Lucene search
K

18 matches found

OPENSUSE Linux
OPENSUSE Linux
added 2026/01/27 12:0 a.m.7 views

Security update for php8 (moderate)

openSUSE security update: security update for php8 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20113-1 Rating: moderate References: bsc1255043 bsc1255710 bsc1255711 bsc1255712 Cross-References: CVE-2025-14177 CVE-2025-14178 CVE-2025-14180 CVSS...

8.3CVSS6AI score0.00573EPSS
Exploits4References4
OSV
OSV
added 2026/01/26 12:37 p.m.5 views

OPENSUSE-SU-2026:20113-1 Security update for php8

This update for php8 fixes the following issues: Version update to 8.4.16: Security fixes: - CVE-2025-14177: getimagesize function may leak uninitialized heap memory into the APPn segments when reading images in multi-chunk mode bsc1255710. - CVE-2025-14178: heap buffer overflow occurs in...

8.2CVSS6AI score0.00573EPSS
Exploits4References7
OSV
OSV
added 2026/01/26 12:36 p.m.3 views

SUSE-SU-2026:20146-1 Security update for php8

This update for php8 fixes the following issues: Version update to 8.4.16: Security fixes: - CVE-2025-14177: getimagesize function may leak uninitialized heap memory into the APPn segments when reading images in multi-chunk mode bsc1255710. - CVE-2025-14178: heap buffer overflow occurs in...

8.2CVSS6AI score0.00573EPSS
Exploits4References8
RedhatCVE
RedhatCVE
added 2025/11/07 7:58 p.m.4 views

CVE-2025-53880

A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list o...

8.7CVSS6.9AI score0.00264EPSS
Exploits0References1
NVD
NVD
added 2025/10/30 11:15 a.m.6 views

CVE-2025-53880

A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list o...

8.7CVSS0.00264EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/30 10:31 a.m.1 views

CVE-2025-53880 susemanager-tftpsync-recv allows arbitrary file creation and deletion due to path traversal

A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list o...

8.7CVSS6.6AI score0.00264EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/30 10:31 a.m.5 views

EUVD-2025-36998

A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list o...

8.7CVSS6.5AI score0.00264EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/30 10:31 a.m.8 views

CVE-2025-53880 susemanager-tftpsync-recv allows arbitrary file creation and deletion due to path traversal

A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list o...

8.7CVSS0.00264EPSS
Exploits0References1
CVE
CVE
added 2025/10/30 10:31 a.m.15 views

CVE-2025-53880

CVE-2025-53880 is a path-traversal vulnerability in the tftpsync/add and tftpsync/delete scripts. A remote attacker on an adjacent network can write or delete files on the filesystem with the wwwrun user’s privileges. The endpoint is unauthenticated but access is limited to a list of allowed IPs....

8.7CVSS6.5AI score0.00264EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.4 views

SUSE多款产品 安全漏洞

SUSE Manager and SUSE Manager Server are both products of SUSE Germany.SUSE Manager is a Linux server management system. The system provides automated software management, system configuration, and monitoring.SUSE Manager Server is an infrastructure management solution designed to simplify and...

8.7CVSS6.4AI score0.00264EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.5 views

PT-2025-44397

Name of the Vulnerable Software and Affected Versions tftpsync affected versions not specified Description A path traversal flaw exists in the tftpsync/add and tftpsync/delete scripts. A remote attacker on an adjacent network can potentially write or delete files on the filesystem with the...

8.7CVSS6.5AI score0.00264EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2025/10/29 12:24 a.m.4 views

SUSE CVE-2025-53880

A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list o...

8.8CVSS7AI score0.00264EPSS
Exploits0References7
CNVD
CNVD
added 2018/03/02 12:0 a.m.5 views

Micro Focus openSUSE NextCloud Elevation of Privilege Vulnerability

Micro Focus openSUSE is a Linux-based free operating system from Micro Focus in the U.K. NextCloud is a private cloud building software used in it. A security vulnerability exists in NextCloud in Micro Focus openSUSE, which stems from the program failing to securely use /srv/www/htdocs. During a...

9CVSS6.9AI score0.01202EPSS
Exploits0References1
OSV
OSV
added 2018/03/01 8:29 p.m.5 views

CVE-2017-9286

The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade...

8.8CVSS5.8AI score0.01202EPSS
Exploits0References3
NVD
NVD
added 2013/12/06 5:55 p.m.23 views

CVE-2013-1090

The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership for certain configuration files and directories including /etc/apache2/vhosts.d, which allows local wwwrun users to gain privileges via unspecified vectors...

7.2CVSS6.6AI score0.00394EPSS
Exploits0References2
Prion
Prion
added 2013/12/06 5:55 p.m.19 views

Buffer overflow

The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership for certain configuration files and directories including /etc/apache2/vhosts.d, which allows local wwwrun users to gain privileges via unspecified vectors...

7.2CVSS7.1AI score0.00394EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2013/12/06 5:0 p.m.22 views

CVE-2013-1090

The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership for certain configuration files and directories including /etc/apache2/vhosts.d, which allows local wwwrun users to gain privileges via unspecified vectors...

6.6AI score0.00394EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2013/12/06 5:0 p.m.26 views

CVE-2013-1090

The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership for certain configuration files and directories including /etc/apache2/vhosts.d, which allows local wwwrun users to gain privileges via unspecified vectors...

7.2CVSS6.5AI score0.00394EPSS
Exploits0
Rows per page
Query Builder