CVE-2024-29435

An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId parameter...

ALLDATA 安全漏洞

ALLDATA is an online resource for automotive OEM information from ALLDATA, Inc. It provides diagnostic and repair information for vehicle manufacturers. A security vulnerability exists in ALLDATA version v0.4.6 that originated from allowing an attacker to run arbitrary commands via the processId...

kernel: drm/amdkfd: Fix double release compute pasid

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix double release compute pasid If kfdprocessdeviceinitvm returns failure after vm is converted to compute vm and vm-pasid set to compute pasid, KFD will not take pdd-drmfile reference. As a result, drm close file...

PT-2023-22636 · Unknown · Shimo Vpn Client

Name of the Vulnerable Software and Affected Versions: Shimo VPN Client for macOS version 5.0.4 Description: An issue in the helper tool of Shimo VPN Client for macOS allows attackers to bypass authentication via PID re-use. Recommendations: For Shimo VPN Client for macOS version 5.0.4, update to...

DEBIAN-CVE-2023-24626

socket.c in GNU Screen through 4.9.0, when installed setuid or setgid the default on platforms such as Arch Linux and FreeBSD, allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process...

Exploit for Untrusted Pointer Dereference in Microsoft

CVE-2023-21768-POC CVE-2023-21768: Windows 11 2...

SUSE CVE-2011-2705

The SecureRandom.randombytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an...

SUSE CVE-2013-4277

Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option...

SUSE CVE-2019-20794

An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace, and mount a FUSE filesystem. Upon interaction with this FUSE filesystem, if the userspace component is terminated via a kill of the PID...

SmokePing 安全漏洞

SmokePing is a network monitoring software developed by Tobias Oetiker, a Swiss software developer. The program's function is to monitor network performance, including monitoring www server performance, monitoring DNS query performance, monitoring SSH performance, and so on. A security...

PT-2022-2284 · Swhkd · Swhkd

Name of the Vulnerable Software and Affected Versions: SWHKD version 1.1.5 Description: The issue is related to the unsafe use of the /tmp/swhks.pid pathname, which can lead to data loss or a denial of service. An attacker could exploit this to impact data integrity or cause a service disruption...

Process-Dump - Windows Tool For Dumping Malware PE Files From Memory Back To Disk For Analysis

Process Dump is a Windows reverse-engineering command-line tool to dump malware memory components back to disk for analysis. Often malware files are packed and obfuscated before they are executed in order to avoid AV scanners, however when these files are executed they will often unpack or inject...

polkit 代码问题漏洞

polkit is a component for controlling system-wide permissions in Unix-like operating systems. It enables communication between processes of different priority by defining and auditing permission rules. A code issue vulnerability exists in polkit that stems from the inability of a requesting proce...

CVE-2020-14317

It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform - Continuous Delivery EAP-CD introducing regression. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script ...

The vulnerability of the Exim message transfer agent, related to privilege management errors, allows a hacker to elevate their privileges within the system.

The vulnerability of the Exim message transfer agent is related to privilege management errors. Exploiting this vulnerability can allow an attacker to elevate privileges within the system by sending the file’s PID...

Exim 权限许可和访问控制问题漏洞

Exim is an open source messaging agent MTA that runs on Unix systems and is responsible for routing, forwarding and delivering mail. Exim suffers from a privilege-permission and access-control issue vulnerability that stems from an insecure way in which the application uses a PID file. A local us...

UBUNTU-CVE-2020-28588

An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0 and is still present in v5.10-rc4, so it’s likely that all...

CVE-2020-15702

TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate...

wildfly: Race condition on PID file allows for termination of arbitrary processes by local users

A flaw was discovered in wildfly that would allow local users, who are able to execute init.d script, to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root...

DEBIAN-CVE-2011-1136

In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file...