Linux Distros Unpatched Vulnerability : CVE-2013-0337

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the 1 access.log and 2 error.log files, which allows local...

Linux Distros Unpatched Vulnerability : CVE-2008-4870

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dovecot 1.0.7 in Red Hat Enterprise Linux RHEL 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the...

CISA: 2025 Minimum Elements for a Software Bill of Materials (SBOM)

CISA is requesting public comment on its updated guidance on Software Bill of Materials SBOM to reflect the current state of maturity in software transparency and supply chain security. Building on the 2021 NTIA SBOM Minimum Elements, this update aims to help agencies and organizations to manage...

CVE-2025-50691

The CVE-2025-50691 item concerns MCSManager 10.5.3, where the daemon runs as root by default and stores sensitive data (tokens, terminal content) in a world-readable data directory. This allows other local users to read the daemon’s key and potentially log in, enabling privilege escalation. Docum...

CVE-2025-50691

MCSManager 10.5.3 daemon process runs as a root account by default, and its sensitive data including tokens and terminal content is stored in the data directory, readable by all users. Other users on the system can read the daemon's key and use it to log in, leading to privilege escalation...

MCSManager Panel 安全漏洞

MCSManager Panel is an open source game server administration panel from MCSManager. A security vulnerability exists in MCSManager Panel version 10.5.3, which stems from a daemon running as root by default and sensitive data being readable by all users, which may result in elevated privileges...

CVE-2025-50691

MCSManager 10.5.3 daemon process runs as a root account by default, and its sensitive data including tokens and terminal content is stored in the data directory, readable by all users. Other users on the system can read the daemon's key and use it to log in, leading to privilege escalation...

Security update for net-tools

This update for net-tools fixes the following issues: Provide more readable error for interface name size checking bsc1243581 Perform bound checks when parsing interface labels in /proc/net/dev bsc1243581, bsc1246608. CVE-2025-46836 Patch Instructions: To install this SUSE update use the SUSE...

Linux Distros Unpatched Vulnerability : CVE-2017-12155

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local...

GHSA-QP7J-X725-G67F HydrAIDE Authentication Bypass Vulnerability

Summary There is no authentication of any kind. Details TLS is implemented, the tunnel between the client and server is secure, however once data is on the server, it's free to be read by any adversaries. On the client side :...

HydrAIDE Authentication Bypass Vulnerability

Summary There is no authentication of any kind. Details TLS is implemented, the tunnel between the client and server is secure, however once data is on the server, it's free to be read by any adversaries. On the client side :...

Linux Distros Unpatched Vulnerability : CVE-2018-6124

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Type confusion in ReadableStreams in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit object corruption via a craft...

Linux Distros Unpatched Vulnerability : CVE-2016-8637

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used,...

Linux Distros Unpatched Vulnerability : CVE-2023-40217

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP...

Linux Distros Unpatched Vulnerability : CVE-2022-46338

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing...

Linux Distros Unpatched Vulnerability : CVE-2017-2622

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An accessibility flaw was found in the OpenStack Workflow mistral service where a service log directory was improperly made world readable. A malicious system...

Linux Distros Unpatched Vulnerability : CVE-2025-52991

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Nix, Lix, and Guix package managers default to using temporary build directories in a world-readable and world-writable location. This allows standard users...

Linux Distros Unpatched Vulnerability : CVE-2016-9590

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage...

Linux Distros Unpatched Vulnerability : CVE-2020-1736

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Ansible Engine when a file is moved using atomicmove primitive as the file mode cannot be specified. This sets the destination files...

MAL-2025-37217 Malicious code in triton-readable-luna-farout (npm)

The package triton-readable-luna-farout was found to contain malicious code...