Ubuntu 14.04 LTS : Linux kernel (Wily HWE) vulnerability (USN-2858-2)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-2858-2 advisory. The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to...
6.7CVSS
6AI Score
0.001EPSS
Ubuntu 15.10 : linux-raspi2 vulnerability (USN-2858-3)
Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges. Note that Tenable Network Security has...
6.7CVSS
6.7AI Score
0.001EPSS
0.3AI Score
0.001EPSS
Ubuntu 15.10 : linux vulnerability (USN-2858-1)
Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges. Note that Tenable Network Security has...
6.7CVSS
6.7AI Score
0.001EPSS
Ubuntu 15.04 : linux vulnerability (USN-2857-1)
Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges. Note that Tenable Network Security has...
6.7CVSS
6.7AI Score
0.001EPSS
Ubuntu 14.04 LTS : Linux kernel (Vivid HWE) vulnerability (USN-2857-2)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-2857-2 advisory. The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to...
6.7CVSS
6AI Score
0.001EPSS
Linux kernel (Vivid HWE) vulnerability
Releases Ubuntu 14.04 ESM Packages linux-lts-vivid - Linux hardware enablement kernel from Vivid Details Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative...
6.7CVSS
6.1AI Score
0.001EPSS
Linux kernel (Wily HWE) vulnerability
Releases Ubuntu 14.04 ESM Packages linux-lts-wily - Linux hardware enablement kernel from Wily Details Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative...
6.7CVSS
6.1AI Score
0.001EPSS
Linux Kernel 4.3.3 (Ubuntu 14.0415.10) - overlayfs Local Privilege Escalation (1)
Linux Kernel 4.3.3 (Ubuntu 14.0415.10) - overlayfs Local Privilege Escalation...
6.7CVSS
1AI Score
0.001EPSS
Linux kernel (Raspberry Pi 2) vulnerability
Releases Ubuntu 15.10 Packages linux-raspi2 - Linux kernel for Raspberry Pi 2 Details Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes...
6.7CVSS
6.1AI Score
0.001EPSS
Linux Kernel 4.3.3 (Ubuntu 14.04/15.10) - 'overlayfs' Privilege Escalation (1)
Exploit for linux platform in category local...
0.7AI Score
0.001EPSS
Linux Kernel 4.3.3 (Ubuntu 14.04/15.10) - 'overlayfs' Local Privilege Escalation (1)
...
6.7CVSS
6.6AI Score
EPSS
Releases Ubuntu 15.04 Packages linux - Linux kernel Details Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code...
6.7CVSS
6.1AI Score
0.001EPSS
Releases Ubuntu 15.10 Packages linux - Linux kernel Details Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code...
6.7CVSS
6.1AI Score
0.001EPSS
The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted...
6.7CVSS
6.2AI Score
0.001EPSS
The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted...
6.7CVSS
5.4AI Score
0.001EPSS
The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted...
6.7CVSS
5.8AI Score
0.001EPSS
Immunity Canvas: OVERLAYFS_SETATTR
Name| overlayfs_setattr ---|--- CVE| CVE-2015-8660 Exploit Pack| CANVAS Description| Ubuntu Overlayfs setattr local privilege escalation Notes| Repeatability: Multiple Times Notes: This is a local privilege escalation affecting kernels lower than 4.3.3. Tested on: - Ubuntu 15.10 VENDOR:...
6.7CVSS
2AI Score
0.001EPSS
The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted...
6.7CVSS
6.5AI Score
0.001EPSS
The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted...
6.2AI Score
0.001EPSS
The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. Bugs ...
6.7CVSS
1.4AI Score
0.001EPSS
Versions of WordPress 3.7.x prior to 3.7.9 , 3.8.x prior to 3.8.9 , 3.9.x prior to 3.9.7 , 4.1.x prior to 4.1.6 , and 4.2.x prior to 4.2.3 are susceptible to the following vulnerabilities : A cross-site scripting (XSS) vulnerability exists due to a flaw in the Shortcode API in which shortcodes...
2.1AI Score
Huawei VP9660 Multi-Point Control Unit Detection (SNMP)
SNMP based detection of Huawei VP9660 Multi-Point Control Unit...
7.1AI Score
Huawei VP9660 Multi-Point Control Unit Multiple Vulnerabilities (huawei-sa-20151111-01-vp9660)
Huawei VP9660 Multi-Point Control Unit is prone to multiple...
