Lucene search
K

305 matches found

BDU FSTEC
BDU FSTEC
added 2025/05/16 12:0 a.m.9 views

The vulnerability of the logfile_reopen() function in the GNU screen terminal multiplexer allows a hacker to write data to an arbitrary file with root privileges.

The vulnerability of the logfilereopen function in the GNU screen terminal multiplexer is related to the execution of the operation before privilege reset. Exploiting this vulnerability could allow an attacker to write data to an arbitrary file with root privileges...

8.6CVSS7AI score0.00201EPSS
Exploits0References4Affected Software2
RedhatCVE
RedhatCVE
added 2025/05/13 10:15 p.m.27 views

CVE-2025-23395

A flaw was found in Screen. When running with setuid-root privileged, the logfilereopen function does not drop privileges while operating on a user-supplied path. This vulnerability allows an unprivileged user to create files in arbitrary locations with root ownership. Mitigation No mitigation is...

6.8CVSS6.8AI score0.00201EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/05/12 12:0 a.m.4 views

PT-2025-20829 · Gnu · Gnu Screen

Name of the Vulnerable Software and Affected Versions: Screen versions 5.0.0 Description: The issue is related to the logfile reopen function in the GNU screen terminal multiplexer. When Screen runs with setuid-root privileges, it does not drop privileges while operating on a user-supplied path...

7.8CVSS6.5AI score0.00201EPSS
Exploits0References25
OSV
OSV
added 2025/05/08 2:15 p.m.4 views

CVE-2025-47730

The TeleMessage archiving backend through 2025-05-05 accepts API calls to request an authentication token from the TM SGNL aka Archive Signal app with the credentials of logfile for the user and enRR8UVVywXYbFkqUQDPRkO for the password...

7.5CVSS5.8AI score0.00337EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2025/05/08 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-47730

The TeleMessage archiving backend through 2025-05-05 accepts API calls to request an authentication token from the TM SGNL aka Archive Signal app with the credentials of logfile for the user and enRR8UVVywXYbFkqUQDPRkO for the password...

7.5CVSS5.8AI score0.00337EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/12 9:31 p.m.14 views

CVE-2025-1228 olajowon Loggrove Logfile Update page path traversal

A vulnerability classified as problematic has been found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. Affected is an unknown function of the file /read/?page=1&logfile=LOGMonitor of the component Logfile Update Handler. The manipulation of the argument path leads to path...

5.3CVSS0.00555EPSS
Exploits0References3
CVE
CVE
added 2025/02/12 9:31 p.m.59 views

CVE-2025-1228

CVE-2025-1228 affects olajowon Loggrove (Logfile Update Handler) with a path traversal vulnerability in the /read/?page=1&logfile=LOG_Monitor parameter. Affected is an unknown function within the Logfile Update Handler; manipulation of the path argument allows remote exploitation. The exploit has...

5.3CVSS7AI score0.00555EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/12 9:31 p.m.6 views

CVE-2025-1228 olajowon Loggrove Logfile Update page path traversal

A vulnerability classified as problematic has been found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. Affected is an unknown function of the file /read/?page=1&logfile=LOGMonitor of the component Logfile Update Handler. The manipulation of the argument path leads to path...

5.3CVSS6.9AI score0.00555EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.4 views

Loggrove 路径遍历漏洞

Loggrove is a web platform service by olajowon individual developer. Loggrove has a path traversal vulnerability that originates in the path parameter of /read/?page=1&logfile=LOGMonitor of the Logfile Update Handler component that contains a path traversal vulnerability...

5.3CVSS4.9AI score0.00555EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/11/29 12:0 a.m.13 views

CVE-2024-36622

In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter...

7.4AI score0.02759EPSS
Exploits0References3
OSV
OSV
added 2024/09/17 8:41 a.m.4 views

USN-7011-2 clamav vulnerabilities

USN-7011-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that ClamAV incorrectly handled certain PDF files. A remote attacker could possibly use this issue to cause...

7.5CVSS6.6AI score0.00555EPSS
Exploits0References3
OSV
OSV
added 2024/09/16 11:34 a.m.4 views

USN-7011-1 clamav vulnerabilities

It was discovered that ClamAV incorrectly handled certain PDF files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. CVE-2024-20505 It was discovered that ClamAV incorrectly handled logfile privileges. A local attacker could use this iss...

7.5CVSS6.5AI score0.00555EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/09/16 12:0 a.m.16 views

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : ClamAV vulnerabilities (USN-7011-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7011-1 advisory. It was discovered that ClamAV incorrectly handled certain PDF files. A remote attacker could possibly use this issue to cause...

7.5CVSS6.5AI score0.00555EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/09/04 9:28 p.m.20 views

CVE-2024-20506 ClamAV Privilege Handling Escalation Vulnerability

A vulnerability in the ClamD service module of Clam AntiVirus ClamAV versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt...

6.1CVSS6.6AI score0.00318EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/09/04 9:28 p.m.12 views

CVE-2024-20506

A vulnerability in the ClamD service module of Clam AntiVirus ClamAV versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt...

6.1CVSS6.1AI score0.00318EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/05/01 12:0 a.m.17 views

Fedora 39 : et (2024-94a155818c)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-94a155818c advisory. Update to 6.2.8, fixing CVE-2022-48257 and CVE-2022-48258 ---- Unbundle cpp-httlib, fixing CVE-2023-26130 Tenable has extracted the preceding...

8.8CVSS6.4AI score0.01137EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2024/05/01 12:0 a.m.20 views

Fedora 38 : et (2024-bd9e67c117)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bd9e67c117 advisory. Update to 6.2.8, fixing CVE-2022-48257 and CVE-2022-48258 ---- Unbundle cpp-httlib, fixing CVE-2023-26130 Tenable has extracted the preceding...

8.8CVSS6.4AI score0.01137EPSS
Exploits2References4
CNNVD
CNNVD
added 2024/03/01 12:0 a.m.5 views

DICOM Connectivity Framework Security Vulnerability

The DICOM Connectivity Framework is an advanced, object-oriented collection of native software components that implements the DICOM protocol for medical imaging systems. A security vulnerability exists in DICOM Connectivity Framework prior to version v.2.7.6b, which stems from a directory travers...

8.8CVSS7.8AI score0.01745EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/12/25 6:15 a.m.2 views

CVE-2022-41761

An issue was discovered in NOKIA NFM-T R19.9. An Absolute Path Traversal vulnerability exists under /cgi-bin/R19.9/viewlog.pl of the VM Manager WebUI via the logfile parameter, allowing a remote authenticated attacker to read arbitrary files...

6.5CVSS6AI score0.008EPSS
Exploits1References2
NVD
NVD
added 2023/12/25 6:15 a.m.29 views

CVE-2022-41761

An issue was discovered in NOKIA NFM-T R19.9. An Absolute Path Traversal vulnerability exists under /cgi-bin/R19.9/viewlog.pl of the VM Manager WebUI via the logfile parameter, allowing a remote authenticated attacker to read arbitrary files...

6.5CVSS0.008EPSS
Exploits1References1
Rows per page
Query Builder