Lucene search
K

212 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 3:51 a.m.2 views

SUSE CVE-2020-28935

NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for...

4.4CVSS6.5AI score0.00484EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 3:51 a.m.2 views

SUSE CVE-2020-35508

A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process...

4.5CVSS6AI score0.00225EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/02/13 12:0 a.m.3 views

PT-2023-35127 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.92 Description: The issue is related to the bpf in the Linux Kernel, specifically with skipping tasks with pid=1 in send signal common. The actual impact and attack plausibility have not yet been proven...

7.2AI score
Exploits0References1
OSV
OSV
added 2022/09/20 6:15 p.m.3 views

CVE-2017-20147

In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript uses a PID file that is writable by the smokeping user. By writing arbitrary PIDs to that file, the smokeping user can cause a denial of service to arbitrary PIDs when the service is stopped...

6.5CVSS5.9AI score0.00855EPSS
Exploits1References2
OSV
OSV
added 2022/09/20 6:15 p.m.4 views

UBUNTU-CVE-2017-20147

In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript uses a PID file that is writable by the smokeping user. By writing arbitrary PIDs to that file, the smokeping user can cause a denial of service to arbitrary PIDs when the service is stopped...

6.5CVSS5.9AI score0.00855EPSS
Exploits1References4
GitLab Advisory Database
GitLab Advisory Database
added 2022/03/31 12:0 a.m.6 views

Insecure Temporary File in SWHKD

SWHKD is a display protocol-independent hotkey daemon made in Rust. In SWHKD versions 1.1.5 and prior, SWHKD uses the /tmp/swhkd.pid pathname. As /tmp is accessible to all users, there can be an information leak or denial of service. No known workarounds exist. A patch is available on the 1.1.0...

7.8CVSS7.1AI score0.00506EPSS
Exploits1References6Affected Software1
RedHat Linux
RedHat Linux
added 2022/02/22 3:16 p.m.5 views

unbound: symbolic link traversal when writing PID file

A symbolic link traversal vulnerability was found in unbound in the way it writes its PID file while starting up. This flaw allows a local attacker with access to the unbound user to set up a link to another file, owned by root, and make unbound overwrite it during its next restart, destroying th...

5.5CVSS7.2AI score0.00484EPSS
Exploits0References4
Kitploit
Kitploit
added 2022/02/02 11:30 a.m.33 views

Phant0m - Windows Event Log Killer

Svchost is essential in the implementation of so-called shared service processes, where a number of services can share a process in order to reduce resource consumption. Grouping multiple services into a single process conserves computing resources, and this consideration was of particular concer...

7.3AI score
Exploits0References6
OSV
OSV
added 2021/12/22 6:15 a.m.3 views

CVE-2021-45459

lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js allows command injection via the PID parameter...

9.8CVSS5.8AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2021/07/20 9:30 p.m.5 views

kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent

A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process...

4.5CVSS6.7AI score0.00225EPSS
Exploits0References4
OSV
OSV
added 2021/06/22 11:2 a.m.4 views

OESA-2021-1230 polkit security update

polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes. Security Fixes: A flaw was found in polkit. When a requesting process disconnects from dbus-daemon just before the call to polkitsystembusnamegetcredssync...

7.8CVSS6.7AI score0.22193EPSS
Exploits37References2
Veracode
Veracode
added 2021/05/25 6:9 a.m.12 views

Denial Of Service (DoS)

ktbs.dev/teler/pkg/errors is vulnerable to denial of service. The vulnerability exists when running teler inside a Docker container and when encounter errors.Exit function, it is unable to get process ID and process group ID of teler to properly kill the error process...

7.5CVSS3.4AI score0.01412EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2021/05/24 12:0 a.m.40 views

NULL Pointer Dereference

In teler before version 0.0.1, if you run teler inside a Docker container and encounter errors.Exit function, it will cause denial-of-service SIGSEGV because it doesn't get process ID and process group ID of teler properly to kills. The issue is patched in teler 0.0.1 and 0.0.1-dev5.1...

7.5CVSS3.6AI score0.01412EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2021/05/18 4:7 p.m.13 views

kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent

A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process...

4.5CVSS6.7AI score0.00225EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/05/18 2:39 p.m.4 views

unbound: symbolic link traversal when writing PID file

A symbolic link traversal vulnerability was found in unbound in the way it writes its PID file while starting up. This flaw allows a local attacker with access to the unbound user to set up a link to another file, owned by root, and make unbound overwrite it during its next restart, destroying th...

5.5CVSS7.2AI score0.00484EPSS
Exploits0References4
OSV
OSV
added 2021/04/20 4:46 p.m.2 views

GHSA-G4MQ-6FP5-QWCF Ansible vulnerable to Exposure of Resource to Wrong Sphere and Insecure Temporary File

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask...

5CVSS6.7AI score0.004EPSS
Exploits1References15
OSV
OSV
added 2021/03/26 5:15 p.m.1 views

DEBIAN-CVE-2020-35508

A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process...

4.5CVSS6.3AI score0.00225EPSS
Exploits0References1
OSV
OSV
added 2021/03/26 5:15 p.m.14 views

AZL-6528 CVE-2020-35508 affecting package kernel for versions less than 5.10.78.1-1

A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process...

4.5CVSS6.6AI score0.00225EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2021/03/26 4:45 p.m.38 views

CVE-2020-35508

A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process...

4.5CVSS5.7AI score0.00225EPSS
Exploits0
Cvelist
Cvelist
added 2021/03/26 4:45 p.m.46 views

CVE-2020-35508

A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process...

5.3AI score0.00225EPSS
Exploits0References3
Rows per page
Query Builder