Lucene search
+L

480 matches found

Cvelist
Cvelist
added 2026/01/30 2:9 p.m.34 views

CVE-2025-6723 Untrusted user data can lead to privilege escalation

Chef InSpec versions up to 5.23 and before 7.0.107 creates named pipes with overly permissive default Windows access controls. A local attacker may interfere with the pipe connection process and exploit the insufficient access restrictions to assume the InSpec execution context, potentially...

5.8CVSS0.00119EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/30 2:9 p.m.8 views

EUVD-2025-206578

Chef InSpec up to version 5.23 creates named pipes with overly permissive default Windows access controls. A local attacker may interfere with the pipe connection process and exploit the insufficient access restrictions to assume the InSpec execution context, potentially resulting in elevated...

5.8CVSS6AI score0.00119EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/30 2:9 p.m.7 views

CVE-2025-6723

Chef InSpec versions up to 5.23 and before 7.0.107 creates named pipes with overly permissive default Windows access controls. A local attacker may interfere with the pipe connection process and exploit the insufficient access restrictions to assume the InSpec execution context, potentially...

5.8CVSS5.8AI score0.00119EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/30 2:9 p.m.4 views

CVE-2025-6723 Untrusted user data can lead to privilege escalation

Chef InSpec versions up to 5.23 and before 7.0.107 creates named pipes with overly permissive default Windows access controls. A local attacker may interfere with the pipe connection process and exploit the insufficient access restrictions to assume the InSpec execution context, potentially...

5.8CVSS5.8AI score0.00119EPSS
Exploits0References1
CVE
CVE
added 2026/01/30 2:9 p.m.19 views

CVE-2025-6723

CVE-2025-6723 : Red Hat and NVD entries describe that Chef InSpec up to version 5.23 creates named pipes with overly permissive default Windows access controls. A local attacker could interfere with the pipe connection process and exploit insufficient access restrictions to assume the InSpec exec...

5.8CVSS5.9AI score0.00119EPSS
Exploits0References1
OSV
OSV
added 2026/01/30 2:9 p.m.2 views

CVE-2025-6723 Untrusted user data can lead to privilege escalation

Chef InSpec versions up to 5.23 and before 7.0.107 creates named pipes with overly permissive default Windows access controls. A local attacker may interfere with the pipe connection process and exploit the insufficient access restrictions to assume the InSpec execution context, potentially...

5.8CVSS6AI score0.00119EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.13 views

PT-2026-5397

Name of the Vulnerable Software and Affected Versions Chef InSpec versions through 5.23 Description Chef InSpec up to version 5.23 creates named pipes with overly permissive default Windows access controls. A local attacker may interfere with the pipe connection process and exploit the insufficie...

5.8CVSS5.9AI score0.00119EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.2 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/amd/display: The denominator “cbppipes” must not be 0; it is checked before being used. WHAT & HOW The denominator cannot be 0, and this check is performed before it is used. This fix addresses two “DIVIDEBYZERO” issues...

5.5CVSS6.4AI score0.00239EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.3 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004758)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004758 advisory. A use-after-free flaw was found in the Linux kernels pipes functionality in how a user performs manipulations with the pipe postonenotification after freepipeinfo th...

7.8CVSS6.4AI score0.00347EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.3 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003964)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003964 advisory. A use-after-free flaw was found in the Linux kernels pipes functionality in how a user performs manipulations with the pipe postonenotification after freepipeinfo th...

7.8CVSS6.4AI score0.00347EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.2 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001042)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001042 advisory. fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service memory consumption ...

6.2CVSS6.8AI score0.00557EPSS
Exploits0References31
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.7 views

CVE-2025-67813

Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication...

5.3CVSS7AI score0.00197EPSS
Exploits0References1
OSV
OSV
added 2026/01/12 4:16 p.m.5 views

CVE-2025-67813

Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References2
NVD
NVD
added 2026/01/12 4:16 p.m.10 views

CVE-2025-67813

Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication...

5.3CVSS0.00197EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/12 12:0 a.m.5 views

EUVD-2026-1927

Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication...

5.3CVSS6.5AI score0.00197EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/12 12:0 a.m.4 views

CVE-2025-67813

Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication...

6.6AI score0.00197EPSS
Exploits0References2
CVE
CVE
added 2026/01/12 12:0 a.m.39 views

CVE-2025-67813

CVE-2025-67813 affects Quest KACE Desktop Authority up to and including version 11.3.1. The vulnerability is insecure permissions on named pipes used for inter-process communication, exposing IPC to inappropriate access or manipulation. Impact is described in connected sources as insecure named p...

5.3CVSS6.6AI score0.00197EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/01/12 12:0 a.m.21 views

CVE-2025-67813

Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication...

0.00197EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.8 views

PT-2026-25846

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.2 Description Glances is a system cross-platform monitoring tool. The Glances action system allows administrators to configure shell commands that execute when monitoring thresholds are exceeded. These commands...

7CVSS6.1AI score0.00243EPSS
Exploits1References28
Tenable Nessus
Tenable Nessus
added 2025/12/31 12:0 a.m.4 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993060)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993060 advisory. In the Linux kernel, the following vulnerability has been resolved: can: mcbausb: properly check endpoint type Syzbot reported warning in usbsubmiturb which is cause...

5.5CVSS5.8AI score0.00253EPSS
Exploits0References4
Rows per page
Query Builder