82 matches found
Astra Linux - уязвимость в systemd
Before version 247, systemd does not properly prevent local privilege escalation for certain Sudo configurations. For example, plausible sudoers files may allow the execution of the “systemctl status” command. Specifically, systemd does not set LESSSECURE to 1, allowing other programs to be...
SUSE SLES16 : Security update of open-vm-tools (SUSE-SU-2026:20100-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:20100-1 advisory. Update to open-vm-tools 13.0.5 based on build 24915695. boo1250692: Please refer to the Release Notes at...
SUSE-SU-2026:20100-1 Security update of open-vm-tools
This update for open-vm-tools fixes the following issues: Update to open-vm-tools 13.0.5 based on build 24915695. boo1250692: Please refer to the Release Notes at https://github.com/vmware/open-vm-tools/blob/stable-13.0.5/ReleaseNotes.md. The granular changes that have gone into the open-vm-tools...
SUSE-SU-2026:20114-1 Security update of open-vm-tools
This update for open-vm-tools fixes the following issues: Update to open-vm-tools 13.0.5 based on build 24915695. boo1250692: Please refer to the Release Notes at https://github.com/vmware/open-vm-tools/blob/stable-13.0.5/ReleaseNotes.md. The granular changes that have gone into the open-vm-tools...
Security update for open-vm-tools
This update for open-vm-tools fixes the following issues: Update to open-vm-tools 13.0.5 based on build 24915695. bsc1250692: Please refer to the Release Notes at: https://github.com/vmware/open-vm-tools/blob/stable-13.0.5/ReleaseNotes.md. The granular changes that have gone into the open-vm-tool...
SUSE-SU-2025:20853-1 Security update for open-vm-tools
This update for open-vm-tools fixes the following issues: Update to open-vm-tools 13.0.5 based on build 24915695. bsc1250692: Please refer to the Release Notes at https://github.com/vmware/open-vm-tools/blob/stable-13.0.5/ReleaseNotes.md. The granular changes that have gone into the open-vm-tools...
CVE-2021-35064
KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits running of multiple dangerous commands, including unzip, systemctl and dpkg...
Security update for SUSE Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: Security fixes on Python 3.11 interpreter: CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes bsc1229873, bsc1230059 CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path...
USN-6851-2: Netplan regression | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description USN-6851-1 fixed vulnerabilities in Netplan. The update lead to the discovery of a regression in netplan which caused systemctl enable to fail on systems where systemd is not running. This update fixes t...
CVE-2024-3019
A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be...
CVE-2021-47119
In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leak in ext4fillsuper Buffer head references must be released before calling killbdev; otherwise the buffer head and its page referenced by bdata will not be freed by killbdev, and subsequently that bh will be...
systemd: privilege escalation via the less pager
A vulnerability was found in the systemd package. The systemd package does not adequately block local privilege escalation for some sudo configurations, for example, plausible sudoers files, in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to ...
Oracle Linux 7 : polkit (ELSA-2019-2046)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-2046 advisory. - Mitigation of regression caused by fix of CVE-2018-19788 - Fix of CVE-2019-6133, PID reuse via slow fork - Fix of CVE-2018-19788, priv escalation with high UI...
systemd: privilege escalation via the less pager
A vulnerability was found in the systemd package. The systemd package does not adequately block local privilege escalation for some sudo configurations, for example, plausible sudoers files, in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to ...
ipset bug fix and enhancement advisory
An update is available for ipset. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The ipset packages provide the ipset utility and the ipset service to manage IP...
OESA-2023-1167 systemd security update
systemd is a system and service manager that runs as PID 1 and starts the rest of the system. Security Fixes: systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed...
systemd before 247 does not adequately block local privilege escalation for some Sudo configurations e.g. plausible sudoers files in which the "systemctl status" command may be executed. Specifically systemd does not set LESSSECURE to 1 and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo because less executes as root when the terminal size is too small to show the complete systemctl output.
...
Privilege Escalation
systemd is vulnerable to Privilege Escalation. The vulnerability occurs because systemd does not set 'LESSSECURE' to 1 and due to this programs can be launched from the less program without privileges. This can be exploited when running systemctl from Sudo, since less executes as root when the...
SUSE CVE-2023-26604
systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less...
CVE-2023-26604
A vulnerability was found in the systemd package. The systemd package does not adequately block local privilege escalation for some Sudo configurations, for example, plausible sudoers files, in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to ...