23 matches found
Astra Linux - уязвимость в cloud-init
In cloud-init through 25.1.2, the systemd socket unit cloud-init-hotplugd.socket is included, with a default SocketMode of 0666, allowing world-write permissions. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. A non-privileged user can trigger hotplug-hook commands...
EulerOS 2.0 SP11 : cloud-init (EulerOS-SA-2025-2221)
According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this,cloud-init defau...
EUVD-2023-57909
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-5616
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for...
Linux Distros Unpatched Vulnerability : CVE-2024-11584
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it...
Azure Linux 3.0 Security Update: cloud-init (CVE-2024-11584)
The version of cloud-init installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-11584 advisory. - cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default...
cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands.
...
SUSE CVE-2024-11584
cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands...
CVE-2024-11584
cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands...
UBUNTU-CVE-2024-11584
cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands...
CVE-2024-11584
CVE-2024-11584 affects cloud-init up to 25.1.2 where the systemd socket unit cloud-init-hotplugd.socket uses 0666 permissions, making the /run/cloud-init/hook-hotplug-cmd FIFO world-writable. This enables an unprivileged user to trigger hotplug-hook commands. The connected Nessus advisories confi...
CVE-2024-11584
cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands...
CVE-2023-5616
A flaw was found in the GNOME Control Center. This vulnerability allows the SSH service to be improperly enabled without properly managing systemd units, which could unintentionally expose remote login access through insecure service activation management. Mitigation Mitigation for this issue is...
CVE-2023-5616
In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user...
CVE-2023-5616
In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user...
CVE-2023-5616
In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user...
CVE-2023-5616
In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user...
USN-6554-1 gnome-control-center vulnerability
Zygmunt Krynicki discovered that GNOME Settings did not accurately reflect the SSH remote login status when the system was configured to use systemd socket activation for OpenSSH. Remote SSH access may be unknowingly enabled, contrary to expectation...
UBUNTU-CVE-2023-5616
In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user...
CVE-2023-5616
In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user...