PocketBook InkPad Color 3 安全漏洞

PocketBook InkPad Color 3 is a waterproof e-reader with a color display from PocketBook. It is used for reading eBooks, playing audiobooks, and more. A security vulnerability exists in the PocketBook InkPad Color 3 U743k version 3.6.8.3671, which stems from a misconfiguration of Sudo permissions...

Linux Distros Unpatched Vulnerability : CVE-2019-19232

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not...

Linux Distros Unpatched Vulnerability : CVE-2019-19234

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Sudo through 1.8.29, the fact that a user has been blocked e.g., by using the ! character in the shadow file instead of a password hash is not considered,...

Linux Distros Unpatched Vulnerability : CVE-2016-7076

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp C library function with a use...

Linux Distros Unpatched Vulnerability : CVE-2005-4890

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via su - user -c program. The user session can be escaped to the parent...

Advisory ROSA-SA-2025-2719

Software: sudo 1.9.5p2 OS: ROSA Virtualization 3.0 packageevrstring: sudo-1.9.5p2-1 CVE-ID: CVE-2021-3156 BDU-ID: 2021-00364 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the parseargs function of the Sudo system administration program is related to a buffer overflow in dynamic memory. Exploitatio...

SUSE-SU-2025:20224-1 Security update for cloud-regionsrv-client, python-toml

This update for cloud-regionsrv-client, python-toml contains the following fixes: cloud-regionsrv-client: - Update to 10.3.11 bsc1234050 + Send registration code for the extensions, not only base product - Update to 10.3.9: bsc1234050 + Send registration code for the extensions, not only base...

Security update for cloud-regionsrv-client

This update for cloud-regionsrv-client contains the following fixes: Update to 10.3.11 bsc1234050 Send registration code for the extensions, not only base product Update to 10.3.9: bsc1234050 Send registration code for the extensions, not only base product Update to 10.3.8: bsc1233333 Fix the...

SUSE-SU-2025:20123-1 Security update for cloud-regionsrv-client

This update for cloud-regionsrv-client contains the following fixes: - Update to 10.3.11 bsc1234050 + Send registration code for the extensions, not only base product - Update to 10.3.9: bsc1234050 + Send registration code for the extensions, not only base product - Update to 10.3.8: bsc1233333 +...

CVE-2020-11069

In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to...

CVE-2024-24821

Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local...

PT-2025-1537

Name of the Vulnerable Software and Affected Versions Prusa PrusaSlicer versions prior to 2.6.2 Description A crafted 3mf project file can lead to arbitrary code execution on a host system during the process of slicing the project and exporting G-code. This issue occurs within the PostProcessor.c...

SUSE: Security Advisory (SUSE-SU-2024:4389-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : sudo (SUSE-SU-2024:4389-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:4389-1 advisory. - CVE-2021-3156: Fixed regression in CVE bsc1234371 Tenable has extracted the preceding description block directly from the SUSE security advisory. Not...

Security update for sudo

This update for sudo fixes the following issues: CVE-2021-3156: Fixed regression in CVE bsc1234371 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product:...

SUSE-SU-2024:4389-1 Security update for sudo

This update for sudo fixes the following issues: - CVE-2021-3156: Fixed regression in CVE bsc1234371...

Granular sudo Permissions for Installing Veeam Plug-ins for Enterprise Applications using Protection Groups

Challenge This article provides an example granular 'sudoer' configuration for the Linux account that will be used by Veeam Backup & Replication when installing Veeam Plug-Ins for Enterprise Applications using a Protection Group, specifically for Veeam Plug-in for Oracle RMAN and Veeam Plug-in fo...

CVE-2024-28139

The www-data user can elevate its privileges because sudo is configured to allow the execution of the mount command as root without a password. Therefore, the privileges can be escalated to the root user. The risk has been accepted by the vendor and won't be fixed in the near future...

CVE-2024-28139

The CVE-2024-28139 issue involves the www-data user gaining root privileges because sudo is configured to permit the mount command to run as root without a password. This is a privilege escalation via sudo misconfiguration, not a flaw in a specific application feature. The current narrative acros...

CVE-2024-28139 Privilege escalation through sudo misconfiguration

The www-data user can elevate its privileges because sudo is configured to allow the execution of the mount command as root without a password. Therefore, the privileges can be escalated to the root user. The risk has been accepted by the vendor and won't be fixed in the near future...