Post Archive
Post tagged #CVE:
- InputPlumber: Lack of D-Bus Authorization and Input Verification allows UI Input Injection and Denial-of-Service (CVE-2025-66005, CVE-2025-14338) - Jan 9, 2026
- TLP: Polkit Authentication Bypass in Profiles Daemon in Version 1.9.0 (CVE-2025-67859) - Jan 7, 2026
- Foomuuri: Lack of Client Authorization and Input Verification allow Control over Firewall Configuration (CVE-2025-67603, CVE-2025-67858) - Jan 7, 2026
- smb4k: Major Vulnerabilities in KAuth Helper (CVE-2025-66002, CVE-2025-66003) - Dec 10, 2025
- lightdm-kde-greeter: Privilege Escalation from lightdm Service User to root in KAuth Helper Service (CVE-2025-62876) - Nov 13, 2025
- OpenSMTPD: Trivial Local Denial-of-Service via UNIX Domain Socket (CVE-2025-62875) - Oct 31, 2025
- sslh: Remote Denial-of-Service Vulnerabilities - Jun 13, 2025
- Kea DHCP: Local Vulnerabilities in many Linux and BSD Distributions - May 28, 2025
- Multiple Security Issues in Screen - May 12, 2025
- wait3() System Call as a Side Channel in Setuid Programs: nvidia-modprobe case study (CVE-2024-0149) - Mar 26, 2025
- Below: World Writable Directory in /var/log/below Allows Local Privilege Escalation (CVE-2025-27591) - Mar 12, 2025
- pam_pkcs11: Possible Authentication Bypass in Error Situations (CVE-2025-24531) - Feb 6, 2025
- dde-api-proxy: Authentication Bypass in Deepin D-Bus Proxy Service (CVE-2025-23222) - Jan 24, 2025
- pam-u2f: problematic PAM_IGNORE return values in pam_sm_authenticate() (CVE-2025-23013) - Jan 14, 2025
- tuned: local root exploit in D-Bus method instance_create and other issues in tuned >= 2.23 (CVE-2024-52336, CVE-2024-52337) - Nov 26, 2024
- authentik: remote timing attack in MetricsView HTTP Basic Auth (CVE-2024-52307) - Nov 26, 2024
- oath-toolkit: privilege escalation in pam_oath.so (CVE-2024-47191) - Oct 4, 2024
- pcp: pmcd network daemon review (CVE-2024-45769), (CVE-2024-45770) - Sep 18, 2024
- gnome-remote-desktop: D-Bus system service in GNOME release 46 (CVE-2024-5148) - May 22, 2024
- dnf5daemon-server: Incomplete fix of CVE-2024-1929 (CVE-2024-2746) - Apr 3, 2024
- dnf5daemon-server: Local root Exploit and Local Denial-of-Service in dnf5 D-Bus Components - Mar 4, 2024
- Performance Co-Pilot (pcp): Unsafe use of Directories in /var/lib/pcp and /var/log/pcp breaks pcp Service User Isolation (CVE-2023-6917) - Feb 27, 2024
- darkhttpd: timing attack and local leak of HTTP basic auth credentials - Jan 22, 2024
- pam: pam_namespace misses O_DIRECTORY flag in protect_dir() (CVE-2024-22365) - Jan 19, 2024
- budgie-extras: Multiple Predictable /tmp Path Issues in Various Applications - Dec 14, 2023
- File Descriptor Hijack vulnerability in open-vm-tools (CVE-2023-34059) - Oct 27, 2023
- check_smart.pl: unprivileged user can alter hard drive settings (CVE-2021-42257) - Oct 14, 2021
Post tagged #local:
- scx: Unauthenticated scx_loader D-Bus Service can lead to major Denial-of-Service - Nov 6, 2025
- OpenSMTPD: Trivial Local Denial-of-Service via UNIX Domain Socket (CVE-2025-62875) - Oct 31, 2025
- Kea DHCP: Local Vulnerabilities in many Linux and BSD Distributions - May 28, 2025
- Multiple Security Issues in Screen - May 12, 2025
- wait3() System Call as a Side Channel in Setuid Programs: nvidia-modprobe case study (CVE-2024-0149) - Mar 26, 2025
- Below: World Writable Directory in /var/log/below Allows Local Privilege Escalation (CVE-2025-27591) - Mar 12, 2025
- pam_pkcs11: Possible Authentication Bypass in Error Situations (CVE-2025-24531) - Feb 6, 2025
- dde-api-proxy: Authentication Bypass in Deepin D-Bus Proxy Service (CVE-2025-23222) - Jan 24, 2025
- pam-u2f: problematic PAM_IGNORE return values in pam_sm_authenticate() (CVE-2025-23013) - Jan 14, 2025
- SSSD: Weaknesses in Privilege Separation due to Issues in Privileged Helper Programs - Dec 19, 2024
- stalld: unpatched fixed temporary file use and other issues - Nov 29, 2024
- tuned: local root exploit in D-Bus method instance_create and other issues in tuned >= 2.23 (CVE-2024-52336, CVE-2024-52337) - Nov 26, 2024
- oath-toolkit: privilege escalation in pam_oath.so (CVE-2024-47191) - Oct 4, 2024
- gnome-remote-desktop: D-Bus system service in GNOME release 46 (CVE-2024-5148) - May 22, 2024
