Lucene search
K

270 matches found

CVE
CVE
added 2025/09/12 1:45 p.m.25 views

CVE-2025-9556

CVE-2025-9556 affects Langchaingo through the gonja-based prompt parsing that supports jinja2 syntax. The include/extends features in gonja 1.5.3 allow reading files, enabling server-side template injection (e.g., reading /etc/passwd). Affected details and remediation are supported by multiple so...

9.8CVSS6.8AI score0.00666EPSS
Exploits0References3
Veracode
Veracode
added 2025/08/28 12:19 p.m.6 views

Privilege Escalation

github.com/operator-framework/operator-sdk is vulnerable to Privilege Escalation. The vulnerability is due to the usersetup script setting /etc/passwd to group-writable, allowing attackers to modify it and gain root privileges within the container...

6.4CVSS6.8AI score0.0022EPSS
Exploits0References30Affected Software1
Cvelist
Cvelist
added 2025/08/24 7:2 a.m.14 views

CVE-2025-9380 FNKvision Y215 CCTV Camera Firmware passwd hard-coded credentials

A vulnerability was identified in FNKvision Y215 CCTV Camera 10.194.120.40. Affected by this issue is some unknown functionality of the file /etc/passwd of the component Firmware. Such manipulation leads to hard-coded credentials. Local access is required to approach this attack. The exploit is...

8.5CVSS0.00132EPSS
Exploits0References5
Snyk
Snyk
added 2025/08/07 9:31 p.m.2 views

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions due to incorrect permissions set on the /etc/passwd file during the build process. An attacker can gain elevated privileges by modifying the /etc/passwd file if they have the ability to execute commands...

5.7CVSS7.5AI score0.0022EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/07 9:31 p.m.4 views

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions due to incorrect permissions set on the /etc/passwd file during the build process. An attacker can gain elevated privileges by modifying the /etc/passwd file if they have the ability to execute commands...

5.7CVSS7.5AI score0.0022EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/07 9:31 p.m.2 views

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions due to incorrect permissions set on the /etc/passwd file during the build process. An attacker can gain elevated privileges by modifying the /etc/passwd file if they have the ability to execute commands...

5.7CVSS7.5AI score0.0022EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/08/07 7:5 p.m.4 views

CVE-2025-7195

Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, usersetup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used...

6.4CVSS5.8AI score0.0022EPSS
Exploits0References28
Positive Technologies
Positive Technologies
added 2025/08/07 12:0 a.m.6 views

PT-2025-32307

Name of the Vulnerable Software and Affected Versions Operator-SDK versions prior to 0.15.2 Description Early versions of Operator-SDK included an insecure method for operator containers to run in environments utilizing a random UID. A script, user setup, modified the permissions of the /etc/pass...

6.4CVSS8AI score0.0022EPSS
Exploits0References84
Packet Storm
Packet Storm
added 2025/08/05 12:0 a.m.90 views

📄 Ametys Portal 4.4 Local File Inclusion

Ametys Portal version 4.4 suffers from a local file inclusion vulnerability. Exploit Title: Ametys Portal 4.4 - Local File Inclusion Date: 05.08.2025 Exploit Author: tmrswrr Vendor Homepage: https://www.ametys.org Software Link:...

7.2AI score
Exploits0
SUSE CVE
SUSE CVE
added 2025/06/27 11:26 p.m.3 views

SUSE CVE-2025-4437

There's a vulnerability in the CRI-O application where when container is launched with securityContext.runAsUser specifying a non-existent user, CRI-O attempts to create the user, reading the container's entire /etc/passwd file into memory. If this file is excessively large, it can cause the a hi...

5.7CVSS6.9AI score0.00224EPSS
Exploits0References3
Snyk
Snyk
added 2025/06/26 12:0 a.m.1 views

Allocation of Resources Without Limits or Throttling

Overview github.com/cri-o/cri-o/server is an OCI-based implementation of Kubernetes Container Runtime Interface Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the handling of the /etc/passwd file. An attacker with minimal privileges to...

7.1CVSS6.8AI score0.00224EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/23 12:0 a.m.10 views

SysmonElixir 路径遍历漏洞

SysmonElixir is a system monitoring software by the individual developer Bocaletto Luca. A path traversal vulnerability exists in SysmonElixir versions prior to 1.0.1, which stems from the /read endpoint being able to read the server /etc/passwd file by default...

7.5CVSS6.6AI score0.00419EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 9:16 a.m.5 views

CVE-2024-37630

D-Link DIR-605L v2.13B01 was discovered to contain a hardcoded password vulnerability in /etc/passwd, which allows attackers to log in as root...

8.8CVSS7.2AI score0.00388EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:44 p.m.6 views

CVE-2021-39615

D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying...

10CVSS7.2AI score0.02196EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:32 p.m.5 views

CVE-2021-39613

D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values. NOTE: This vulnerability only affects products...

9.8CVSS7.2AI score0.01714EPSS
Exploits1References1
CVE
CVE
added 2025/05/09 11:58 a.m.60 views

CVE-2025-3528

CVE-2025-3528 describes a local privilege escalation in OpenShift Mirror Registry due to the quay-app container having write access to /etc/passwd. Affected component: Mirror Registry (quay-app container) within OpenShift; root cause: improper file permissions enabling an attacker with container ...

8.2CVSS6.8AI score0.00194EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/05/09 11:58 a.m.10 views

CVE-2025-3528 Mirror-registry: local privilege escalation due to incorrect permissions in mirror-registry

A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the /etc/passwd. This flaw allows a malicious actor with access to the container to modify the passwd file and elevate their privileges to the root user within...

8.2CVSS6.8AI score0.00194EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/05/09 12:0 a.m.5 views

PT-2025-20554

Name of the Vulnerable Software and Affected Versions OpenShift Mirror Registry affected versions not specified Description A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the /etc/passwd file. This flaw allo...

8.2CVSS6.2AI score0.00194EPSS
Exploits0References11
OpenVAS
OpenVAS
added 2025/05/07 12:0 a.m.1 views

Ensure That User Group and Password File Permissions Are Correct

In the Linux OS-related information, such as users, passwords, and user groups, is recorded in the configuration files in the /etc directory. Proper permissions must be set for accessing these files. Otherwise, the files may be stolen or tampered with by attackers. The owner and owner group of...

6.7AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/28 6:0 p.m.13 views

CVE-2025-2920 Netis WF-2404 passwd weak hash

A vulnerability was found in Netis WF-2404 1.1.124EN. It has been rated as problematic. This issue affects some unknown processing of the file /еtc/passwd. The manipulation leads to use of weak hash. It is possible to launch the attack on the physical device. The complexity of an attack is rather...

2CVSS6.6AI score0.00125EPSS
Exploits0References4
Rows per page
Query Builder