CVE-2024-8807

CVE-2024-8807 : Cohesive Networks VNS3 has a command injection vulnerability in its web service (listening on port 8000 by default). The flaw stems from insufficient validation of a user-supplied string before it is used to execute a system call, allowing an attacker to run code with root privile...

CVE-2024-48336

CVE-2024-48336 affects Magisk App; the install() function in ProviderInstaller.java fails to verify the GMS app before loading it, permitting a local untrusted app to silently execute code in Magisk and escalate to root. Affected: Magisk App builds before Canary 27007. Root cause: loading code fr...

Mageia: Security Advisory (MGASA-2024-0335)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2024-0335 Updated oath-toolkit packages fix security vulnerability

pamoath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink. CVE-2024-47191...

Cisco Adaptive Security Appliance and Firepower Threat Defense Software FXOS CLI Root Privilege Escalation Vulnerability

A vulnerability in the Cisco FXOS CLI feature on specific hardware platforms for Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to elevate their administrative privileges to root. The attacker would need...

CVE-2024-47191

pamoath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink...

DEBIAN-CVE-2024-47191

pamoath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink...

AZL-50124 CVE-2024-47191 affecting package oath-toolkit for versions less than 2.6.9-2

pamoath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink...

Distro Linux Workbooth 访问控制错误漏洞

Distro Linux Workbooth is an open source application for Distro Linux. An access control error vulnerability exists in Distro Linux Workbooth version v2.5, which originates from allowing privileges to be elevated to the root user via manipulation of network configuration scripts...

UBUNTU-CVE-2024-47191

pamoath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink...

pcp: pmpost symlink attack allows escalating pcp to root user

A vulnerability was found in Performance Co-Pilot PCP. This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges...

CVE-2024-40861

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to gain root privileges...

Cisco IOX XE Unauthenticated OS Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco IOX XE unauthenticated OS command execution', 'Description' = %q This module leverages both CVE-2023-20198 and CVE-2023-20273 against...

PT-2024-6670 · Unknown +3 · Oath Toolkit +3

Name of the Vulnerable Software and Affected Versions: oath-toolkit versions 2.6.7 through 2.6.11 Description: The issue is related to a local root exploit in the PAM module pam oath.so of the oath-toolkit. It allows root privilege escalation because, in the context of PAM code running as root, i...

OESA-2024-1817 xorg-x11-server-xwayland security update

Xwayland is an X server for running X clients under Wayland. %package devel Summary: Development package Requires: pkgconfig %description devel The development package provides the developmental files which are necessary for developing Wayland compositors using Xwayland. %prep %autosetup -n...

PT-2024-4328

Name of the Vulnerable Software and Affected Versions VMware vCenter Server affected versions not specified Description The vCenter Server has multiple local privilege escalation issues stemming from a misconfiguration of sudo. An authenticated local user with non-administrative privileges can...

RHEL 8 : pcp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - pcp: unsafe use of directories allows pcp to root privilege escalation CVE-2023-6917 Note that Nessus has not teste...

SUSE: Security Advisory (SUSE-SU-2024:1629-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-27822

CVE-2024-27822 is a logic issue in macOS Sonoma components (notably PackageKit) that could allow a local app to gain root privileges. It is fixed in macOS Sonoma 14.5; affected systems should update to 14.5 to mitigate. The issue is documented as a local privilege elevation with root access poten...

CVE-2023-44404

D-Link DAP-1325 getvaluefromapp Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The...