- dnf5daemon-server: Incomplete fix of CVE-2024-1929 (CVE-2024-2746) - Apr 3, 2024
- KDE6 release: D-Bus and Polkit Galore - Apr 2, 2024
- dnf5daemon-server: Local root Exploit and Local Denial-of-Service in dnf5 D-Bus Components - Mar 4, 2024
- Performance Co-Pilot (pcp): Unsafe use of Directories in /var/lib/pcp and /var/log/pcp breaks pcp Service User Isolation (CVE-2023-6917) - Feb 27, 2024
- Security Issues in Passim Local Caching Server - Oct 27, 2023
- check_smart.pl: unprivileged user can alter hard drive settings (CVE-2021-42257) - Oct 14, 2021
Post tagged #tmpfiles:
- Below: World Writable Directory in /var/log/below Allows Local Privilege Escalation (CVE-2025-27591) - Mar 12, 2025
- stalld: unpatched fixed temporary file use and other issues - Nov 29, 2024
- budgie-extras: Multiple Predictable /tmp Path Issues in Various Applications - Dec 14, 2023
- hplip: Security Issues in hpps Program due to Fixed /tmp Path Usage - Nov 23, 2023
Post tagged #remote:
- sslh: Remote Denial-of-Service Vulnerabilities - Jun 13, 2025
- authentik: remote timing attack in MetricsView HTTP Basic Auth (CVE-2024-52307) - Nov 26, 2024
- pcp: pmcd network daemon review (CVE-2024-45769), (CVE-2024-45770) - Sep 18, 2024
- darkhttpd: timing attack and local leak of HTTP basic auth credentials - Jan 22, 2024
Post tagged #D-Bus:
- InputPlumber: Lack of D-Bus Authorization and Input Verification allows UI Input Injection and Denial-of-Service (CVE-2025-66005, CVE-2025-14338) - Jan 9, 2026
- TLP: Polkit Authentication Bypass in Profiles Daemon in Version 1.9.0 (CVE-2025-67859) - Jan 7, 2026
- Foomuuri: Lack of Client Authorization and Input Verification allow Control over Firewall Configuration (CVE-2025-67603, CVE-2025-67858) - Jan 7, 2026
- smb4k: Major Vulnerabilities in KAuth Helper (CVE-2025-66002, CVE-2025-66003) - Dec 10, 2025
- lightdm-kde-greeter: Privilege Escalation from lightdm Service User to root in KAuth Helper Service (CVE-2025-62876) - Nov 13, 2025
- scx: Unauthenticated scx_loader D-Bus Service can lead to major Denial-of-Service - Nov 6, 2025
- Removal of Deepin Desktop from openSUSE due to Packaging Policy Violation - May 7, 2025
- dde-api-proxy: Authentication Bypass in Deepin D-Bus Proxy Service (CVE-2025-23222) - Jan 24, 2025
- tuned: local root exploit in D-Bus method instance_create and other issues in tuned >= 2.23 (CVE-2024-52336, CVE-2024-52337) - Nov 26, 2024
- gnome-remote-desktop: D-Bus system service in GNOME release 46 (CVE-2024-5148) - May 22, 2024
- dnf5daemon-server: Incomplete fix of CVE-2024-1929 (CVE-2024-2746) - Apr 3, 2024
- KDE6 release: D-Bus and Polkit Galore - Apr 2, 2024
- dnf5daemon-server: Local root Exploit and Local Denial-of-Service in dnf5 D-Bus Components - Mar 4, 2024
Post tagged #KDE:
- smb4k: Major Vulnerabilities in KAuth Helper (CVE-2025-66002, CVE-2025-66003) - Dec 10, 2025
- lightdm-kde-greeter: Privilege Escalation from lightdm Service User to root in KAuth Helper Service (CVE-2025-62876) - Nov 13, 2025
- KDE: Admittance of kio-admin into openSUSE - Feb 21, 2025
- KDE6 release: D-Bus and Polkit Galore - Apr 2, 2024
Post tagged #Polkit:
- InputPlumber: Lack of D-Bus Authorization and Input Verification allows UI Input Injection and Denial-of-Service (CVE-2025-66005, CVE-2025-14338) - Jan 9, 2026
- TLP: Polkit Authentication Bypass in Profiles Daemon in Version 1.9.0 (CVE-2025-67859) - Jan 7, 2026
- Removal of Deepin Desktop from openSUSE due to Packaging Policy Violation - May 7, 2025
- KDE: Admittance of kio-admin into openSUSE - Feb 21, 2025
- KDE6 release: D-Bus and Polkit Galore - Apr 2, 2024
Post tagged #spotlight:
- SUSE Security Team Spotlight Autumn 2025 - Jan 14, 2026
- SUSE Security Team Spotlight Summer 2025 - Oct 1, 2025
- SUSE Security Team Spotlight Spring 2025 - Jul 25, 2025
- SUSE Security Team Spotlight Winter 2024/2025 - Mar 26, 2025
- SUSE Security Team Spotlight Autumn 2024 - Dec 9, 2024
- SUSE Security Team Spotlight Summer 2024 - Aug 13, 2024
Post tagged #root-exploit:
- Kea DHCP: Local Vulnerabilities in many Linux and BSD Distributions - May 28, 2025
- Multiple Security Issues in Screen - May 12, 2025