Post Archive
Post tagged #CVE:
- wait3() System Call as a Side Channel in Setuid Programs: nvidia-modprobe case study (CVE-2024-0149) - Mar 26, 2025
- Below: World Writable Directory in /var/log/below Allows Local Privilege Escalation (CVE-2025-27591) - Mar 12, 2025
- pam_pkcs11: Possible Authentication Bypass in Error Situations (CVE-2025-24531) - Feb 6, 2025
- dde-api-proxy: Authentication Bypass in Deepin D-Bus Proxy Service (CVE-2025-23222) - Jan 24, 2025
- pam-u2f: problematic PAM_IGNORE return values in pam_sm_authenticate() (CVE-2025-23013) - Jan 14, 2025
- tuned: local root exploit in D-Bus method instance_create and other issues in tuned >= 2.23 (CVE-2024-52336, CVE-2024-52337) - Nov 26, 2024
- authentik: remote timing attack in MetricsView HTTP Basic Auth (CVE-2024-52307) - Nov 26, 2024
- oath-toolkit: privilege escalation in pam_oath.so (CVE-2024-47191) - Oct 4, 2024
- pcp: pmcd network daemon review (CVE-2024-45769), (CVE-2024-45770) - Sep 18, 2024
- gnome-remote-desktop: D-Bus system service in GNOME release 46 (CVE-2024-5148) - May 22, 2024
- dnf5daemon-server: Incomplete fix of CVE-2024-1929 (CVE-2024-2746) - Apr 3, 2024
- dnf5daemon-server: Local root Exploit and Local Denial-of-Service in dnf5 D-Bus Components - Mar 4, 2024
- Performance Co-Pilot (pcp): Unsafe use of Directories in /var/lib/pcp and /var/log/pcp breaks pcp Service User Isolation (CVE-2023-6917) - Feb 27, 2024
- darkhttpd: timing attack and local leak of HTTP basic auth credentials - Jan 22, 2024
- pam: pam_namespace misses O_DIRECTORY flag in protect_dir() (CVE-2024-22365) - Jan 19, 2024
- budgie-extras: Multiple Predictable /tmp Path Issues in Various Applications - Dec 14, 2023
- File Descriptor Hijack vulnerability in open-vm-tools (CVE-2023-34059) - Oct 27, 2023
- check_smart.pl: unprivileged user can alter hard drive settings (CVE-2021-42257) - Oct 14, 2021
Post tagged #local:
- wait3() System Call as a Side Channel in Setuid Programs: nvidia-modprobe case study (CVE-2024-0149) - Mar 26, 2025
- Below: World Writable Directory in /var/log/below Allows Local Privilege Escalation (CVE-2025-27591) - Mar 12, 2025
- pam_pkcs11: Possible Authentication Bypass in Error Situations (CVE-2025-24531) - Feb 6, 2025
- dde-api-proxy: Authentication Bypass in Deepin D-Bus Proxy Service (CVE-2025-23222) - Jan 24, 2025
- pam-u2f: problematic PAM_IGNORE return values in pam_sm_authenticate() (CVE-2025-23013) - Jan 14, 2025
- SSSD: Weaknesses in Privilege Separation due to Issues in Privileged Helper Programs - Dec 19, 2024
- stalld: unpatched fixed temporary file use and other issues - Nov 29, 2024
- tuned: local root exploit in D-Bus method instance_create and other issues in tuned >= 2.23 (CVE-2024-52336, CVE-2024-52337) - Nov 26, 2024
- oath-toolkit: privilege escalation in pam_oath.so (CVE-2024-47191) - Oct 4, 2024
- gnome-remote-desktop: D-Bus system service in GNOME release 46 (CVE-2024-5148) - May 22, 2024
- dnf5daemon-server: Incomplete fix of CVE-2024-1929 (CVE-2024-2746) - Apr 3, 2024
- KDE6 release: D-Bus and Polkit Galore - Apr 2, 2024
- dnf5daemon-server: Local root Exploit and Local Denial-of-Service in dnf5 D-Bus Components - Mar 4, 2024
- Performance Co-Pilot (pcp): Unsafe use of Directories in /var/lib/pcp and /var/log/pcp breaks pcp Service User Isolation (CVE-2023-6917) - Feb 27, 2024
- Security Issues in Passim Local Caching Server - Oct 27, 2023
- check_smart.pl: unprivileged user can alter hard drive settings (CVE-2021-42257) - Oct 14, 2021
Post tagged #tmpfiles:
- Below: World Writable Directory in /var/log/below Allows Local Privilege Escalation (CVE-2025-27591) - Mar 12, 2025
- stalld: unpatched fixed temporary file use and other issues - Nov 29, 2024
- budgie-extras: Multiple Predictable /tmp Path Issues in Various Applications - Dec 14, 2023
- hplip: Security Issues in hpps Program due to Fixed /tmp Path Usage - Nov 23, 2023
Post tagged #D-Bus:
- dde-api-proxy: Authentication Bypass in Deepin D-Bus Proxy Service (CVE-2025-23222) - Jan 24, 2025
- tuned: local root exploit in D-Bus method instance_create and other issues in tuned >= 2.23 (CVE-2024-52336, CVE-2024-52337) - Nov 26, 2024
- gnome-remote-desktop: D-Bus system service in GNOME release 46 (CVE-2024-5148) - May 22, 2024
- dnf5daemon-server: Incomplete fix of CVE-2024-1929 (CVE-2024-2746) - Apr 3, 2024
- KDE6 release: D-Bus and Polkit Galore - Apr 2, 2024
- dnf5daemon-server: Local root Exploit and Local Denial-of-Service in dnf5 D-Bus Components - Mar 4, 2024
Post tagged #KDE:
- KDE: Admittance of kio-admin into openSUSE - Feb 21, 2025
- KDE6 release: D-Bus and Polkit Galore - Apr 2, 2024
Post tagged #Polkit:
- KDE: Admittance of kio-admin into openSUSE - Feb 21, 2025
- KDE6 release: D-Bus and Polkit Galore - Apr 2, 2024
Post tagged #spotlight:
- SUSE Security Team Spotlight Winter 2024/2025 - Mar 26, 2025
- SUSE Security Team Spotlight Autumn 2024 - Dec 9, 2024
- SUSE Security Team Spotlight Summer 2024 - Aug 13, 2024