VU#142546: SMA Technologies OpCon UNIX agent adds the same SSH key to all installations
Overview SMA Technologies OpCon UNIX agent adds the same SSH key on every installation and subsequent updates. An attacker with access to the private key can gain root access on affected systems. Description During OpCon UNIX agent installation and updates, an SSH public key is added to the root account’s authorized_keys file. The corresponding private […]
VU#473698: uClibc, uClibc-ng libraries have monotonically increasing DNS transaction ID
Overview The uClibc and uClibc-ng libraries, prior to uClibc-ng 1.0.41, are vulnerable to DNS cache poisoning due to the use of predicatble DNS transaction IDs when making DNS requests. This vulnerability can allow an attacker to perform DNS cache poisoning attacks against a vulnerable environment. Description The uClibc and the Uclibc-ng software are lightweight C […]
VU#730007: Tychon is vulnerable to privilege escalation due to OPENSSLDIR location
Overview Tychon contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user may be able to place files. Description Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that my be controllable by an unprivileged user on Windows. Tychon […]
VU#411271: Qt allows for privilege escalation due to hard-coding of qt_prfxpath value
Overview Prior to version 5.14, Qt hard-codes the qt_prfxpath value to a fixed value, which may lead to privilege escalation vulnerabilities in Windows software that uses Qt. Description Prior to version 5.14, Qt hard-codes the qt_prfxpath value to a value that reflects the path where Qt exists on the system that was used to build […]