36 matches found
Astra Linux – Vulnerability in Zabbix
During Zabbix installation from RPM, the DACOVERRIDE SELinux capability is used to access PID files in the /var/run/zabbix folder. In this case, processes of Zabbix Proxy or Server can bypass the file read, write, and execute permission checks at the file system level...
SUSE SLED15 / SLES15 Security Update : PackageKit (SUSE-SU-2026:1939-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1939-1 advisory. This update for PackageKit fixes the following issue: - CVE-2026-41651: race condition allows for arbitrary RPM package...
OPENSUSE-SU-2026:20646-1 Security update for PackageKit
This update for PackageKit fixes the following issues: - CVE-2026-41651: race condition allows for arbitrary RPM package installation as root and can lead to LPE bsc1262220...
EUVD-2020-20231
Malware in sbrugna...
ROS-2-596
2.596 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...
ROS-2-1188
2.1188 BusyBox Denial of Service CVE-2021-28831 1. Vulnerability Description: The vulnerability allows a remote attacker to perform a denial of service DoS attack. The vulnerability exists due to improper handling of the error bit in the huftbuild result pointer in the decopressgunzip.c file. A...
ROS-2-1353
2.1353 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability...
ROS-2-1278
2.1278 Nettle library vulnerabilityCVE-2021-20305 1. Vulnerability Description: A Nettle library vulnerability involving the use of a failed cryptographic algorithm and allowing an unauthenticated remote attacker to execute arbitrary code.FSTEC Russia Information Security Threats Data Bank...
rpm: races with chown/chmod/capabilities calls during installation
A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system...
ROS-2-505
2.505 Vulnerability in Mozilla Firefox browser CVE-2021-29967 1. Vulnerability description: A vulnerability in the Mozilla Firefox browser that allows an attacker to execute arbitrary code on the target system.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia: 2...
ROS-2-1445
2.1445 Vulnerability in Mozilla Firefox browser CVE-2021-29967 1. Vulnerability description: Vulnerability in the Mozilla Firefox browser that allows an attacker to execute arbitrary code on the target system.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia : 2...
CLSA-2022-1671124065 rpm: Fix of 2 CVEs
CVE-2021-35939: validate intermediate symlinks during installation - CVE-2021-35938: set file metadata via fd-based ops for everything but symlinks - Fix file descriptor leak recently introduced in rpmPackageFilesInstall...
CVE-2022-23132
During Zabbix installation from RPM, DACOVERRIDE SELinux capability is in use to access PID files in /var/run/zabbix folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level...
Zabbix Sia Zabbix 安全漏洞
Zabbix Sia Zabbix is an open source monitoring system from the Latvian company Zabbix SIA Zabbix Sia. The system supports network monitoring, server monitoring, cloud monitoring and application monitoring. A security vulnerability exists in Zabbix that stems from the DACOVERRIDE SELinux function...
ROS-2-1463
2.1463 Denial of Service in libX11CVE-2021-31535 1. Vulnerability Description: The vulnerability allows a local user to execute a denial of service DoS attack. The vulnerability exists due to insufficient validation of color names in the XLookupColor function. A local user can launch a specially...
ROS-2-453
2.453 Buffer Overflow in Python3 CVE-2021-3177 1. Vulnerability Description: CVE-2021-3177 The vulnerability is capable of causing code execution when processing unchecked floating point numbers in handlers that call C functions using the ctypes mechanism. 2. Possible measures to eliminate the...
ROS-2-654
2.654 BusyBox Denial of Service CVE-2021-28831 1. Vulnerability Description: A vulnerability allows a remote attacker to perform a denial of service DoS attack. The vulnerability exists due to improper handling of the error bit in the huftbuild result pointer in the decopressgunzip.c file. A...
ROS-2-656
2.656 Multiple vulnerabilities in Mozilla Thunderbird CVE-2021-23994, CVE-2021-23995, CVE-2021-23998, CVE-2021-23961, CVE-2021-23999, CVE-2021-24002, CVE-2021-29945, CVE-2021-29946, CVE-2021-29948, CVE-2021-29950. 1. Vulnerability Description: Vulnerabilities allow a remote attacker to compromise...
ROS-2-1193
2.1193 VLC vulnerabilities with specially designed playlists 1. Vulnerability description: A remote user can create a specially crafted file that can cause various issues. It is possible to trigger remote code execution through a specially created playlist and trick the user into interacting with...
ROS-2-632
2.632 Multiple vulnerabilities in Mozilla Firefox CVE-2021-23994, CVE-2021-23995, CVE-2021-23996, CVE-2021-23997, CVE-2021-23998, CVE-2021-23999, CVE-2021-24000, CVE-2021-24001, CVE-2021-24002, CVE-2021-29945, CVE-2021-29947, CVE-2021-29946. 1. Vulnerability Description: Vulnerabilities allow a...