18 matches found
Security update for php8 (moderate)
openSUSE security update: security update for php8 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20113-1 Rating: moderate References: bsc1255043 bsc1255710 bsc1255711 bsc1255712 Cross-References: CVE-2025-14177 CVE-2025-14178 CVE-2025-14180 CVSS...
OPENSUSE-SU-2026:20113-1 Security update for php8
This update for php8 fixes the following issues: Version update to 8.4.16: Security fixes: - CVE-2025-14177: getimagesize function may leak uninitialized heap memory into the APPn segments when reading images in multi-chunk mode bsc1255710. - CVE-2025-14178: heap buffer overflow occurs in...
SUSE-SU-2026:20146-1 Security update for php8
This update for php8 fixes the following issues: Version update to 8.4.16: Security fixes: - CVE-2025-14177: getimagesize function may leak uninitialized heap memory into the APPn segments when reading images in multi-chunk mode bsc1255710. - CVE-2025-14178: heap buffer overflow occurs in...
CVE-2025-53880
A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list o...
CVE-2025-53880
A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list o...
CVE-2025-53880 susemanager-tftpsync-recv allows arbitrary file creation and deletion due to path traversal
A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list o...
EUVD-2025-36998
A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list o...
CVE-2025-53880 susemanager-tftpsync-recv allows arbitrary file creation and deletion due to path traversal
A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list o...
CVE-2025-53880
CVE-2025-53880 is a path-traversal vulnerability in the tftpsync/add and tftpsync/delete scripts. A remote attacker on an adjacent network can write or delete files on the filesystem with the wwwrun user’s privileges. The endpoint is unauthenticated but access is limited to a list of allowed IPs....
SUSE多款产品 安全漏洞
SUSE Manager and SUSE Manager Server are both products of SUSE Germany.SUSE Manager is a Linux server management system. The system provides automated software management, system configuration, and monitoring.SUSE Manager Server is an infrastructure management solution designed to simplify and...
PT-2025-44397
Name of the Vulnerable Software and Affected Versions tftpsync affected versions not specified Description A path traversal flaw exists in the tftpsync/add and tftpsync/delete scripts. A remote attacker on an adjacent network can potentially write or delete files on the filesystem with the...
SUSE CVE-2025-53880
A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list o...
Micro Focus openSUSE NextCloud Elevation of Privilege Vulnerability
Micro Focus openSUSE is a Linux-based free operating system from Micro Focus in the U.K. NextCloud is a private cloud building software used in it. A security vulnerability exists in NextCloud in Micro Focus openSUSE, which stems from the program failing to securely use /srv/www/htdocs. During a...
CVE-2017-9286
The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade...
CVE-2013-1090
The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership for certain configuration files and directories including /etc/apache2/vhosts.d, which allows local wwwrun users to gain privileges via unspecified vectors...
Buffer overflow
The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership for certain configuration files and directories including /etc/apache2/vhosts.d, which allows local wwwrun users to gain privileges via unspecified vectors...
CVE-2013-1090
The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership for certain configuration files and directories including /etc/apache2/vhosts.d, which allows local wwwrun users to gain privileges via unspecified vectors...
CVE-2013-1090
The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership for certain configuration files and directories including /etc/apache2/vhosts.d, which allows local wwwrun users to gain privileges via unspecified vectors...