CUPS: Local denial-of-service via cupsd.conf update and related issues

A flaw was found in cups. A user in group defined by SystemGroup directive in /etc/cups/cups-files.conf can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write...

EUVD-2010-3403

Malware in sbrugna...

EUVD-2010-3404

Malware in sbrugna...

PT-2025-46636

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel driver for mailbox communication on ZynqMP-IPI systems had an issue where it incorrectly identified SGI System Group Interrupt versus SPI System Peripheral Interrupt...

CVE-2024-6523

A vulnerability was found in ZKTeco BioTime up to 9.5.2. It has been classified as problematic. Affected is an unknown function of the component system-group-add Handler. The manipulation of the argument user with the input leads to cross site scripting. It is possible to launch the attack...

CVE-2024-6523

A vulnerability was found in ZKTeco BioTime up to 9.5.2. It has been classified as problematic. Affected is an unknown function of the component system-group-add Handler. The manipulation of the argument user with the input alert'XSS' leads to cross site scripting. It is possible to launch the...

ZKTeco BioTime Security Breach

ZKTeco BioTime is a powerful web-based time and attendance management software from the Chinese company ZKTeco. A security vulnerability exists in ZKTeco BioTime version 9.5.2 and earlier versions, which is caused by a cross-site scripting vulnerability in the user parameter of system-group-add...

Desdev DedeCMS 跨站请求伪造漏洞

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open source content management system CMS from China's Desdev Network Desdev. The system has content publishing, content management, content editing and content retrieval functions. A cross-site request forgery vulnerability...

SUSE CVE-2023-52643

In the Linux kernel, the following vulnerability has been resolved: iio: core: fix memleak in iiodeviceregistersysfs When iiodeviceregistersysfsgroup fails, we should free iiodevopaque-chanattrgroup.attrs to prevent potential memleak...

CVE-2023-47579

Relyum RELY-PCIe 22.2.1 devices suffer from a system group misconfiguration, allowing read access to the central password hash file of the operating system...

CVE-2023-47579

Relyum RELY-PCIe 22.2.1 devices suffer from a system group misconfiguration, allowing read access to the central password hash file of the operating system...

CVE-2023-47579

CVE-2023-47579 affects Relyum RELY-PCIe devices (version 22.2.1). The root cause is a system group misconfiguration that permits read access to the operating system’s central password hash file. Public sources in the connected documents consistently describe an information disclosure risk but do ...

Relyum RELY-PCIe Security Vulnerability

The Relyum RELY-PCIe is an intelligent pluggable board from Relyum Spain. A security vulnerability exists in Relyum RELY-PCIe version 22.2.1 that originates from a system group misconfiguration. An attacker could exploit the vulnerability to gain read access to the operating system's central...

PT-2023-30514 · Relyum · Rely-Pcie

Name of the Vulnerable Software and Affected Versions: Relyum RELY-PCIe version 22.2.1 Description: The issue is related to a system group misconfiguration in Relyum RELY-PCIe devices, which allows read access to the central password hash file of the operating system. Recommendations: For Relyum...

SUSE CVE-2009-0034

parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group aka %group in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command...

SUSE CVE-2016-3079

Multiple cross-site scripting XSS vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO to systems/SystemEntitlements.do; 2 the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a...

SUSE-SU-2017:2964-1 Security update for SUSE Manager Server 3.0

This update fixes the following issues: nutch: - Log Hadoop into proper log dir bsc1061574: change-default-log-location.patch salt-netapi-client: See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.13.0 spacecmd: - Configchannel export binary flag to json bsc1044719 spacewalk: - Suppo...

SUSE-SU-2017:1626-1 Security update for sudo

This update for sudo fixes the following security issue: - CVE-2017-1000368: A follow-up fix to CVE-2017-1000367, the Linux process name could also contain a newline, which could be used to trick sudo to read/write to an arbitrary open terminal. bsc1042146 Also the following non security bug was...

CVE-2016-3079

Multiple cross-site scripting XSS vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO to systems/SystemEntitlements.do; 2 the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a...

CVE-2016-3079

Multiple cross-site scripting XSS vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO to systems/SystemEntitlements.do; 2 the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a...