SUSE-SU-2026:21336-1 Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-31.1 fixes various security issues The following security issues were fixed: - CVE-2025-40309: Bluetooth: SCO: Fix UAF on scoconnfree bsc1255066. - CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management...

SUSE-SU-2026:21325-1 Security update for the Linux Kernel RT (Live Patch 10 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-34.1 fixes various security issues The following security issues were fixed: - CVE-2025-40309: Bluetooth: SCO: Fix UAF on scoconnfree bsc1255066. - CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management...

CVE-2026-4253 Tenda AC8 Web UploadCfg route_set_user_policy_rule os command injection

A security flaw has been discovered in Tenda AC8 16.03.50.11. This affects the function routesetuserpolicyrule of the file /cgi-bin/UploadCfg of the component Web Interface. The manipulation of the argument wans.policy.list1 results in os command injection. It is possible to launch the attack...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000959)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000959 advisory. A missing authorization check in the fscryptprocesspolicy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel befor...

EUVD-2017-17854

Malware in sbrugna...

EUVD-1999-1339

Malware in sbrugna...

Ensure That All Groups Exist in /etc/passwd

All user groups in /etc/passwd must exist in the /etc/group file. If the administrator manually modifies the two files, the user groups may be incorrectly set due to human errors. If a user group in /etc/passwd does not exist in /etc/group, risks of user group permission management may occur...

The 5-Question Test to Assess Your Readiness to Manage Insider Threats

An insider threat is a cyber security risk that originates from within any organization that is being targeted by attackers. Often, insider threats involve a current or former employee, or business associate, who has access to sensitive information or privileged accounts, and who misuses this...

CVE-2021-43858

MinIO is a Kubernetes native application for cloud storage. Prior to version RELEASE.2021-12-27T07-23-18Z, a malicious client can hand-craft an HTTP API call that allows for updating policy for a user and gaining higher privileges. The patch in version RELEASE.2021-12-27T07-23-18Z changes the...

Design/Logic Flaw

MinIO is a Kubernetes native application for cloud storage. Prior to version RELEASE.2021-12-27T07-23-18Z, a malicious client can hand-craft an HTTP API call that allows for updating policy for a user and gaining higher privileges. The patch in version RELEASE.2021-12-27T07-23-18Z changes the...

Cannot Connect Session Previously Disconnected From Receiver Linux

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company's Help Desk/IT support team and can refer to CTX297149 for more information. When the user tries to reconnect the session that was previously disconnected for Linux from Citrix...

Synology MailPlus Server Cross-Site Scripting Vulnerability

Synology MailPlus Server is a mail server solution for businesses. A cross-site scripting vulnerability exists in the User Policy editor in Synology MailPlus Server. A remote authenticated user can exploit the vulnerability to inject arbitrary HTML via the name parameter...

CVE-2017-16768

Cross-site scripting XSS vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter...

CVE-2017-16768

Cross-site scripting XSS vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter...

CVE-2017-16768

Cross-site scripting XSS vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter...

CVE-2017-6747

A vulnerability in the authentication module of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to bypass local authentication. The vulnerability is due to improper handling of authentication requests and policy assignment for externally authenticated users. An...

CVE-2017-11600

net/xfrm/xfrmpolicy.c in the Linux kernel through 4.12.3, when CONFIGXFRMMIGRATE is enabled, does not ensure that the dir value of xfrmuserpolicyid is XFRMPOLICYMAX or less, which allows local users to cause a denial of service out-of-bounds access or possibly have unspecified other impact via an...

CVE-2017-8914

sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694...

nt.system.policies.txt

Date: Wed, 3 Feb 1999 22:41:52 -0000 From: mnemonix To: [email protected] Subject: Inherent weaknesses in NT system policies There are certain key vulnerabilities in NT's System Policies that allow most restrictions to be by-passed. For instance, although Registry Editing tools can be disabled...