26 matches found
SUSE-SU-2026:22069-1 Security update for rpcbind
This update for rpcbind fixes the following issues Update to rpcbind 1.2.9: Security issue: - Fix several memory leaks and buffer overflows bsc1267212. Non security issue: - rpcbind fails to start tumbleweed snapshot 20181120 bsc1117217. Changes: rpcinfo: stack buffer overflow in rpcinfo...
CVE-2026-31979
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the task...
CVE-2026-31979
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the task...
CVE-2026-31979 himmelblaud-tasks: local privilege escalation via /tmp symlink attack on Kerberos ccache
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the task...
CVE-2026-31979 himmelblaud-tasks: local privilege escalation via /tmp symlink attack on Kerberos ccache
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the task...
CVE-2026-31979
CVE-2026-31979 affects Himmelblau’s daemon (himmelblaud-tasks) running as root. The issue arises prior to 3.1.0 and 2.3.8 where the daemon writes Kerberos cache files under /tmp/krb5cc_ without symlink protections, and after commit 87a51ee PrivateTmp was removed from the systemd hardening, exposi...
PT-2026-24809
Name of the Vulnerable Software and Affected Versions Himmelblau versions prior to 3.1.0 Himmelblau versions prior to 2.3.8 Description Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. The himmelblaud-tasks daemon, running as root, writes Kerberos cache files under...
Fedora: Security Advisory (FEDORA-2026-63f333201f)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2024:4416-1 Security update for vhostmd
This update for vhostmd fixes the following issues: Updated to version 1.2 - Fix actions using the 'free' command - Fix buffer accounting when generating metric XML - Change actions to retrieve vendor and product info - Add a 'unit' attribute to the metrics element - vif-stats.py: convert to...
PT-2024-41360 · Opensuse +1 · Vhostmd
Name of the Vulnerable Software and Affected Versions: vhostmd versions prior to 1.2 Description: This update for vhostmd addresses issues including fixes for actions using the 'free' command, buffer accounting when generating metric XML, and the 'VirtualizationVendor' action to strip URLs. It al...
Security update for etcd
This update for etcd fixes the following issues: Update to version 3.5.12: Security fixes: CVE-2018-16873: Fixed remote command execution in cmd/go bsc1118897 CVE-2018-16874: Fixed directory traversal in cmd/go bsc1118898 CVE-2018-16875: Fixed CPU denial of service in crypto/x509 bsc1118899...
SUSE CVE-2021-41281
Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. T...
SUSE: Security Advisory (SUSE-SU-2023:0075-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OPENSUSE-SU-2023:0001-1 Security update for minetest
This update for minetest fixes the following issues: Update to version 5.6.0 Fix CVE-2022-35978 boo1202423 : Mod scripts can escape sandbox in single player mode name in game.conf is deprecated for the game title, use title instead Add depth sorting for node faces Various bug fixes Full changes:...
SUSE-SU-2022:3914-1 Security update for vsftpd
This update for vsftpd fixes the following issues: Bugfixes: - Removed unsupported systemd hardening options bsc1196918...
PT-2022-37527 · Vsftpd · Vsftpd
Name of the Vulnerable Software and Affected Versions: vsftpd affected versions not specified Description: The issue concerns the removal of unsupported systemd hardening options. No information is provided about the estimated number of potentially affected devices or real-world incidents where...
PT-2022-37528 · Vsftpd · Vsftpd
Name of the Vulnerable Software and Affected Versions: vsftpd affected versions not specified Description: The issue concerns the removal of unsupported systemd hardening options. No information is provided about the estimated number of potentially affected devices worldwide or real-world inciden...
SUSE-SU-2022:3457-1 Security update for vsftpd
This update for vsftpd fixes the following issues: - CVE-2021-3618: Enforced security checks against ALPACA attack PM-3322, jscSLE-23896, bsc1187686, bsc1187678. - Added hardening to systemd services bsc1181400. Bugfixes: - Fixed a seccomp failure in FIPS mode when SSL was enabled bsc1052900. -...
SUSE-SU-2022:2139-1 Security update for golang-github-prometheus-alertmanager
This update for golang-github-prometheus-alertmanager fixes the following issues: Update golang-github-prometheus-alertmanager from version 0.21.0 to version 0.23.0 bsc1196338, jscSLE-24077 - CVE-2022-21698: Denial of service using InstrumentHandlerCounter - Update vendor tarball with...
SUSE-SU-2022:2134-1 Security update for SUSE Manager Client Tools
This update fixes the following issues: golang-github-QubitProducts-exporterexporter: - Adapted to build on Enterprise Linux. - Fix build for RedHat 7 - Require Go = 1.14 also for CentOS - Add support for CentOS - Replace %?systemdrequires with %?systemdordering...