EUVD-2025-6496

Malicious code in bioql PyPI...

Fedora 42 : rust-zincati (2025-19fabb2ca6)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-19fabb2ca6 advisory. New upstream release v0.0.30 see: https://github.com/coreos/zincati/releases/tag/v0.0.30 Tenable has extracted the preceding description block...

Fedora: Security Advisory (FEDORA-2025-cc269f80fa)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-19fabb2ca6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: rust-zincati-0.0.30-1.fc40

Update agent for Fedora CoreOS...

[SECURITY] Fedora 41 Update: rust-zincati-0.0.30-1.fc41

Update agent for Fedora CoreOS...

Fedora 41 : rust-zincati (2025-cc269f80fa)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-cc269f80fa advisory. New upstream release v0.0.30 see: https://github.com/coreos/zincati/releases/tag/v0.0.30 ---- Backport polkit rules patch for CVE-2025-27512 -...

Fedora: Security Advisory (FEDORA-2025-43bcbb0795)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 40 : rust-zincati (2025-43bcbb0795)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-43bcbb0795 advisory. New upstream release v0.0.30 see: https://github.com/coreos/zincati/releases/tag/v0.0.30 Tenable has extracted the preceding description block...

[SECURITY] Fedora 42 Update: rust-zincati-0.0.30-1.fc42

Update agent for Fedora CoreOS...

CVE-2025-27512

A flaw was found in Zincati, an auto-update agent for Fedora CoreOS hosts. This vulnerability may allow an unprivileged user with access to the system D-Bus socket to deploy older Fedora CoreOS versions, which may have other known vulnerabilities, and reboot the system into the deployed update vi...

CVE-2025-27512

Zincati is an auto-update agent for Fedora CoreOS hosts. Zincati ships a polkit rule which allows the zincati system user to use the actions org.projectatomic.rpmostree1.deploy to deploy updates to the system and org.projectatomic.rpmostree1.finalize-deployment to reboot the system into the...

Zincati allows unprivileged access to rpm-ostree D-Bus `Deploy()` and `FinalizeDeployment()` methods

Impact Zincati ships a polkit rule which allows the zincati system user to use the following actions: - org.projectatomic.rpmostree1.deploy: used to deploy updates to the system - org.projectatomic.rpmostree1.finalize-deployment: used to reboot the system into the deployed update Since Zincati...

GHSA-W6FV-6GCC-X825 Zincati allows unprivileged access to rpm-ostree D-Bus `Deploy()` and `FinalizeDeployment()` methods

Impact Zincati ships a polkit rule which allows the zincati system user to use the following actions: - org.projectatomic.rpmostree1.deploy: used to deploy updates to the system - org.projectatomic.rpmostree1.finalize-deployment: used to reboot the system into the deployed update Since Zincati...

CVE-2025-27512 Zincati allows unprivileged access to rpm-ostree D-Bus `Deploy()` and `FinalizeDeployment()` methods

Zincati is an auto-update agent for Fedora CoreOS hosts. Zincati ships a polkit rule which allows the zincati system user to use the actions org.projectatomic.rpmostree1.deploy to deploy updates to the system and org.projectatomic.rpmostree1.finalize-deployment to reboot the system into the...

CVE-2025-27512

CVE-2025-27512 affects Zincati’s polkit rule for Fedora CoreOS. A logic error in Zincati v0.0.24–v0.0.29 broadens access to the actions org.projectatomic.rpmostree1.deploy and org.projectatomic.rpmostree1.finalize-deployment to any unprivileged user with system D-Bus access, allowing deployment o...

CVE-2025-27512 Zincati allows unprivileged access to rpm-ostree D-Bus `Deploy()` and `FinalizeDeployment()` methods

Zincati is an auto-update agent for Fedora CoreOS hosts. Zincati ships a polkit rule which allows the zincati system user to use the actions org.projectatomic.rpmostree1.deploy to deploy updates to the system and org.projectatomic.rpmostree1.finalize-deployment to reboot the system into the...

CVE-2025-27512 Zincati allows unprivileged access to rpm-ostree D-Bus `Deploy()` and `FinalizeDeployment()` methods

Zincati is an auto-update agent for Fedora CoreOS hosts. Zincati ships a polkit rule which allows the zincati system user to use the actions org.projectatomic.rpmostree1.deploy to deploy updates to the system and org.projectatomic.rpmostree1.finalize-deployment to reboot the system into the...

Zincati 安全漏洞

Zincati is a Fedora CoreOS auto-update agent program from CoreOS Open Source. A security vulnerability exists in Zincati versions prior to v0.0.24 through v0.0.30, which stems from a logic error that could lead to the deployment of older versions by arbitrary users...