ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. This is due to a lack of integrity verification of the policy files referenced in the update process, and a remote attacke...