Amazon Linux 2 : openssh, --advisory ALAS2-2026-3262 (ALAS-2026-3262)

The version of openssh installed on the remote host is prior to 7.4p1-22. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3262 advisory. In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectation...

EUVD-2025-199734

Insecure permissions in fail2ban-client v0.11.2 allows attackers with limited sudo privileges to perform arbitrary operations as root...

CVE-2025-45311

Insecure permissions in fail2ban-client v0.11.2 allows attackers with limited sudo privileges to perform arbitrary operations as root. NOTE: this is disputed by multiple parties because the action for a triggered rule can legitimately be an arbitrary operation as root. Thus, the software is...

PT-2025-48139

Name of the Vulnerable Software and Affected Versions fail2ban-client version 0.11.2 Description Insecure permissions in fail2ban-client version 0.11.2 can allow attackers with limited sudo privileges to perform arbitrary operations as root. Recommendations Update fail2ban-client to a newer versi...

CVE-2025-45311

CVE-2025-45311 affects fail2ban-client v0.11.2. Insecure permissions could allow attackers with limited sudo privileges to perform arbitrary operations as root. Note: some sources dispute the root-privilege interpretation, but multiple advisories describe the risk. Remediation: update to a newer ...

EUVD-2006-2111

Malware in sbrugna...

Path traversal

An issue was discovered in Eracent EPA Agent through 10.2.26. The agent executable, when installed for non-root operations scanning, can be used to start external programs with elevated permissions because of an Untrusted Search Path...