53 matches found
CVE-2021-38941
IBM CloudPak for Multicloud Monitoring 2.0 and 2.3 has a few containers running in privileged mode which is vulnerable to host information leakage or destruction if unauthorized access to these containers could execute arbitrary commands. IBM X-Force ID: 211048...
Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring runs containers with excessive permissions (CVE-2021-38941)
Summary IBM CloudPak for Multicloud Monitoring had a few containers running in priviliged mode which is vulnerable to host information leakage or destruction if unauthorized access to these containers could execute arbitrary commands. Now only containers requiring this permissions are running in...
Citrix Hypervisor <= 8.2 LTSR DoS (CTX306565)
The version of Citrix Hypervisor formerly Citrix XenServer running on the remote host is missing a security hotfix. It is, therefore, affected by denial of service vulnerabilities. - A local attacker with the ability to execute privileged mode code in a guest machine can perform a denial of servi...
Valve: code injection, steam chat client
The steam chat client allows oEmbed, apparently based on a whitelist. One of the whitelisted oEmbedis codepen. When a codepen is created, it can be sent as a link to another steam user, and the code inside the codepen will execute within the privileged Steam Chat context. You can send these codep...
Information Disclosure
github.com/lxc/lxd is vulnerable to information disclosure. This is because it does not correctly set the permissions when switching an unprivileged container into privileged mode. This allows local users to access world readable paths in the container directory...
USN-2988-1: LXD vulnerabilities
Robie Basak discovered that LXD incorrectly set permissions when setting up a loop based ZFS pool. A local attacker could use this issue to copy and read the data of any LXD container. CVE-2016-1581 Robie Basak discovered that LXD incorrectly set permissions when switching an unprivileged contain...
UBUNTU-CVE-2016-1582
LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors...
The vulnerability of the libpthread library allows a hacker to execute arbitrary code in a privileged context or cause a service denial.
The vulnerability of the libpthread library in iOS and Mac OS X operating systems arises due to buffer overflows. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in a privileged context, or to cause a service failure by using a specially crafted application that...
ip-forwarding NSE Script
Detects whether the remote device has ip forwarding or "Internet connection sharing" enabled, by sending an ICMP echo request to a given target using the scanned host as default gateway. The given target can be a routed or a LAN host and needs to be able to respond to ICMP requests ping in order...
broadcast-dhcp6-discover NSE Script
Sends a DHCPv6 request Solicit to the DHCPv6 multicast address, parses the response, then extracts and prints the address along with any options returned by the server. The script requires Nmap to be run in privileged mode as it binds the socket to a privileged port udp/546. See also:...
broadcast-pppoe-discover NSE Script
Discovers PPPoE Point-to-Point Protocol over Ethernet servers using the PPPoE Discovery protocol PPPoED. PPPoE is an ethernet based protocol so the script has to know what ethernet interface to use for discovery. If no interface is specified, requests are sent out on all available interfaces. As...
rlogin-brute NSE Script
Performs brute force password auditing against the classic UNIX rlogin remote login service. This script must be run in privileged mode on UNIX because it must bind to a low source port number. Script Arguments rlogin-brute.timeout socket timeout for connecting to rlogin default 10s passdb,...
Cisco switch password-cracking-vulnerability warning-the black bar safety net
Use the console cable is connected toswitch, through HyperTerminal or Secure CRT connection to switch; 2. Press and hold down the switch on the front panel MODE button, plug in the switch power supply; 3. About 4 0 seconds after the release of the Mod 1. Use the console cable is connected...