Post Archive

Post tagged #CVE:

• Below: World Writable Directory in /var/log/below Allows Local Privilege Escalation (CVE-2025-27591) - Mar 12, 2025
• pam_pkcs11: Possible Authentication Bypass in Error Situations (CVE-2025-24531) - Feb 6, 2025
• dde-api-proxy: Authentication Bypass in Deepin D-Bus Proxy Service (CVE-2025-23222) - Jan 24, 2025
• pam-u2f: problematic PAM_IGNORE return values in pam_sm_authenticate() (CVE-2025-23013) - Jan 14, 2025
• tuned: local root exploit in D-Bus method instance_create and other issues in tuned >= 2.23 (CVE-2024-52336, CVE-2024-52337) - Nov 26, 2024
• authentik: remote timing attack in MetricsView HTTP Basic Auth (CVE-2024-52307) - Nov 26, 2024
• oath-toolkit: privilege escalation in pam_oath.so (CVE-2024-47191) - Oct 4, 2024
• pcp: pmcd network daemon review (CVE-2024-45769), (CVE-2024-45770) - Sep 18, 2024
• gnome-remote-desktop: D-Bus system service in GNOME release 46 (CVE-2024-5148) - May 22, 2024
• dnf5daemon-server: Incomplete fix of CVE-2024-1929 (CVE-2024-2746) - Apr 3, 2024
• dnf5daemon-server: Local root Exploit and Local Denial-of-Service in dnf5 D-Bus Components - Mar 4, 2024
• Performance Co-Pilot (pcp): Unsafe use of Directories in /var/lib/pcp and /var/log/pcp breaks pcp Service User Isolation (CVE-2023-6917) - Feb 27, 2024
• darkhttpd: timing attack and local leak of HTTP basic auth credentials - Jan 22, 2024
• pam: pam_namespace misses O_DIRECTORY flag in protect_dir() (CVE-2024-22365) - Jan 19, 2024
• budgie-extras: Multiple Predictable /tmp Path Issues in Various Applications - Dec 14, 2023
• File Descriptor Hijack vulnerability in open-vm-tools (CVE-2023-34059) - Oct 27, 2023
• check_smart.pl: unprivileged user can alter hard drive settings (CVE-2021-42257) - Oct 14, 2021

Post tagged #local:

• Below: World Writable Directory in /var/log/below Allows Local Privilege Escalation (CVE-2025-27591) - Mar 12, 2025
• pam_pkcs11: Possible Authentication Bypass in Error Situations (CVE-2025-24531) - Feb 6, 2025
• dde-api-proxy: Authentication Bypass in Deepin D-Bus Proxy Service (CVE-2025-23222) - Jan 24, 2025
• pam-u2f: problematic PAM_IGNORE return values in pam_sm_authenticate() (CVE-2025-23013) - Jan 14, 2025
• SSSD: Weaknesses in Privilege Separation due to Issues in Privileged Helper Programs - Dec 19, 2024
• stalld: unpatched fixed temporary file use and other issues - Nov 29, 2024
• tuned: local root exploit in D-Bus method instance_create and other issues in tuned >= 2.23 (CVE-2024-52336, CVE-2024-52337) - Nov 26, 2024
• oath-toolkit: privilege escalation in pam_oath.so (CVE-2024-47191) - Oct 4, 2024
• gnome-remote-desktop: D-Bus system service in GNOME release 46 (CVE-2024-5148) - May 22, 2024
• dnf5daemon-server: Incomplete fix of CVE-2024-1929 (CVE-2024-2746) - Apr 3, 2024
• KDE6 release: D-Bus and Polkit Galore - Apr 2, 2024
• dnf5daemon-server: Local root Exploit and Local Denial-of-Service in dnf5 D-Bus Components - Mar 4, 2024
• Performance Co-Pilot (pcp): Unsafe use of Directories in /var/lib/pcp and /var/log/pcp breaks pcp Service User Isolation (CVE-2023-6917) - Feb 27, 2024
• Security Issues in Passim Local Caching Server - Oct 27, 2023
• check_smart.pl: unprivileged user can alter hard drive settings (CVE-2021-42257) - Oct 14, 2021

