Qualys TRU Uncovers Five Local Privilege Escalation Vulnerabilities in needrestart

The Qualys Threat Research Unit TRU has identified five Local Privilege Escalation LPE vulnerabilities within the needrestart component, which is installed by default on Ubuntu Server. These vulnerabilities can be exploited by any unprivileged user to gain full root access without requiring user...

[SECURITY] Fedora 39 Update: glibc-2.38-19.fc39

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

GHSA-87CF-J763-VVH8 OpenRefine's SQLite integration allows filesystem access, remote code execution (RCE)

Summary In the database extension, the "enableloadextension" property can be set for the SQLite integration, enabling an attacker to load local or remote extension DLLs and so run arbitrary code on the server. The attacker needs to have network access to the OpenRefine instance. Details The...

OpenRefine's SQLite integration allows filesystem access, remote code execution (RCE)

Summary In the database extension, the "enableloadextension" property can be set for the SQLite integration, enabling an attacker to load local or remote extension DLLs and so run arbitrary code on the server. The attacker needs to have network access to the OpenRefine instance. Details The...

[SECURITY] Fedora 39 Update: koji-1.35.1-1.fc39

Koji is a system for building and tracking RPMS. The base package contains shared libraries and the command-line interface...

[SECURITY] Fedora 39 Update: oath-toolkit-2.6.12-1.fc39

The OATH Toolkit provide components for building one-time password authentication systems. It contains shared libraries, command line tools and a PAM module. Supported technologies include the event-based HOTP algorithm RFC4226 and the time-based TOTP algorithm RFC6238. OATH stands for Open...

[SECURITY] Fedora 40 Update: koji-1.35.1-1.fc40

Koji is a system for building and tracking RPMS. The base package contains shared libraries and the command-line interface...

[SECURITY] Fedora 39 Update: openssl-3.1.4-4.fc39

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

[SECURITY] Fedora 41 Update: openssl-3.2.2-7.fc41

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

MongoDB Server Library Local Privilege Escalation Vulnerability (SERVER-69507) - Linux

MongoDB is prone to a local privilege escalation vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mongodb:mongodb";...

BIT-MONGODB-2024-8207 MongoDB Server binaries may load potentially insecure shared libraries from specific relative paths

In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server...

CVE-2024-8207

In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server...

CVE-2024-8207 MongoDB Server binaries may load potentially insecure shared libraries from specific relative paths

In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server...

CVE-2024-8207 MongoDB Server binaries may load potentially insecure shared libraries from specific relative paths

In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server...

CVE-2024-8207

CVE-2024-8207 affects MongoDB Server on Linux in highly specific host/system configurations. The underlying issue allows a local attacker with host-level access to cause the MongoDB Server binary to load actor-controlled shared libraries at startup, potentially granting full control over the Mong...

MongoDB Server binaries may load potentially insecure shared libraries from specific relative paths

In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server...

CVE-2024-41817

ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The AppImage version ImageMagick might use an empty path when setting MAGICKCONFIGUREPATH and LDLIBRARYPATH environment variables while executing, which might lead to arbitrary code execution b...

Updated python-imageio packages fix security vulnerability

imageio can attempt to download shared freeimage libraries from https://github.com/imageio/imageio-binaries/tree/master/freeimage. The code fetches straight from master and provides no way of verifying whether the correct file was fetched. As a result, if the repository is attacked in the future,...

Fedora: Security Advisory for glibc (FEDORA-2024-f7ae5df88d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-eafbf519ec)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...