Lucene search
+L

112 matches found

Vulnrichment
Vulnrichment
added 2018/07/27 7:0 p.m.3 views

CVE-2017-2616

A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions...

5.5CVSS5.4AI score0.00279EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 10:0 p.m.32 views

Security Bulletin: IBM QRadar Network Security is affected by a vulnerability in coreutils (util-linux)

Summary A security vulnerability has been discovered in coreutils util-linux, which is used by IBM QRadar Network Security. Vulnerability Details CVEID: CVE-2017-2616 DESCRIPTION: util-linux could allow a local authenticated attacker to bypass security restrictions, caused by a race condition whe...

5.5CVSS0.7AI score0.00279EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:5 a.m.19 views

Security Bulletin: Vulnerabilities in GSKit affect IBM WebSphere MQ (CVE-2015-7421, CVE-2015-7420)

Summary Vulnerabilities were discovered in GSKit. IBM WebSphere MQ uses GSKit and addressed the applicable CVE. Vulnerability Details CVEID: CVE-2015-7421 DESCRIPTION: A vulnerability in GSKit could allow a remote attacker to obtain sensitive information. The internal ICC PRNG pool state is...

5CVSS0.5AI score0.01942EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2018/05/17 12:0 a.m.51 views

openSUSE: Security Advisory for php5 (openSUSE-SU-2018:1317-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS6.9AI score0.10433EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/05/16 12:0 a.m.45 views

SUSE SLES11 Security Update : php53 (SUSE-SU-2018:1294-1)

This update for php53 fixes the following issues: Security issues fixed : - CVE-2018-10545: Fix access controls in FPM child processes bsc1091367. - CVE-2018-10547: Fix Reflected XSS on the PHAR 403 and 404 error pages bsc1091362. - CVE-2018-10546: Fix an infinite loop exists in ext/iconv/iconv.c...

7.5CVSS6.3AI score0.10433EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2018/05/11 12:0 a.m.47 views

openSUSE Security Update : php7 (openSUSE-2018-441)

This update for php7 fixes the following issues : Security issues fixed : - CVE-2018-10545: Fix access controls in FPM child processes bsc1091367. - CVE-2018-10547: Fix Reflected XSS on the PHAR 403 and 404 error pages bsc1091362. - CVE-2018-10546: Fix an infinite loop exists in ext/iconv/iconv.c...

7.5CVSS6.2AI score0.10433EPSS
Exploits0References8
AlpineLinux
AlpineLinux
added 2018/04/29 9:0 p.m.76 views

CVE-2018-10545

An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpmunix.c makes a PRSETDUMPABLE prctl call, allowing one user in a multiuser environment to obtain sensitive...

4.7CVSS6.1AI score0.00831EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/04/10 12:0 a.m.12 views

Fedora 27 : php (2018-12f92ff831)

PHP version 7.1.16 29 Mar 2018 Core: - Fixed bug php76025 Segfault while throwing exception in errorhandler. Dmitry, Laruence - Fixed bug php76044 'date: illegal option -- -' in ./configure on FreeBSD. Anatol FPM: - Fixed bug php75605 Dumpable FPM child processes allow bypassing opcache access...

5.5AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2017/08/01 2:11 p.m.4 views

openssh: Leak of host private key material to privilege-separated child process via realloc()

It was found that the host private key material could possibly leak to the privilege-separated child processes via re-allocated memory. An attacker able to compromise the privilege-separated process could therefore obtain the leaked key information...

6.2CVSS7.2AI score0.01101EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2017/06/07 5:43 p.m.7 views

httpd: DoS vulnerability in mod_auth_digest

It was discovered that the modauthdigest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication...

7.5CVSS7.2AI score0.20952EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2017/05/03 12:0 a.m.22 views

EulerOS 2.0 SP1 : util-linux (EulerOS-SA-2017-1083)

According to the version of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill...

5.5CVSS6AI score0.00279EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/05/03 12:0 a.m.27 views

EulerOS 2.0 SP2 : util-linux (EulerOS-SA-2017-1084)

According to the version of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill...

5.5CVSS6AI score0.00279EPSS
Exploits0References2
Cent OS
Cent OS
added 2017/04/13 10:59 a.m.149 views

libblkid, libmount, libuuid, util, uuidd security update

CentOS Errata and Security Advisory CESA-2017:0907 An update for util-linux is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

5.5CVSS6.2AI score0.00279EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2017/04/13 12:0 a.m.60 views

RHEL 7 : util-linux (RHSA-2017:0907)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:0907 advisory. The util-linux packages contain a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, these...

5.5CVSS6AI score0.00279EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2017/04/13 12:0 a.m.27 views

Scientific Linux Security Update : util-linux on SL7.x x86_64 (20170412)

Security Fixes : - A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions. CVE-2017-2616 Bug Fixes : - The 'findmnt --target ' command prints all...

5.5CVSS5.8AI score0.00279EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2017/04/12 12:25 p.m.73 views

Moderate: Red Hat Security Advisory: util-linux security and bug fix update

An update for util-linux is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

5.5CVSS6.2AI score0.00279EPSS
Exploits0References3
OSV
OSV
added 2016/04/08 3:59 p.m.2 views

DEBIAN-CVE-2016-2381

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp...

7.5CVSS9.1AI score0.09007EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2015/08/04 12:0 a.m.29 views

Scientific Linux Security Update : sudo on SL6.x i386/x86_64 (20150722)

It was discovered that sudo did not perform any checks of the TZ environment variable value. If sudo was configured to preserve the TZ environment variable, a local user with privileges to execute commands via sudo could possibly use this flaw to achieve system state changes not permitted by the...

3.3CVSS5.8AI score0.0047EPSS
Exploits1References2
Mageia
Mageia
added 2015/04/15 9:1 a.m.30 views

Updated socat packages fix CVE-2015-1379

Updated socat package fixes security vulnerability: In socat before 2.0.0-b8, signal handler implementations are not async-signal-safe and can cause crash or freeze of socat processes. Mostly this issue occurs when socat is in listening mode with fork option and a couple of child processes...

7.5CVSS7.4AI score0.0393EPSS
Exploits0References2
0day.today
0day.today
added 2015/04/02 12:0 a.m.65 views

Palo Alto Traps Server 3.1.2.1546 - Persistent XSS Vulnerability

Exploit for windows platform in category web applications !/usr/bin/ruby =begin ------------------------------------------------------------------------ Product: Palo Alto Traps Server formerly Cyvera Endpoint Protection Vendor: Palo Alto Networks Vulnerable Versions: 3.1.2.1546 Tested Version:...

4.3CVSS6.6AI score0.04036EPSS
Exploits5
Rows per page
Query Builder