MiracleLinux 8 : dotnet3.1-3.1.118-1.el8.ML.1 (AXSA:2021-2354:08)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2354:08 advisory. dotnet: ASP.NET Core WebSocket frame processing DoS CVE-2021-26423 dotnet: Dump file created world-readable CVE-2021-34485 dotnet: ASP.NET Core JWT...

CLSA-2026-1768570231 git: Fix of CVE-2024-32021

CVE-2024-32021: fix issue where cloning local source repository with symlinks may create hardlinks to arbitrary user-readable files in the objects/ directory...

MiracleLinux 4 : dracut-004-336.AXS4.2 (AXSA:2014-007:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2014-007:01 advisory. dracut is a new, event-driven initramfs infrastructure based around udev. Security issues fixed with this release: CVE-2012-4453 dracut.sh in dracut creates...

MiracleLinux 4 : libguestfs-1.16.19-1.0.1.AXS4 (AXSA:2012-585:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-585:02 advisory. Libguestfs is a library for accessing and modifying guest disk images. Amongst the things this is good for: making batch configuration changes to guests,...

CVE-2016-10819

In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd SEC-125...

SUSE-SU-2026:20050-1 Security update for libvirt

This update for libvirt fixes the following issues: Security issues fixed: - CVE-2025-13193: external inactive snapshots for shut-down VMs that are incorrectly created as world-readable allow unprivileged users to inspect guest OS contents bsc1253703. - CVE-2025-12748: parsing of user-provided XM...

CVE-2017-18424

In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt SEC-274...

CVE-2017-18428

In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing SEC-290...

CVE-2011-0178

The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory...

CVE-1999-0712

A vulnerability in Caldera Open Administration System COAS allows the /etc/shadow password file to be made world-readable...

CVE-2019-16061

A number of files on the NETSAS Enigma NMS server 65.0.0 and prior are granted weak world-readable and world-writable permissions, allowing any low privileged user with access to the system to read sensitive data e.g., .htpasswd and create/modify/delete content e.g., under /var/www/html/docs with...

Unity Linux 20.1070e Security Update: libvirt (UTSA-2025-993329)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993329 advisory. A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to...

OESA-2025-2894 libvirt security update

Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support. Security Fixes: A flaw was found in libvirt. External inactive snapshots for shut-down VMs are...

OESA-2025-2893 libvirt security update

Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support. Security Fixes: A flaw was found in libvirt. External inactive snapshots for shut-down VMs are...

PT-2025-51993

Name of the Vulnerable Software and Affected Versions Freedombox versions prior to 25.17.1 Description Freedombox versions prior to 25.17.1 do not establish appropriate permissions for the backups-data directory. This allows unauthorized access to database dump files. Recommendations Update to...

[SECURITY] [DLA 4400-1] rear security update

Debian LTS Advisory DLA-4400-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert December 10, 2025 https://wiki.debian.org/LTS Package : rear Version : 2.6+dfsg-1+deb11u1 CVE ID : CVE-2024-23301 Debian Bug : 1060747 It has been discovered that Relax-and-Recover aka...

Debian dla-4400 : rear - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4400 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4400-1 [email protected] https://www.debian.org/lts/security/...

SUSE CVE-2025-13947

A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside the browser...

CVE-2025-66312

This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/accounts/groups/Grupo endpoint of the Grav application. Th...

Grav Admin Plugin is vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/accounts/groups/[group]` parameter `data[readableName]`

Summary A Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/accounts/groups/Grupo endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the datareadableName parameter. The injected scripts are stored on the server and...