Lucene search
K

25 matches found

EUVD
EUVD
added 2026/06/13 2:34 a.m.14 views

EUVD-2026-36638

A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the dump directory with DDOPENREADONLY and calls ddchown to change ownership of all files to the caller's uid, succeeding even while post-create event handlers hold a write lock. This allows ...

7CVSS5.3AI score0.00091EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.8 views

uutils coreutils has an Incorrect Check of Function Return Value

A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The final exit code is determined only by the last file processed. If the last operation succeeds, the command returns 0 even if earlier ownershi...

5.5CVSS5.3AI score0.00142EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.9 views

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. There is a security vulnerability in uutils coreutils, which stems from defects in the ChownExecutor used for chown and chgrp operations. This causes the utility to return an incorrect exit code during...

5.5CVSS5.8AI score0.00142EPSS
Exploits0References1
OSV
OSV
added 2025/12/16 2:15 p.m.2 views

UBUNTU-CVE-2025-40355

In the Linux kernel, the following vulnerability has been resolved: sysfs: check visibility before changing group attribute ownership Since commit 0c17270f9b92 "net: sysfs: Implement isvisible for physportid, portname, switchid", devchangenetnamespace can hit WARNON when trying to change owner of...

5.7AI score0.00155EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2006-0589

Malware in sbrugna...

2.1CVSS6AI score0.00442EPSS
Exploits0References21
RedHat Linux
RedHat Linux
added 2024/08/26 8:12 a.m.7 views

nodejs: fs.fchown/fchmod bypasses permission model

A flaw was found in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. The Node.js Permission Model does not operate on file descriptors. However, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner...

3.3CVSS7.3AI score0.00395EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/01/25 11:1 a.m.5 views

rpm: races with chown/chmod/capabilities calls during installation

A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system...

6.7CVSS7.1AI score0.00491EPSS
Exploits1References5
Cvelist
Cvelist
added 2023/12/22 12:0 a.m.18 views

CVE-2023-43116

A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to change ownership of arbitrary directories via the PIPELINEPATH variable in the fix-buildkite-agent-builds-permissions script...

7.8AI score0.00325EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.3 views

SUSE CVE-2006-1057

Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file...

3.7CVSS7AI score0.00272EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:25 a.m.5 views

SUSE CVE-2022-31253

A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior ...

7.8CVSS6.9AI score0.0033EPSS
Exploits1References3
Code423n4
Code423n4
added 2022/11/14 12:0 a.m.10 views

[H-01] owner not set in Pool.sol

Lines of code Vulnerability details The pool.sol contract here is an UUPSUpgradeable contract. But there is no initialize function where Ownableinit is called , due to which owner is 0x0. It would be impossible to call authorizeUpgrade or change ownership of the contract. POC Adding the following...

6.8AI score
Exploits0
NVD
NVD
added 2020/01/14 6:15 p.m.19 views

CVE-2015-3150

abrt-dbus in Automatic Bug Reporting Tool ABRT allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the 1 ChownProblemDir, 2 DeleteElement, or 3 DeleteProblem method...

7.2CVSS6.8AI score0.00398EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2015/06/09 12:0 a.m.3 views

PT-2020-7832 · Abrt +2 · Abrt +2

Name of the Vulnerable Software and Affected Versions: ABRT affected versions not specified Description: A directory traversal issue in abrt-dbus within the Automatic Bug Reporting Tool ABRT allows local users to read, write to, or change ownership of arbitrary files. This can be achieved via...

7.8CVSS5.9AI score0.04815EPSS
Exploits4References31
NVD
NVD
added 2015/05/30 7:59 p.m.18 views

CVE-2015-2851

clientchown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename...

6.8CVSS6.4AI score0.00757EPSS
Exploits0References3
OSV
OSV
added 2015/04/21 12:0 a.m.5 views

UBUNTU-CVE-2015-3339

Race condition in the preparebinprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped...

6.2CVSS6.7AI score0.00317EPSS
Exploits0References12
Debian CVE
Debian CVE
added 2013/07/09 5:0 p.m.25 views

CVE-2013-1976

Removed by vendor...

6.9CVSS8AI score0.00372EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2013/05/28 5:31 p.m.14 views

tomcat: Improper TOMCAT_LOG management in init script (DoS, ACE)

The 1 tomcat5, 2 tomcat6, and 3 tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on a tomcat5-initd.log, b...

6.9CVSS7.4AI score0.00372EPSS
Exploits1References4
Cvelist
Cvelist
added 2012/02/17 11:0 p.m.32 views

CVE-2011-4105

LightDM before 1.0.6 allows local users to change ownership of arbitrary files via a symlink attack on /.Xauthority...

6.2AI score0.00313EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2010/06/02 12:0 a.m.23 views

GLSA-201006-08 : nano: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201006-08 nano: Multiple vulnerabilities Multiple race condition vulnerabilities have been discovered in nano. For further information please consult the CVE entries referenced below. Impact : Under certain conditions, a local,...

3.7CVSS6.8AI score0.00368EPSS
Exploits0References3
NVD
NVD
added 2010/04/16 7:30 p.m.15 views

CVE-2010-1161

Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files...

3.7CVSS6.1AI score0.00275EPSS
Exploits0References6
Rows per page
Query Builder