Lucene search
+L

246 matches found

Fedora
Fedora
added 2019/07/18 5:56 p.m.29 views

[SECURITY] Fedora 30 Update: virt-bootstrap-1.1.1-1.fc30

Provides a way to create the root file system to use for libvirt containers...

7.8CVSS3.3AI score0.00568EPSS
Exploits1
Prion
Prion
added 2019/06/04 10:29 p.m.16 views

Code injection

Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassembling the image through specific methods...

4CVSS6.4AI score0.00484EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/06/04 9:35 p.m.25 views

CVE-2019-5587

Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassembling the image through specific methods...

6.5AI score0.00484EPSS
Exploits0References2
Talos
Talos
added 2019/03/26 12:0 a.m.75 views

GOG Galaxy Games createFolderAtPath privilege escalation vulnerability

Summary An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy’s Games, version 1.2.47 for macOS. An attacker can globally create directories and subdirectories on the root file system, as well as change the permissions of existing directories...

7.1CVSS5.8AI score0.00278EPSS
Exploits0
OSV
OSV
added 2019/03/23 11:8 a.m.7 views

OPENSUSE-SU-2019:0261-1 Security update for gvfs

This update for gvfs fixes the following issues: Security vulnerability fixed: - CVE-2019-3827: Fixed an issue whereby an unprivileged user was not prompted to give a password when acessing root owned files. bsc1125084 This update was imported from the SUSE:SLE-15:Update update project...

7CVSS7AI score0.00368EPSS
Exploits0References3
CNVD
CNVD
added 2019/03/12 12:0 a.m.5 views

Pixar Renderman Input Validation Vulnerability

Pixar Renderman is a rendering application used in animation and movie production. An input validation vulnerability exists in the Installation Helper tool in version 22.2.0 of Pixar Renderman for Mac OS X-based platforms. A local attacker can exploit the vulnerability to read the root file from...

7.1CVSS6.6AI score0.00522EPSS
Exploits1References1
OSV
OSV
added 2019/03/08 8:29 p.m.5 views

CVE-2018-4055

A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to read any root file from the file system. An attacker would need local access to the machine to successful...

5.5CVSS5.8AI score0.00522EPSS
Exploits1References1
OSV
OSV
added 2019/01/10 3:29 p.m.5 views

CVE-2018-4032

An exploitable privilege escalation vulnerability exists in the way the CleanMyMac X software improperly validates inputs. An attacker with local access could use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit...

5.5CVSS5.8AI score0.00306EPSS
Exploits0References1
OSV
OSV
added 2019/01/10 3:29 p.m.3 views

CVE-2018-4037

The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access can use this vulnerability to modify the file system as root...

5.5CVSS5.8AI score0.00306EPSS
Exploits0References1
CNVD
CNVD
added 2018/12/12 12:0 a.m.7 views

F5 BIG-IP APM and BIG-IP APM Clients svpn elevation of privilege vulnerability

F5 BIG-IP APM and BIG-IP APM Clients are both products of F5 Corporation in the U.S. F5 BIG-IP APM is a suite of access and security solutions. the APM Client is a suite of APM client software. svpn is one of the private VPN components. An elevation of privilege vulnerability exists in F5 BIG-IP...

7CVSS7.3AI score0.00319EPSS
Exploits0References1
NVD
NVD
added 2018/08/17 12:29 p.m.22 views

CVE-2018-5546

The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A malicious local unprivileged user may gain knowledge of...

7.8CVSS7.5AI score0.00453EPSS
Exploits1References3
OSV
OSV
added 2018/08/17 12:29 p.m.5 views

CVE-2018-5546

The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A malicious local unprivileged user may gain knowledge of...

7.8CVSS5.8AI score0.00484EPSS
Exploits1References3
OSV
OSV
added 2018/02/05 7:33 a.m.3 views

SUSE-SU-2018:0362-1 Security update for bind

This update for bind fixes several issues. This security issue was fixed: - CVE-2017-3145: Improper sequencing during cleanup could have lead to a use-after-free error that triggered an assertion failure and crash in named bsc1076118. These non-security issues were fixed: - Updated named.root fil...

7.5CVSS7.6AI score0.27725EPSS
Exploits0References5
OSV
OSV
added 2018/02/02 2:29 p.m.8 views

CVE-2017-14179

Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers...

7.8CVSS5.8AI score0.00356EPSS
Exploits0References2
CNVD
CNVD
added 2018/01/25 12:0 a.m.3 views

Arbitrary file deletion vulnerability in XiaoCms background template.php and database.php pages

Based on PHP+Mysql architecture, XiaoCms Enterprise Builder is a small, flexible, simple and easy-to-use lightweight cms. XIAOCMS background template.php and database.php page there are arbitrary file deletion vulnerability. Attackers can successfully delete files in the root directory by...

7.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2017/11/23 12:0 a.m.10 views

The vulnerability of the microprogramming software of the Trend Micro Threat Discovery Appliance lies in the improper restriction on the path to the restricted access catalog. This allows a malicious actor to delete arbitrary files with root privileges, bypass authentication procedures, or cause service failures.

The vulnerability of the microprogramming software of the Trend Micro Threat Discovery Appliance exists due to an incorrect restriction on the path name to the restricted catalog during the processing of the sessionid parameter from the cookie file. Exploiting this vulnerability allows a maliciou...

10CVSS7.7AI score0.93249EPSS
Exploits15References3Affected Software1
Cvelist
Cvelist
added 2017/11/17 2:0 a.m.28 views

CVE-2017-1000199

tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handlerqcow.so resulting in non-privileged users being able to check for existence of any file with root privileges...

7.3AI score0.01463EPSS
Exploits0References2
NVD
NVD
added 2017/09/11 10:29 p.m.24 views

CVE-2017-14312

Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account and similarly can have nagios.cfg owned by a non-root account, which allows local users to gain privileges by leveraging access to this non-ro...

7.8CVSS7.6AI score0.00332EPSS
Exploits0References3
OSV
OSV
added 2017/08/07 6:29 a.m.7 views

CVE-2017-6759

A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12.1 could allow an authenticated, remote attacker to write arbitrary files as root on the system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by...

6.5CVSS5.9AI score0.01543EPSS
Exploits0References3
OSV
OSV
added 2017/04/12 10:59 a.m.1 views

CVE-2016-7552

On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a sessionid cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS...

9.8CVSS5.9AI score0.93249EPSS
Exploits15References2
Rows per page
Query Builder