6.8AI Score
0.001EPSS
VP9660是华为视频会议系统的多媒体控制单元。 华为VP9660产品存在服务端未对输入完全做校验的安全漏洞。在使用内置WebServer场景下, 攻击者以业务管理员身份登录到设备后,通过构造修改特定报文信息发送到服务端,可以注入恶意命令,从而导致信息泄露,设备不可用。 前提条件: 攻击者能够以业务管理员身份登录VP9660成功; VP9660在使用内置WebServer场景下存在该漏洞; 攻击步骤:...
7.1AI Score
7.1AI Score
Security Advisory - Two Vulnerabilities in Huawei TE Series Product
Huawei TE series is a multimedia video conferencing endpoint that transfers audio, video, and desktop resources based on IP networks. It offers point-to-point and multiparty conferences for attendees at different places to enjoy face-to-face audio/video communication experience. A security...
6.8CVSS
5.6AI Score
0.002EPSS
The built-in web server in Huawei VP9660 multi-point control unit with software before V200R001C30SPC700 allows remote administrators to obtain sensitive information or cause a denial of service via a crafted...
6.5AI Score
0.001EPSS
The built-in web server in Huawei VP9660 multi-point control unit with software before V200R001C30SPC700 allows remote administrators to obtain sensitive information or cause a denial of service via a crafted...
6.7AI Score
0.001EPSS
The built-in web server in Huawei VP9660 multi-point control unit with software before V200R001C30SPC700 allows remote administrators to obtain sensitive information or cause a denial of service via a crafted...
7.1AI Score
0.001EPSS
The built-in web server in Huawei VP9660 multi-point control unit with software before V200R001C30SPC700 allows remote administrators to obtain sensitive information or cause a denial of service via a crafted...
6.5AI Score
0.001EPSS
Security Advisory - Input Validation Vulnerability in Huawei VP9660 Products
VP9660 is the multi-point control unit of Huawei Video Conference system. The server of the Huawei VP9660 does not validate the input when using build-in WebServer. In such case, an attacker could log in to the device as an business administrator, graft a message to change the specific...
6AI Score
0.001EPSS
elnuevoherald.com XSS vulnerability
Vulnerable URL: http://www.elnuevoherald.com/search/?q=%22%3E%3Csvg%2Fonload%3Dalert%28%2FXSSPOSED%2F%29%3E Details: Description| Value ---|--- Patched:| Yes, at 12.11.2015 Latest check for patch:| 12.11.2015 11:05 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|.....
6.3AI Score
SUSE: Security Advisory for xen (SUSE-SU-2015:0022-1)
The remote host is missing an update for...
6.8AI Score
0.006EPSS
7.9AI Score
0.013EPSS
Security Advisory - Bar Mitzvah Attack Vulnerability in Huawei Products
A security vulnerability exists in Rivest Cipher 4 (RC4) used by TLS and SSL protocols. RC4 cannot provide sufficient data protection. After listening to an SSL or TLS connection, an attacker can obtain plaintext data by brute force cracking. This vulnerability is also called Bar Mitzvah....
5.2AI Score
0.003EPSS
openSUSE: Security Advisory for xen (openSUSE-SU-2015:0256-1)
The remote host is missing an update for...
6.8AI Score
0.009EPSS
8AI Score
0.053EPSS
[SECURITY] Fedora 21 Update: xen-4.4.2-9.fc21
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen...
2.1AI Score
0.053EPSS
[SECURITY] Fedora 21 Update: xen-4.4.2-7.fc21
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen...
2.1AI Score
0.053EPSS
7.9AI Score
0.053EPSS
7.9AI Score
0.053EPSS
7.9AI Score
0.053EPSS
[SECURITY] Fedora 20 Update: xen-4.3.4-6.fc20
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen...
2.1AI Score
0.053EPSS
[SECURITY] Fedora 21 Update: xen-4.4.2-6.fc21
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen...
2.1AI Score
0.053EPSS
7.9AI Score
0.026EPSS
[SECURITY] Fedora 21 Update: xen-4.4.2-5.fc21
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen...
2.1AI Score
0.026EPSS
7.6AI Score
0.013EPSS
7.9AI Score
0.013EPSS
tor-consensus-checker NSE Script
Checks if a target is a known Tor node. The script works by querying the Tor directory authorities. Initially, the script stores all IPs of Tor nodes in a lookup table to reduce the number of requests and make lookups quicker. Script Arguments slaxml.debug See the documentation for the slaxml...
9.8CVSS
AI Score
0.973EPSS