SUSE-SU-2025:20844-1 Security update for aaa_base

This update for aaabase fixes the following issues: Update to version 84.87+git20240906.742565b: yama-enable-ptrace: enforce changed behavior upon installation bsc1221763 Avoid unnecessary /bin/bash dependency sysctl: Fixup of not setting kernel.pidmax on 32b archs bsc1227117 Update to version...

EUVD-2019-6326

Malware in sbrugna...

CVE-2019-15325

In GalliumOS 3.0, CONFIGSECURITYYAMA is disabled but /etc/sysctl.d/10-ptrace.conf tries to set /proc/sys/kernel/yama/ptracescope to 1, which might increase risk because of the appearance that a protection mechanism is present when actually it is not...

OESA-2025-1178 elfutils security update

Elfutils is a collection of utilities, including stack to show backtraces, nm for listing symbols from object files, size for listing the section sizes of an object or archive file, strip for discarding symbols, readelf to see the raw ELF file structures, elflint to check for well-formed ELF file...

OESA-2025-1177 elfutils security update

Elfutils is a collection of utilities, including stack to show backtraces, nm for listing symbols from object files, size for listing the section sizes of an object or archive file, strip for discarding symbols, readelf to see the raw ELF file structures, elflint to check for well-formed ELF file...

OESA-2023-1445 elfutils security update

Elfutils is a collection of utilities, including stack to show backtraces, nm for listing symbols from object files, size for listing the section sizes of an object or archive file, strip for discarding symbols, elflint to check for well-formed ELF files and elfcompress to compress or decompress...

org.apache.struts:struts2-assembly (>=2.3.1.1 <=2.3.28.1), org.apache.struts:struts2-rest-showcase (>=2.3.1.1 <=2.3.28.1) +2 more potentially affected by CVE-2016-4438 via org.apache.struts:struts2-rest-plugin (>=2.3.1.1 <=2.3.28.1)

org.apache.struts:struts2-rest-plugin MAVEN version =2.3.1.1, =2.3.1.1, =2.3.1.1, =1.0, =1.0.1 - org.meruvian.yama:yama-struts-core =1.0.1 Source cves: CVE-2016-4438 Source advisory: OSV:GHSA-4PRJ-VW9J-V6PR...

yama-rin.jp Cross Site Scripting vulnerability OBB-2560828

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2010-3843

The GTK version of ettercap uses a global settings file at /tmp/.ettercapgtk and does not verify ownership of this file. When parsing this file for settings in gtkuiconfread src/interfacesgtk/ecgtkconf.c, an unchecked sscanf call allows a maliciously placed settings file to overflow a...

GHSA-FW5Q-J9P4-3VXG Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0

baserCMS 4.4.0 and earlier is affected by Cross Site Scripting XSS. Impact: XSS via Arbitrary script execution. Components are: Blog comment posting Tested baserCMS Version : 4.4.0 Latest Affected baserCMS Version : 4.0.0 4.4.0 Patches : https://basercms.net/security/20201029 Found by yama...

Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0

baserCMS 4.4.0 and earlier is affected by Cross Site Scripting XSS. Impact: XSS via Arbitrary script execution. Components are: Blog comment posting Tested baserCMS Version : 4.4.0 Latest Affected baserCMS Version : 4.0.0 4.4.0 Patches : https://basercms.net/security/20201029 Found by yama...

CVE-2011-3618

atop: symlink attack possible due to insecure tempfile handling...

ptrace Sudo Token Privilege Escalation Exploit

This Metasploit module attempts to gain root privileges by blindly injecting into the session user's running shell processes and executing commands by calling system, in the hope that the process has valid cached sudo tokens with root privileges. The system must have gdb installed and permit...

ptrace Sudo Token Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ptrace Sudo Token Privilege Escalation', 'Description' = %q This module attempts to gain root privileges by blindly injecting into the session...

CVE-2019-15325

In GalliumOS 3.0, CONFIGSECURITYYAMA is disabled but /etc/sysctl.d/10-ptrace.conf tries to set /proc/sys/kernel/yama/ptracescope to 1, which might increase risk because of the appearance that a protection mechanism is present when actually it is not...

ptrace Sudo Token Privilege Escalation

This module attempts to gain root privileges by blindly injecting into the session user's running shell processes and executing commands by calling system, in the hope that the process has valid cached sudo tokens with root privileges. The system must have gdb installed and permit ptrace. This...

org.apache.struts:struts2-assembly (>=2.2.1 <=2.3.33), org.apache.struts:struts2-rest-showcase (>=2.1.2 <=2.3.33) +5 more potentially affected by CVE-2017-9805 via org.apache.struts:struts2-rest-plugin (>=2.1.2 <=2.3.33)

org.apache.struts:struts2-rest-plugin MAVEN version =2.1.2, =2.2.1, =2.1.2, =2.0-RC2.3, =1.0, =1.0.1 - org.meruvian.yama:yama-struts-core =1.0.1 Source cves: CVE-2017-9805 Source advisory: OSV:GHSA-GG9M-FJ3V-R58C...

Ubuntu 10.04 LTS / 12.04 LTS : openjdk-6 vulnerabilities (USN-2191-1)

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452,...

Ubuntu 14.04 LTS : OpenJDK 7 vulnerabilities (USN-2187-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2187-1 advisory. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit...

CVE-2010-5105

The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103...