EUVD-2024-43211

Malicious code in bioql PyPI...

Security update for proftpd

This update for proftpd fixes the following issues: CVE-2024-57392: Fixed null pointer dereference vulnerability by sending a maliciously crafted message bsc1238143. CVE-2024-48651: Fixed supplemental group inheritance granting unintended access to GID 0 bsc1238141. Patch Instructions: To install...

MGASA-2025-0015 Updated proftpd packages fix security vulnerability

In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from modsql. CVE-2024-48651...

CVE-2024-48651

In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from modsql...

ProFTPD 安全漏洞

ProFTPD is the ProFTPD open source suite of highly configurable, open source FTP server software. A security vulnerability exists in ProFTPD version 1.3.8b, which stems from the lack of a supplemental group from modsql, which inherits an unexpected access grant to GID 0...

CVE-2024-48651

In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from modsql...

containerd 安全漏洞

containerd is an industry-standard container runtime open-sourced by containerd. A security vulnerability exists in containerd version 1.6.x prior to 1.6.18 and version 1.5.x prior to 1.5.18. The vulnerability stems from a supplemental group that is not properly set up within a container, and an...

Podman 安全漏洞

Podman is an engine for developing, managing and running OCI containers on Linux systems. A security vulnerability exists in the Podman container engine, which stems from the fact that if an attacker has direct access to an affected container where a supplemental group is used to set access right...

Moby 安全漏洞

Moby is an open source project of Moby Open Source. It aims to drive containerization of software and help the ecosystem mainstream container technology. A security vulnerability exists in versions prior to Moby 20.10.18 that stems from incorrect supplemental group settings. An attacker could use...

Privilege Escalation

qemu-kvm is vulnerable to privilege escalation. It was found that qemu-kvm did not properly drop supplemental group privileges when the root user started guests from the command line "/usr/libexec/qemu-kvm" with the "-runas" option. A qemu-kvm process started this way could use this flaw to gain...

Ubuntu: Security Advisory (USN-2517-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2515-1)

A flaw was discovered in the Kernel Virtual Machine's KVM emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS crash or potentially gain privileges on the guest OS...

Ubuntu 14.10 : linux vulnerabilities (USN-2518-1)

A flaw was discovered in the Kernel Virtual Machine's KVM emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS crash or potentially gain privileges on the guest OS...

USN-2518-1: Linux kernel vulnerabilities

A flaw was discovered in the Kernel Virtual Machine's KVM emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS crash or potentially gain privileges on the guest OS...

USN-2516-1: Linux kernel vulnerabilities

A flaw was discovered in the Kernel Virtual Machine's KVM emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS crash or potentially gain privileges on the guest OS...

USN-2515-1: Linux kernel (Trusty HWE) vulnerabilities

A flaw was discovered in the Kernel Virtual Machine's KVM emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS crash or potentially gain privileges on the guest OS...

Important: Red Hat Security Advisory: : LPRng fails to drop supplemental group membership

When LPRng drops uid and gid, it fails to drop membership in its supplemental groups. LPRng fails to drop supplemental group membership at init time, though it does properly setuid and setgid. The result is that LPRng, and its children, maintain any supplemental groups that the process starting...