Lucene search
K

36 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Zabbix

During Zabbix installation from RPM, the DACOVERRIDE SELinux capability is used to access PID files in the /var/run/zabbix folder. In this case, processes of Zabbix Proxy or Server can bypass the file read, write, and execute permission checks at the file system level...

7.5CVSS7.5AI score0.00796EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.14 views

SUSE SLED15 / SLES15 Security Update : PackageKit (SUSE-SU-2026:1939-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1939-1 advisory. This update for PackageKit fixes the following issue: - CVE-2026-41651: race condition allows for arbitrary RPM package...

8.8CVSS6AI score0.0046EPSS
Exploits10References4
OSV
OSV
added 2026/04/29 9:45 a.m.4 views

OPENSUSE-SU-2026:20646-1 Security update for PackageKit

This update for PackageKit fixes the following issues: - CVE-2026-41651: race condition allows for arbitrary RPM package installation as root and can lead to LPE bsc1262220...

8.8CVSS5.9AI score0.0046EPSS
Exploits10References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-20231

Malware in sbrugna...

4.9CVSS5.2AI score0.00842EPSS
Exploits0References2
Redos
Redos
added 2025/05/13 12:0 a.m.16 views

ROS-2-596

2.596 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...

9.8CVSS8.7AI score0.82367EPSS
Exploits0
Redos
Redos
added 2024/03/13 12:0 a.m.30 views

ROS-2-1188

2.1188 BusyBox Denial of Service CVE-2021-28831 1. Vulnerability Description: The vulnerability allows a remote attacker to perform a denial of service DoS attack. The vulnerability exists due to improper handling of the error bit in the huftbuild result pointer in the decopressgunzip.c file. A...

7.5CVSS7AI score0.02719EPSS
Exploits0
Redos
Redos
added 2024/03/13 12:0 a.m.15 views

ROS-2-1353

2.1353 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability...

9.8CVSS7.9AI score0.05984EPSS
Exploits1
Redos
Redos
added 2024/03/13 12:0 a.m.18 views

ROS-2-1278

2.1278 Nettle library vulnerabilityCVE-2021-20305 1. Vulnerability Description: A Nettle library vulnerability involving the use of a failed cryptographic algorithm and allowing an unauthenticated remote attacker to execute arbitrary code.FSTEC Russia Information Security Threats Data Bank...

8.1CVSS8.2AI score0.01607EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/01/25 8:2 a.m.4 views

rpm: races with chown/chmod/capabilities calls during installation

A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system...

6.7CVSS7.1AI score0.00491EPSS
Exploits1References5
Redos
Redos
added 2023/07/06 12:0 a.m.34 views

ROS-2-505

2.505 Vulnerability in Mozilla Firefox browser CVE-2021-29967 1. Vulnerability description: A vulnerability in the Mozilla Firefox browser that allows an attacker to execute arbitrary code on the target system.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia: 2...

8.8CVSS7.8AI score0.01368EPSS
Exploits0
Redos
Redos
added 2023/07/06 12:0 a.m.20 views

ROS-2-1445

2.1445 Vulnerability in Mozilla Firefox browser CVE-2021-29967 1. Vulnerability description: Vulnerability in the Mozilla Firefox browser that allows an attacker to execute arbitrary code on the target system.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia : 2...

8.8CVSS9.2AI score0.01368EPSS
Exploits0
OSV
OSV
added 2022/12/15 5:7 p.m.6 views

CLSA-2022-1671124065 rpm: Fix of 2 CVEs

CVE-2021-35939: validate intermediate symlinks during installation - CVE-2021-35938: set file metadata via fd-based ops for everything but symlinks - Fix file descriptor leak recently introduced in rpmPackageFilesInstall...

6.7CVSS6.7AI score0.00491EPSS
Exploits2References1
Debian CVE
Debian CVE
added 2022/01/13 3:50 p.m.41 views

CVE-2022-23132

During Zabbix installation from RPM, DACOVERRIDE SELinux capability is in use to access PID files in /var/run/zabbix folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level...

7.5CVSS1.9AI score0.00796EPSS
Exploits0
CNNVD
CNNVD
added 2022/01/13 12:0 a.m.7 views

Zabbix Sia Zabbix 安全漏洞

Zabbix Sia Zabbix is an open source monitoring system from the Latvian company Zabbix SIA Zabbix Sia. The system supports network monitoring, server monitoring, cloud monitoring and application monitoring. A security vulnerability exists in Zabbix that stems from the DACOVERRIDE SELinux function...

7.5CVSS6.5AI score0.00796EPSS
Exploits0References6
Redos
Redos
added 2021/12/24 12:0 a.m.21 views

ROS-2-1463

2.1463 Denial of Service in libX11CVE-2021-31535 1. Vulnerability Description: The vulnerability allows a local user to execute a denial of service DoS attack. The vulnerability exists due to insufficient validation of color names in the XLookupColor function. A local user can launch a specially...

9.8CVSS7.3AI score0.10634EPSS
Exploits2
Redos
Redos
added 2021/09/08 12:0 a.m.30 views

ROS-2-453

2.453 Buffer Overflow in Python3 CVE-2021-3177 1. Vulnerability Description: CVE-2021-3177 The vulnerability is capable of causing code execution when processing unchecked floating point numbers in handlers that call C functions using the ctypes mechanism. 2. Possible measures to eliminate the...

9.8CVSS7.8AI score0.23293EPSS
Exploits2
Redos
Redos
added 2021/09/08 12:0 a.m.39 views

ROS-2-654

2.654 BusyBox Denial of Service CVE-2021-28831 1. Vulnerability Description: A vulnerability allows a remote attacker to perform a denial of service DoS attack. The vulnerability exists due to improper handling of the error bit in the huftbuild result pointer in the decopressgunzip.c file. A...

7.8CVSS5.3AI score0.99295EPSS
Exploits81
Redos
Redos
added 2021/09/08 12:0 a.m.15 views

ROS-2-656

2.656 Multiple vulnerabilities in Mozilla Thunderbird CVE-2021-23994, CVE-2021-23995, CVE-2021-23998, CVE-2021-23961, CVE-2021-23999, CVE-2021-24002, CVE-2021-29945, CVE-2021-29946, CVE-2021-29948, CVE-2021-29950. 1. Vulnerability Description: Vulnerabilities allow a remote attacker to compromise...

8.8CVSS8AI score0.01764EPSS
Exploits3
Redos
Redos
added 2021/09/08 12:0 a.m.19 views

ROS-2-1193

2.1193 VLC vulnerabilities with specially designed playlists 1. Vulnerability description: A remote user can create a specially crafted file that can cause various issues. It is possible to trigger remote code execution through a specially created playlist and trick the user into interacting with...

8.8CVSS8.4AI score0.01764EPSS
Exploits3
Redos
Redos
added 2021/09/08 12:0 a.m.23 views

ROS-2-632

2.632 Multiple vulnerabilities in Mozilla Firefox CVE-2021-23994, CVE-2021-23995, CVE-2021-23996, CVE-2021-23997, CVE-2021-23998, CVE-2021-23999, CVE-2021-24000, CVE-2021-24001, CVE-2021-24002, CVE-2021-29945, CVE-2021-29947, CVE-2021-29946. 1. Vulnerability Description: Vulnerabilities allow a...

8.8CVSS7.7AI score0.04006EPSS
Exploits2
Rows per page
Query Builder