grub2 security update

2.12-29.0.1.el101.2 - efinet: Close and reopen card on failure Orabug: 37808688 - Update grub2 dependencies to match new Secure Boot certificate chain of trust Orabug: 37766761 - Fix typo in SBAT metadata Orabug: 37693946 - Allow installation of grub2 only with shim-aa64 that allows booting it...

Oracle Linux 9 : python3.9 (ELSA-2025-23342)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-23342 advisory. 3.9.25-2.0.1 - Remove upstream URL reference 3.9.25-2 - Move sysconfigdatadlinux.py to the debug subpackage 3.9.25-1 - Update to Python 3.9.25 3.9.24-...

CVE-2025-65233

Reflected cross-site scripting XSS in SLiMS slims9bulian before 9.6.0 via improper handling of $SERVER'PHPSELF' in index.php/sysconfig.inc.php, which allows remote attackers to execute arbitrary JavaScript in a victim's browser by supplying a crafted URL path...

CVE-2025-65233

CVE-2025-65233 affects SLiMS (slims9_bulian) prior to 9.6.0. The vulnerability is a reflected XSS in index.php/sysconfig.inc.php caused by improper handling of $_SERVER['PHP_SELF'], allowing remote attackers to trigger arbitrary JavaScript in victims’ browsers via a crafted URL path. Data in conn...

EUVD-2011-4125

Malware in sbrugna...

Chanjet CRM 注入漏洞

Chanjet CRM is a customer relationship management system from China's Chanjet company. An injection vulnerability exists in Chanjet CRM version 1.0, which is caused by incorrect manipulation of the parameter gblOrgID in the file /sysconfig/departmentsetting.php, resulting in SQL injection...

Do Not Configure the Encryption Algorithm Overwriting Policy for the SSH Service

The configuration files of the SSH encryption algorithms are /etc/ssh/sshdconfig and /etc/sysconfig/sshd. When the SSH service is running, you can edit the /etc/sysconfig/sshd file to overwrite the encryption algorithm policy. If the encryption algorithm overwriting policy is configured, users ar...

PT-2025-19693 · Opensuse · Etcd

This update for etcd fixes the following issues: Security Update to version 3.5.18: Ensure all goroutines created by StartEtcd to exit before closing the errc mvcc: restore tombstone index if it's first revision Bump go toolchain to 1.22.11 Avoid deadlock in etcd.Close when stopping during...

CVE-2025-0484

A vulnerability was found in Fanli2012 native-php-cms 1.0 and classified as critical. This issue affects some unknown processing of the file /fladmin/sysconfigdoedit.php of the component Backend. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit h...

PT-2025-3914 · Fanli2012 · Native-Php-Cms

Name of the Vulnerable Software and Affected Versions: Fanli2012 native-php-cms version 1.0 Description: A critical issue affects the processing of the file /fladmin/sysconfig doedit.php in the Backend component, leading to improper authorization. The attack can be initiated remotely...

native-php-cms 安全漏洞

native-php-cms is a website builder system for FLi individual developers. A security vulnerability exists in version 1.0 of native-php-cms, which stems from the parameter info in the file /fladmin/sysconfigdoedit.php that can lead to cross-site scripting attacks...

native-php-cms 安全漏洞

native-php-cms is a website builder system for FLi individual developers. A security vulnerability exists in native-php-cms version 1.0, which originates from improper authorization in the file /fladmin/sysconfigdoedit.php in the Backend component...

CVE-2024-55516

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 v3.90. The component affected by this issue is /uploadsysconfig.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissio...

SUSE-SU-2024:3266-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: golang-github-prometheus-prometheus: - Security issues fixed: CVE-2024-6104: Update go-retryablehttp to version 0.7.7 bsc1227038 CVE-2023-45142: Updated otelhttp to version 0.46.1 bsc1228556 - Require Go 1.20 for building - Migrate from disabled to manual...

OPENSUSE-SU-2024:10310-1 sysconfig-0.84.0-2.1 on GA media

These are all security issues fixed in the sysconfig-0.84.0-2.1 package on the GA media of openSUSE Tumbleweed...

Updated docker packages fix security vulnerabilities and bugs

This update fixes several security issues and also solves some other issues - manage change of launch option earlier in post process - Automatically convert -g option to --data-root in installed /etc/sysconfig/docker-storage - Fix CVE-2023-26054 and CVE-2023-28840-2...

SUSE CVE-2016-6325

The Tomcat package on Red Hat Enterprise Linux RHEL 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for 1 /etc/sysconfig/tomcat and 2 /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group...

CLSA-2023-1689701064 Fix CVE(s): CVE-2021-3737

SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-3737.patch: Fix http client infinite line reading DoS after a HTTP 100 continue in Lib/httplib.py, Lib/test/testhttplib.py. - CVE-2021-3737 take building tests into account, fix failed tests - debian/patches/expat-regression.patch: fix...

SUSE CVE-2011-4182

Missing escaping of ESSID values in sysconfig of SUSE Linux Enterprise allows attackers controlling an access point to cause execute arbitrary code. Affected releases are sysconfig prior to 0.83.7-2.1...

SUSE CVE-2018-14722

An issue was discovered in evaluateautomountpoint in btrfsmaintenance-functions in btrfsmaintenance through 0.4.1. Code execution as root can occur via a specially crafted filesystem label if btrfs-scrub,balance,trim are set to auto in /etc/sysconfig/btrfsmaintenance this is not the default, thou...