openSUSE 16 Security Update : apptainer (openSUSE-SU-2026:20730-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20730-1 advisory. Changes in apptainer: - Fix CVE-2026-34986 bsc1262956 github.com/go-jose/go-jose/[email protected] CVE-2026-33186 GO-2026-4762 bsc1260311...

Oracle Linux 9 : ELSA-2025-20559-0: / shadow-utils (ELSA-2025-205590)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-205590 advisory. 2:4.9-15 - nss.c: shadowlogfd to stderr. Resolves: RHEL-83431 - vipw: restore the original terminal pgrp after editing. Resolves: RHEL-70844 and RHEL-72940...

EUVD-2019-0770

Malware in sbrugna...

EUVD-2010-5285

Malware in sbrugna...

EUVD-2014-8420

Malware in sbrugna...

CVE-2024-56512

Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases wher...

GHSA-MPJ7-7MG7-X95J Apache NiFi: Missing Complete Authorization for Parameter and Service References

Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases wher...

CVE-2024-56512

Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases wher...

SUSE CVE-2010-5328

include/linux/inittask.h in the Linux kernel before 2.6.35 does not prevent signals with a process group ID of zero from reaching the swapper process, which allows local users to cause a denial of service system crash by leveraging access to this process group...

SUSE CVE-2020-29661

A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/ttyjobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b...

golang: syscall: faccessat checks wrong group

A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file's group, affecting system availability...

golang: syscall: faccessat checks wrong group

A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file's group, affecting system availability...

golang: syscall: faccessat checks wrong group

A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file's group, affecting system availability...

CVE-2022-29526

A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file's group, affecting system availability...

Advisory ROSA-SA-2021-1923

Software: modwsgi 3.4 OS: Cobalt 7.9 CVE-ID: CVE-2014-8583 CVE-Crit: CRITICAL CVE-DESC: modwsgi before 4.2.4 for Apache when creating a daemon process group does not handle properly when group privileges cannot be discarded, which could allow attackers to gain privileges via undefined vectors...

Apache NiFi API Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Potential Improvements: Add option to authenticate using client certificate Add a scanner module? class MetasploitModule 'Apache NiFi API Remote Code Execution',...

Huawei EulerOS: Security Advisory for mod_wsgi (EulerOS-SA-2019-2633)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for mod_wsgi (EulerOS-SA-2019-2367)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : mod_wsgi (EulerOS-SA-2019-2711)

According to the version of the modwsgi package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - modwsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which migh...

GHSA-26P8-XRJ2-MV53 Apache NiFi process group information disclosure

When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents at the top most level, not recursively. The response included details about processors and controller services which the user may not have had read access to...