1678 matches found
PT-2026-29378
The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and...
Capgo CLI: symlink-following local secret writes enable arbitrary file overwrite + world-readable credentials (0600 missing)
Summary The Capgo CLI writes sensitive local files .capgo API key file and build credentials JSON using unsafe file operations that follow symlinks and do not enforce safe permissions. This allows an attacker-controlled repository to cause arbitrary file overwrite on the developer’s machine when...
EulerOS Virtualization 2.12.0 : libvirt (EulerOS-SA-2026-1527)
According to the versions of the libvirt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was perform...
EulerOS Virtualization 2.12.1 : libvirt (EulerOS-SA-2026-1470)
According to the versions of the libvirt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was perform...
CVE-2026-29128
IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components e.g., zebra, bgpd, ospfd, and ripd that are owned by root but world-readable. The configuration files e.g., zebra.conf, bgpd.conf, ospfd.conf, ripd.conf contain hardcoded or otherwise...
CVE-2026-30785
RustDesk Client (through version 1.4.5) is affected by CVE-2026-30785 due to a vulnerability described as Prototype Pollution and weak password hashing in the password_security, config, and machine-uid-related code paths (hbb_common and related modules). The issue can allow Retrieve Embedded Sens...
EUVD-2026-9789
IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components e.g., zebra, bgpd, ospfd, and ripd that are owned by root but world-readable. The configuration files e.g., zebra.conf, bgpd.conf, ospfd.conf, ripd.conf contain hardcoded or otherwise...
CVE-2026-29128
IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components e.g., zebra, bgpd, ospfd, and ripd that are owned by root but world-readable. The configuration files e.g., zebra.conf, bgpd.conf, ospfd.conf, ripd.conf contain hardcoded or otherwise...
CVE-2026-29128
IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components e.g., zebra, bgpd, ospfd, and ripd that are owned by root but world-readable. The configuration files e.g., zebra.conf, bgpd.conf, ospfd.conf, ripd.conf contain hardcoded or otherwise...
CVE-2026-29128 IDC SFX2100 Satellite Receiver bgpd/ospfd/ripd/zebra Config Credential Disclosure via World-Readable Files
IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components e.g., zebra, bgpd, ospfd, and ripd that are owned by root but world-readable. The configuration files e.g., zebra.conf, bgpd.conf, ospfd.conf, ripd.conf contain hardcoded or otherwise...
CVE-2026-29128 IDC SFX2100 Satellite Receiver bgpd/ospfd/ripd/zebra Config Credential Disclosure via World-Readable Files
IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components e.g., zebra, bgpd, ospfd, and ripd that are owned by root but world-readable. The configuration files e.g., zebra.conf, bgpd.conf, ospfd.conf, ripd.conf contain hardcoded or otherwise...
CVE-2026-29128
The CVE-2026-29128 entry affects IDC SFX2100 Satellite Receiver firmware. Daemon configuration files (zebra.conf, bgpd.conf, ospfd.conf, ripd.conf) are owned by root but world-readable, containing hardcoded or insecure plaintext passwords (including enable/privileged credentials). A remote attack...
PT-2026-23134
Name of the Vulnerable Software and Affected Versions IDC SFX2100 Satellite Receiver affected versions not specified Description The IDC SFX2100 Satellite Receiver firmware includes daemon configuration files zebra, bgpd, ospfd, and ripd owned by root but accessible to all users. These files...
CVE-2026-25137
The NixOs Odoo package is an open source ERP and CRM system. From 21.11 to before 25.11 and 26.05, every NixOS based Odoo setup publicly exposes the database manager without any authentication. This allows unauthorized actors to delete and download the entire database, including Odoos file store...
PT-2026-5726
Name of the Vulnerable Software and Affected Versions Odoo versions 21.11 through 25.10 Odoo versions 26.05 Description The NixOS Odoo package, an open source ERP and CRM system, exposes the database manager without authentication. This allows unauthorized actors to delete and download the entire...
Azure Linux 3.0 Security Update: rpm-ostree (CVE-2024-2905)
The version of rpm-ostree installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-2905 advisory. - A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in...
MiracleLinux 8 : rear-2.6-11.el8_9.ML.1 (AXSA:2024-7666:06)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-7666:06 advisory. rear: creates a world-readable initrd CVE-2024-23301 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...
MiracleLinux 9 : rpm-ostree-2024.3-3.el9_4 (AXSA:2024-8423:04)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8423:04 advisory. rpm-ostree: world-readable /etc/shadow file 9.4.z JIRA:RHEL-31852 CVE-2024-2905 A security vulnerability has been discovered within rpm-ostree, pertaining to...
MiracleLinux 9 : rear-2.6-21.el9_3.ML.1 (AXSA:2024-7585:02)
The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-7585:02 advisory. rear: creates a world-readable initrd CVE-2024-23301 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...
MiracleLinux 8 : dotnet3.1-3.1.118-1.el8.ML.1 (AXSA:2021-2354:08)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2354:08 advisory. dotnet: ASP.NET Core WebSocket frame processing DoS CVE-2021-26423 dotnet: Dump file created world-readable CVE-2021-34485 dotnet: ASP.NET Core JWT...