dotnet: .NET Elevation of Privilege Vulnerability

An elevation of privilege vulnerability was found in .NET. This flaw allows an attacker to write a specially crafted file in the security context of the local system...

dotnet: .NET Elevation of Privilege Vulnerability

An elevation of privilege vulnerability was found in .NET. This flaw allows an attacker to write a specially crafted file in the security context of the local system...

dotnet: .NET Elevation of Privilege Vulnerability

An elevation of privilege vulnerability was found in .NET. This flaw allows an attacker to write a specially crafted file in the security context of the local system...

dotnet: .NET Elevation of Privilege Vulnerability

An elevation of privilege vulnerability was found in .NET. This flaw allows an attacker to write a specially crafted file in the security context of the local system...

CVE-2024-20121

In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08956986; Issue ID: MSV-1574...

GHSA-CWGG-57XJ-G77R changedetection.io Path Traversal

Summary When a WebDriver is used to fetch files source:file:///etc/passwd can be used to retrieve local system files, where the more traditional file:///etc/passwd gets blocked Details The root cause is the payload source:file:///etc/passwdpasses the regex here and also passes the check here wher...

Unauthorized Access

github.com/juju/juju is vulnerable to an Unauthorized Access. The vulnerability is due to improper access control over the JUJUCONTEXTID and the exposed UNIX domain socket, allowing unauthorized users on the local system with access to the default network namespace to connect and perform privileg...

Vulnerable juju hook tool abstract UNIX domain socket

Impact When combined with an attack of JUJUCONTEXTID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm. Patches Patch:...

GHSA-8V4W-F4R9-7H6X Vulnerable juju hook tool abstract UNIX domain socket

Impact When combined with an attack of JUJUCONTEXTID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm. Patches Patch:...

GHSA-FC27-7PF5-96V3 Duplicate Advisory: Vulnerable juju hook tool abstract UNIX domain socket

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8v4w-f4r9-7h6x. This link is maintained to preserve external references. Original Description Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJUCONTEXTID, any user on the...

CVE-2024-8037

Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJUCONTEXTID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a...

CVE-2024-8037

Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJUCONTEXTID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a...

Acronis Cyber Protect Cloud Agent 安全漏洞

Acronis Cyber Protect Cloud Agent is a cloud agent from Acronis Switzerland. A security vulnerability exists in Acronis Cyber Protect Cloud Agent versions prior to 38565, which stems from an unnecessary privilege assignment that results in the manipulation of local active protection service...

PT-2024-38200 · F Secure · F-Secure Total

Name of the Vulnerable Software and Affected Versions: F-Secure Total affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations. User interaction by an administrator is required to exploit it. The flaw exists within the...

Exploit for Missing Authentication for Critical Function in Veeam Veeam_Backup_\&_Replication

It is an exploit module/toolkit targeting a web application. The...

git: insecure hardlinks

A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a specialized repository on their target's local system. For performance reasons, Git uses hardlinks when cloning a repository located on the same disk. However, if the repo being cloned is owned by a differen...

git: RCE while cloning local repos

A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code...

git: insecure hardlinks

A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a specialized repository on their target's local system. For performance reasons, Git uses hardlinks when cloning a repository located on the same disk. However, if the repo being cloned is owned by a differen...

git: additional local RCE

A flaw was found in Git in a full copy of a Git repository. A prerequisite for this vulnerability is for an unauthenticated attacker to place a specialized repository on their target's local system. If the victim were to clone this repository, it could result in arbitrary code execution...

PT-2024-27022 · Ricoh · Ricoh Streamline Nx Pc Client

Name of the Vulnerable Software and Affected Versions: Ricoh Streamline NX PC Client versions 3.7.2 and earlier Description: The issue is related to the use of hard-coded credentials. If exploited, an attacker may obtain the LocalSystem Account of the PC where the product is installed, potentiall...