EUVD-2026-38814

In the Linux kernel, the following vulnerability has been resolved: fs/fcntl: fix SOFTIRQ-unsafe lock order in fasync signaling A SOFTIRQ-safe to SOFTIRQ-unsafe lock order deadlock can occur in sendsigio and sendsigurg when a process group receives a signal. When FASYNC is configured for a proces...

CVE-2026-52946

The CVE-2026-52946 entry concerns the Linux kernel and describes a SOFTIRQ-unsafe lock order deadlock in the fasync signaling path (send_sigio and send_sigurg) when FASYNC is enabled for a process group. The concrete remediation is to replace the use of tasklist_lock with rcu_read_lock() to trave...

openSUSE 16 Security Update : apptainer (openSUSE-SU-2026:20730-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20730-1 advisory. Changes in apptainer: - Fix CVE-2026-34986 bsc1262956 github.com/go-jose/go-jose/[email protected] CVE-2026-33186 GO-2026-4762 bsc1260311...

Oracle Linux 9 : ELSA-2025-20559-0: / shadow-utils (ELSA-2025-205590)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-205590 advisory. 2:4.9-15 - nss.c: shadowlogfd to stderr. Resolves: RHEL-83431 - vipw: restore the original terminal pgrp after editing. Resolves: RHEL-70844 and RHEL-72940...

EUVD-2014-8420

Malware in sbrugna...

EUVD-2019-0770

Malware in sbrugna...

EUVD-2010-5285

Malware in sbrugna...

CVE-2024-56512

Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases wher...

The vulnerability of the New Process Group Handler component in the Apache NiFi data processing platform allows a hacker to gain unauthorized access to read, modify, or delete data.

The vulnerability of the New Process Group Handler component in the Apache NiFi data processing platform is related to the improper use of intermediaries. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to read, modify, or delete data...

GHSA-MPJ7-7MG7-X95J Apache NiFi: Missing Complete Authorization for Parameter and Service References

Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases wher...

CVE-2024-56512

Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases wher...

SUSE CVE-2010-5328

include/linux/inittask.h in the Linux kernel before 2.6.35 does not prevent signals with a process group ID of zero from reaching the swapper process, which allows local users to cause a denial of service system crash by leveraging access to this process group...

SUSE CVE-2020-29661

A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/ttyjobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b...

golang: syscall: faccessat checks wrong group

A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file's group, affecting system availability...

golang: syscall: faccessat checks wrong group

A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file's group, affecting system availability...

golang: syscall: faccessat checks wrong group

A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file's group, affecting system availability...

CVE-2022-29526

A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file's group, affecting system availability...

Advisory ROSA-SA-2021-1923

Software: modwsgi 3.4 OS: Cobalt 7.9 CVE-ID: CVE-2014-8583 CVE-Crit: CRITICAL CVE-DESC: modwsgi before 4.2.4 for Apache when creating a daemon process group does not handle properly when group privileges cannot be discarded, which could allow attackers to gain privileges via undefined vectors...

Apache NiFi API Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Potential Improvements: Add option to authenticate using client certificate Add a scanner module? class MetasploitModule 'Apache NiFi API Remote Code Execution',...

Huawei EulerOS: Security Advisory for mod_wsgi (EulerOS-SA-2019-2633)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...