Lucene search
K

122 matches found

Prion
Prion
added 2020/10/21 2:15 p.m.28 views

Code injection

Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. Because some privileged processes are executed from the C:\ProgramData\Acronis, an unprivileged user can achieve arbitrary code execution with SYSTEM privileges by placing a DLL in one of several paths...

6.9CVSS7.5AI score0.00365EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/10/21 1:40 p.m.33 views

CVE-2020-10140

Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. Because some privileged processes are executed from the C:\ProgramData\Acronis, an unprivileged user can achieve arbitrary code execution with SYSTEM privileges by placing a DLL in one of several paths...

7.8CVSS7.8AI score0.00365EPSS
Exploits0References1
Veracode
Veracode
added 2020/04/10 1:1 a.m.41 views

Information Disclosure

kernel is vulnerable to information disclosure. The vulnerability exists as /proc/PID/io is world-readable by default. Previously, these files could be read without any further restrictions. A local, unprivileged user could read these files, belonging to other, possibly privileged processes to...

2.1CVSS3AI score0.00483EPSS
Exploits1References10Affected Software2
BDU FSTEC
BDU FSTEC
added 2020/04/06 12:0 a.m.7 views

The vulnerability of the apport operating system’s error registration service, related to deficiencies in access control, allows a malicious actor to create a publicly accessible report of the software bug for privileged processes.

The vulnerability of the apport system’s error reporting service in the Ubuntu operating system is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to create a publicly accessible report of the software bug for privileged processes...

7CVSS5.4AI score0.00401EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/12/18 12:0 a.m.24 views

EulerOS 2.0 SP3 : systemd (EulerOS-SA-2019-2671)

According to the version of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an...

4.7CVSS6.4AI score0.00298EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2019/08/06 2:16 p.m.5 views

systemd: kills privileged process if unprivileged PIDFile was tampered

It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user e.g. User field set in the service file, a local attacker who is able to write to the PIDFile of the mentioned service may use this fl...

4.7CVSS5.8AI score0.00298EPSS
Exploits0References4
OSV
OSV
added 2019/04/17 3:29 p.m.4 views

CVE-2018-4004

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the disconnectService functionality. A non-root user is able to kill any privileged process on the system. An attacker would need local access to the machine for a successful exploit...

5.5CVSS5.8AI score0.00376EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2019/04/17 12:0 a.m.6 views

PT-2019-10744 · Feingeist · Shimo Vpn

Name of the Vulnerable Software and Affected Versions: Shimo VPN version 4.1.5.1 Description: A privilege escalation issue exists in the helper service, specifically in the disconnectService functionality. This allows a non-root user to kill any privileged process on the system. An attacker needs...

7.1CVSS6AI score0.00376EPSS
Exploits1References3
CNVD
CNVD
added 2019/03/22 12:0 a.m.4 views

Mozilla Firefox Information Disclosure Vulnerability (CNVD-2019-08535)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in versions of Mozilla Firefox prior to 66. An attacker could exploit the vulnerability to bypass sandboxing protections and read neighboring data in Chrome's privileged...

7.5CVSS8.6AI score0.01127EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/02/01 12:0 a.m.52 views

Oracle Linux 7 : polkit (ELSA-2019-0230)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-0230 advisory. - Fix of CVE-2019-6133, PID reuse via slow fork Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note tha...

6.7CVSS6.9AI score0.00446EPSS
Exploits0References2
Fedora
Fedora
added 2019/01/22 1:35 a.m.39 views

[SECURITY] Fedora 28 Update: polkit-0.115-2.1.fc28

polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes...

9CVSS2.6AI score0.11483EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2019/01/14 10:29 p.m.5 views

CVE-2018-16888

It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user e.g. User field set in the service file, a local attacker who is able to write to the PIDFile of the mentioned service may use this fl...

4.7CVSS5.5AI score0.00298EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2019/01/14 10:29 p.m.26 views

CVE-2018-16888

It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user e.g. User field set in the service file, a local attacker who is able to write to the PIDFile of the mentioned service may use this fl...

4.7CVSS6.2AI score0.00298EPSS
Exploits0References5
Fedora
Fedora
added 2019/01/13 2:32 a.m.28 views

[SECURITY] Fedora 29 Update: polkit-0.115-4.2.fc29

polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes...

9CVSS2.6AI score0.11483EPSS
Exploits1
Veracode
Veracode
added 2019/01/04 2:50 a.m.34 views

Denial Of Service (DoS)

libsystemd.so is vulnerable to denial of service. It does not perform any checks on the contents of the PIDFile file of a service, which would allow a local attacker to trick the systemd into killing privileged processes by tampering with the PIDFile of a service...

4.7CVSS5.7AI score0.00298EPSS
Exploits0References8Affected Software2
RedhatCVE
RedhatCVE
added 2019/01/02 1:19 p.m.37 views

CVE-2018-16888

It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user e.g. User field set in the service file, a local attacker who is able to write to the PIDFile of the mentioned service may use this fl...

4.7CVSS2.6AI score0.00298EPSS
Exploits0References1
Fedora
Fedora
added 2018/12/11 1:58 a.m.39 views

[SECURITY] Fedora 28 Update: polkit-0.115-2.fc28

polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes...

9CVSS2.6AI score0.11483EPSS
Exploits1
OSV
OSV
added 2018/11/14 3:29 p.m.3 views

CVE-2018-6080

Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes...

6.5CVSS7.4AI score0.01373EPSS
Exploits1References5
Prion
Prion
added 2018/11/14 3:29 p.m.16 views

Design/Logic Flaw

Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes...

4.3CVSS6.6AI score0.01373EPSS
Exploits1References5Affected Software5
Debian CVE
Debian CVE
added 2018/11/14 3:0 p.m.46 views

CVE-2018-6080

Removed by vendor...

6.5CVSS8AI score0.01373EPSS
Exploits1
Rows per page
Query Builder