SUSE-SU-2026:0765-1 Security update for smc-tools

This update for smc-tools fixes the following issues: Update to version 1.8.7 jscPED-14601. Security issues fixed: - VUL-1: smc-tools: predictable /tmp file allows for local denial of service bsc1230052, bsc1258495. Other updates and bugfixes: - smcrnics: fix regression when PFT not available -...

Intego Log Reporter 安全漏洞

Intego Log Reporter is a log collection and analysis tool developed by Intego. There is a security vulnerability in Intego Log Reporter. This vulnerability stems from diagnostic scripts executed with root privileges, which fail to enforce secure directory handling when creating and writing files ...

CVE-2026-25512

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution RCE vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled...

CVE-2026-25512

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution RCE vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled...

CVE-2026-25512

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution RCE vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled...

CVE-2026-25512

CVE-2026-25512 affects Group-Office prior to versions 6.8.150, 25.0.82, and 26.0.5. The vulnerability is an authenticated remote code execution via the /email/message/tnefAttachmentFromTempFile endpoint, where the user-controlled parameter tmp_file is directly concatenated into an exec() call. In...

CVE-2026-25512 Group-Office is vulnerable to RCE due to Command Injection via TNEF Attachment Handler

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution RCE vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled...

CVE-2026-23065 platform/x86/amd: Fix memory leak in wbrf_record()

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: Fix memory leak in wbrfrecord The tmp buffer is allocated using kcalloc but is not freed if acpievaluatedsm fails. This causes a memory leak in the error path. Fix this by explicitly freeing the tmp buffer in th...

CVE-2026-23065

CVE-2026-23065 is a Linux kernel issue affecting the x86/amd platform where a tmp buffer allocated in wbrf_record() is leaked on error in acpi_evaluate_dsm(). The vulnerability’s root cause is a memory leak in the error path, fixed by explicitly freeing the tmp buffer in the error handling path o...

Linux Distros Unpatched Vulnerability : CVE-2026-23065

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - platform/x86/amd: Fix memory leak in wbrfrecord The tmp buffer is allocated using kcalloc but is not freed if acpievaluatedsm fails. This causes a memory leak i...

PT-2026-5652

Name of the Vulnerable Software and Affected Versions mlflow versions prior to 3.4.0 Description A flaw exists in mlflow version 2.20.3 where the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This allows an attacker with...

CVE-2026-24347 Arbitrary file write to /tmp directory in EZCast Pro II Dongle

Improper input validation in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to manipulate files in the /tmp directory...

PT-2026-4906

Name of the Vulnerable Software and Affected Versions EZCast Pro II version 1.17478.146 Description A flaw exists in the Admin UI that does not properly validate input. This allows attackers to manipulate files within the /tmp directory. Recommendations Update to a newer version that contains a f...

CVE-2026-23953 Incus container environment configuration newline injection

Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration e.g a member of the ‘incus’ group can create an environment variable containing newlines, which can be used to add additional...

CVE-2021-47871

Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the...

CVE-2021-47871

Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the...

CVE-2021-47871 Hestia Control Panel 1.3.2 - Arbitrary File Write

Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the...

CVE-2021-47871 Hestia Control Panel 1.3.2 - Arbitrary File Write

Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the...

PT-2026-3823

Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the...

MiracleLinux 3 : sysstat-7.0.2-11.0.1.AXS3 (AXSA:2011-321:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2011-321:01 advisory. This package provides the sar and iostat commands for Linux. Sar and iostat enable system monitoring of disk, network, and other IO activity. Security issues...