Post tagged #sudo:

• check_smart.pl: unprivileged user can alter hard drive settings (CVE-2021-42257) - Oct 14, 2021

Post tagged #tmpfiles:

• Below: World Writable Directory in /var/log/below Allows Local Privilege Escalation (CVE-2025-27591) - Mar 12, 2025
• stalld: unpatched fixed temporary file use and other issues - Nov 29, 2024
• budgie-extras: Multiple Predictable /tmp Path Issues in Various Applications - Dec 14, 2023
• hplip: Security Issues in hpps Program due to Fixed /tmp Path Usage - Nov 23, 2023

Post tagged #pam:

• pam: pam_namespace misses O_DIRECTORY flag in protect_dir() (CVE-2024-22365) - Jan 19, 2024

Post tagged #remote:

• authentik: remote timing attack in MetricsView HTTP Basic Auth (CVE-2024-52307) - Nov 26, 2024
• pcp: pmcd network daemon review (CVE-2024-45769), (CVE-2024-45770) - Sep 18, 2024
• darkhttpd: timing attack and local leak of HTTP basic auth credentials - Jan 22, 2024

Post tagged #D-Bus:

• dde-api-proxy: Authentication Bypass in Deepin D-Bus Proxy Service (CVE-2025-23222) - Jan 24, 2025
• tuned: local root exploit in D-Bus method instance_create and other issues in tuned >= 2.23 (CVE-2024-52336, CVE-2024-52337) - Nov 26, 2024
• gnome-remote-desktop: D-Bus system service in GNOME release 46 (CVE-2024-5148) - May 22, 2024
• dnf5daemon-server: Incomplete fix of CVE-2024-1929 (CVE-2024-2746) - Apr 3, 2024
• KDE6 release: D-Bus and Polkit Galore - Apr 2, 2024
• dnf5daemon-server: Local root Exploit and Local Denial-of-Service in dnf5 D-Bus Components - Mar 4, 2024

Post tagged #KDE:

• KDE: Admittance of kio-admin into openSUSE - Feb 21, 2025
• KDE6 release: D-Bus and Polkit Galore - Apr 2, 2024

Post tagged #Polkit:

• KDE: Admittance of kio-admin into openSUSE - Feb 21, 2025
• KDE6 release: D-Bus and Polkit Galore - Apr 2, 2024

Post tagged #spotlight:

• SUSE Security Team Spotlight Autumn 2024 - Dec 9, 2024
• SUSE Security Team Spotlight Summer 2024 - Aug 13, 2024

Post tagged #PAM:

• pam_pkcs11: Possible Authentication Bypass in Error Situations (CVE-2025-24531) - Feb 6, 2025
• pam-u2f: problematic PAM_IGNORE return values in pam_sm_authenticate() (CVE-2025-23013) - Jan 14, 2025
• oath-toolkit: privilege escalation in pam_oath.so (CVE-2024-47191) - Oct 4, 2024

Post tagged #symlink:

• oath-toolkit: privilege escalation in pam_oath.so (CVE-2024-47191) - Oct 4, 2024

Post tagged #timing-attack:

• authentik: remote timing attack in MetricsView HTTP Basic Auth (CVE-2024-52307) - Nov 26, 2024

Post tagged #setuid:

• SSSD: Weaknesses in Privilege Separation due to Issues in Privileged Helper Programs - Dec 19, 2024

Post tagged #capabilities:

• SSSD: Weaknesses in Privilege Separation due to Issues in Privileged Helper Programs - Dec 19, 2024

Post tagged #deepin:

• dde-api-proxy: Authentication Bypass in Deepin D-Bus Proxy Service (CVE-2025-23222) - Jan 24, 2025