Lucene search
K

211 matches found

Positive Technologies
Positive Technologies
added 2025/09/20 12:0 a.m.6 views

PT-2025-38638

Name of the Vulnerable Software and Affected Versions Starch versions 0.14 and earlier Description Starch generates session IDs insecurely. The default session ID generator returns a SHA-1 hash seeded with a counter, the epoch time, the built-in rand function, the PID, and internal Perl reference...

9.1CVSS6.7AI score0.00336EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2017-14610

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might...

7.8CVSS7.5AI score0.00322EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/05 11:23 p.m.13 views

CVE-2025-9934

A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2415B20250515. This affects the function sub410C34 of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument pid results in command injection. Remote exploitation of the attack is possible. The exploit has been made public and...

6.5CVSS6.8AI score0.03738EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/08/14 12:0 a.m.5 views

FreeBSD : p5-Authen-SASL -- Insecure source of randomness (defe9a20-781e-11f0-97c4-40b034429ecf)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the defe9a20-781e-11f0-97c4-40b034429ecf advisory. p5-Authen-SASL project reports: Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl...

6.5CVSS5.5AI score0.00394EPSS
Exploits0References3
OSV
OSV
added 2025/07/17 2:15 p.m.1 views

DEBIAN-CVE-2025-40924

Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a usually SHA-1 hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID wil...

6.5CVSS5.3AI score0.00252EPSS
Exploits0References1
OSV
OSV
added 2025/07/17 2:15 p.m.3 views

UBUNTU-CVE-2025-40924

Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a usually SHA-1 hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID wil...

6.5CVSS5.8AI score0.00252EPSS
Exploits0References5
OSV
OSV
added 2025/07/16 1:15 p.m.3 views

UBUNTU-CVE-2025-40923

Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if i...

7.3CVSS5.8AI score0.00329EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/02/12 12:0 a.m.5 views

PT-2025-6417 · Amd +1 · Amd Crash Defender +1

Name of the Vulnerable Software and Affected Versions: AMD Crash Defender affected versions not specified Description: The issue is related to improper input validation in AMD Crash Defender, which could allow an attacker to provide the Windows system process ID to a kernel-mode driver. This coul...

5.5CVSS6.9AI score0.00126EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/02/11 12:0 a.m.2 views

AMD Graphics Driver 输入验证错误漏洞

AMD Graphics Driver is an integrated graphics driver from UltraMicroelectronics AMD. AMD Graphics Driver suffers from an input validation error vulnerability that stems from incorrect input validation could allow an attacker to provide the Windows® system process ID to the kernel-mode driver, whi...

5.5CVSS6.4AI score0.00126EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/25 12:0 a.m.11 views

PT-2024-38682 · Unknown · Sensei Mac Cleaner

Name of the Vulnerable Software and Affected Versions: Sensei Mac Cleaner affected versions not specified Description: The issue allows an attacker to perform multiple operations as the root user, including arbitrary file deletion and writing, loading and unloading daemons, manipulating file...

7.8CVSS7AI score0.00151EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2024/10/14 12:0 a.m.2025 views

Vivo Fibra Askey RTF8225VW Command Execution

--- Exploit 1 Documentation on the Vivo Fibra Modem Exploit I discovered an exploit that allows access to the sh shell on the Vivo Fibra modem. This method essentially involves terminating the aspsh shell and invoking sh using the output of cat /dev/null. Using the pipe | is crucial for this...

7.4AI score
Exploits0
CNNVD
CNNVD
added 2023/05/08 12:0 a.m.6 views

Apache bRPC 输入验证错误漏洞

Apache bRPC is the United States Apache Apache Foundation's industrial-grade RPC framework for building reliable and high-performance services. An input validation error vulnerability exists in Apache bRPC that stems from improper input validation in the product and can be exploited by an attacke...

9.8CVSS7.8AI score0.01522EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/05/04 12:0 a.m.5 views

Shimo VPN 授权问题漏洞

Shimo VPN is a VPN Virtual Private Network software for macOS platform. Mailbutler GmbH Shimo VPN Client for macOS version v5.0.4 suffers from a security vulnerability that stems from a vulnerability in the help tool that allows attackers to bypass authentication via PID reuse...

9.8CVSS8.4AI score0.01087EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:53 a.m.2 views

SUSE CVE-2011-1784

The pidfilewrite function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the 1 keepalived.pid, 2 checkers.pid, and 3 vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files...

3.6CVSS6.4AI score0.00367EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:30 a.m.4 views

SUSE CVE-2014-1832

Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on 1 controlprocess.pid or a 2 generation- file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831...

2.1CVSS6.6AI score0.00371EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:39 a.m.4 views

SUSE CVE-2017-14159

slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command, ...

4.7CVSS9.1AI score0.00349EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:19 a.m.3 views

SUSE CVE-2019-2389

Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11;...

5.3CVSS5.1AI score0.00305EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:8 a.m.4 views

SUSE CVE-2019-15790

Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through getpidinfo in data/apport. An unprivileged user could exploit this to read information about a privileged...

3.3CVSS6.6AI score0.00484EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:56 a.m.2 views

SUSE CVE-2020-15702

TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate...

7CVSS7.4AI score0.0046EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:51 a.m.1 views

SUSE CVE-2020-28935

NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for...

4.4CVSS6.5AI score0.00484EPSS
Exploits0References9
Rows per page
Query Builder