Fedora: Security Advisory (FEDORA-2025-e282b00383)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 42 : cri-o1.34 (2025-6d2a952fe1)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-6d2a952fe1 advisory. - Update to release v1.34.1 - Resolves: rhbz2333357, rhbz2398409, rhbz2398664, rhbz2399066, rhbz2399340 - Upstream fixes Tenable has extracted the...

Fedora 41 : kubernetes1.32 (2025-8f9b0ca4c7)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-8f9b0ca4c7 advisory. - Update to release v1.32.7 - Resolves: rhbz2388412 - Resolves: CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference - Upstream fixes Tenab...

CVE-2020-14394

An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block TRB Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service...

CVE-2018-1118

Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhostnewmsg function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-ne...

GNU Wget FTP Symlink Arbitrary Filesystem Access

This module exploits a vulnerability in Wget when used in recursive -r mode with a FTP server as a destination. A symlink is used to allow arbitrary writes to the target's filesystem. To specify content for the file, use the "file:/path" syntax for the TARGETDATA option. Tested successfully with...

Fedora 21 : torque-4.2.8-1.fc21 (2014-10153)

Fix CVE-2013-4495: arbitrary code execution via job submission RHBZ 1029752 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introduci...

teTeX 1.0.7 Filters Temporary File Race Condition Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2974/info teTeX is a TeX distribution for UNIX compatible systems. A race condition vulnerability exists in the temporary file handling method used by some teTeX filters. The problem exists because in some cases temporary...

LPRng 3.6.x Failure To Drop Supplementary Groups Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2865/info The LPRng software is an enhanced, extended, and portable implementation of the Berkeley LPR print spooler functionality. When the LPRng daemon is initialized, it fails to drop its supplementary groups. As a...

CVE-2012-4461

The KVM subsystem in the Linux kernel before 3.6.9, when running on hosts that use qemu userspace without XSAVE, allows local users to cause a denial of service kernel OOPS by using the KVMSETSREGS ioctl to set the X86CR4OSXSAVE bit in the guest cr4 register, then calling the KVMRUN ioctl...

Fedora 17 : gnome-keyring-3.4.1-3.fc17 (2012-12368)

GPG agent did not respect cache expiry settings. Backported patch to fix this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

Fedora 14 : eclipse-3.6.1-6.1.fc14 (2010-19006)

Eclipse help webapp XSS vulnerability fix. See Redhat Bugzilla 661901 and Eclipse Bugzilla 329582. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

Fedora 13 : eclipse-3.5.2-4.fc13 (2010-18990)

Fix junit runner problem Eclipse help webapp XSS vulnerability fix. See Redhat Bugzilla 661901 and Eclipse Bugzilla 329582. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and...

Linux Kernel < 2.6.36-rc6 pktcdvd Kernel Memory Disclosure

Exploit for linux platform in category local exploits ========================================================== Linux Kernel http://jon.oberheide.org Information: https://bugzilla.redhat.com/showbug.cgi?id=638085 The PKTCTRLCMDSTATUS device ioctl retrieves a pointer to a pktcdvddevice from the...

Fedora 12 : sendmail-8.14.4-3.fc12 (2010-5470)

This new version of sendmail fixes security bug - handling of bogus certificates with NULLs in CNs. Also many other bugs have been fixed, for complete list please see: http://www.sendmail.org/releases/8.14.4 Note that Tenable Network Security has extracted the preceding description block directly...

CVE-2009-4143

PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to 1 interrupt corruption of the SESSION superglobal array and 2 the session.savepath directive...

CVE-2009-1698

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets CSS attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code ...

Linux Kernel /proc/net/rt_cache远程拒绝服务漏洞

BUGTRAQ ID: 34084 CVECAN ID: CVE-2009-0778 Linux Kernel是开放源码操作系统Linux所使用的内核。 即使缓存的路由表保持不变，/proc/slabinfo中的ipdstcache值也会一直递增，这会导致ipdstcache最终会到达 /proc/sys/net/ipv4/route/maxsize的值。当到达该值的时候，内核就会报告“dst cache overflow”，之后服务器不再响应任何网络活动。 Linux kernel 2.6.x 临时解决方法： 删除REJECT路由，或用ip route add 10.10.0.0/16...

SECOBJADV-2008-02: Cygwin Installation and Update Process can be Subverted Vulnerability

====================================================================== = Security Objectives Advisory SECOBJADV-2008-02 = ====================================================================== Cygwin Installation and Update Process can be Subverted Vulnerability...