CVE-2022-40284

A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon...

CVE-2022-40284

A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon...

Exploit for Command Injection in Zmanda Amanda

Suggested description Amanda 3.5.1 has a flaw that allows...

CVE-2022-3421

An attacker can pre-create the /Applications/Google\ Drive.app/Contents/MacOS directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is run for the first time, it will place a binary in that directory with execute permissions and set i...

CVE-2022-3421

An attacker can pre-create the /Applications/Google\ Drive.app/Contents/MacOS directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is run for the first time, it will place a binary in that directory with execute permissions and set i...

Code injection

An attacker can pre-create the /Applications/Google\ Drive.app/Contents/MacOS directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is run for the first time, it will place a binary in that directory with execute permissions and set i...

CVE-2022-3421 Privilege escalation in Google Drive for Desktop on MacOS

An attacker can pre-create the /Applications/Google\ Drive.app/Contents/MacOS directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is run for the first time, it will place a binary in that directory with execute permissions and set i...

Google Drive for desktop 安全漏洞

Google Drive for desktop is a desktop synchronization client from Google USA. It allows you to easily manage and share content across all your devices and in the cloud. A security vulnerability exists in Google Drive for desktop versions prior to 64.0, which stems from the fact that an attacker c...

PT-2022-22080 · Google · Google Drive For Desktop

Name of the Vulnerable Software and Affected Versions: Google Drive for Desktop versions prior to 64.0 Description: An attacker can pre-create the "/Applications/Google Drive.app/Contents/MacOS" directory, which is expected to be owned by root, to be owned by a non-root user. When the Drive for...

CVE-2022-3421

CVE-2022-3421 (Google Drive for Desktop on macOS) is a privilege-escalation vulnerability affecting versions prior to 64.0. An attacker can pre-create the directory /Applications/Google Drive.app/Contents/MacOS, which should be root-owned. On first install, the installer places a binary in that d...

EulerOS Virtualization 3.0.6.6 : iproute (EulerOS-SA-2022-2507)

According to the versions of the iproute package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - iproute2 before 5.1.0 has a use-after-free in getnetnsidfromname in ip/ipnetns.c. NOTE: security relevance may be limited to...

Debian DSA-5233-1 : e17 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5233 advisory. - enlightenmentsys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames tha...

PT-2022-4899 · Unknown · Enlightenment

Name of the Vulnerable Software and Affected Versions: Enlightenment versions prior to 0.25.4 Description: The issue is related to the Enlightenment window manager's system file, specifically with the enlightenment sys component. It is setuid root and mishandles pathnames that begin with a /dev/...

CVE-2021-3020

An issue was discovered in ClusterLabs Hawk aka HA Web Konsole through 2.3.0-15. It ships the binary hawkinvoke built from tools/hawkinvoke.c, intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root with an attempt to limit this to safe...

Ubuntu: Security Advisory (USN-72-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-94-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-3020

Removed by vendor...

CVE-2021-3020

An issue was discovered in ClusterLabs Hawk aka HA Web Konsole through 2.3.0-15. It ships the binary hawkinvoke built from tools/hawkinvoke.c, intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root with an attempt to limit this to safe...

CVE-2021-3999

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd in a setuid program could use this flaw to potentially execute...

CVE-2021-3999

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd in a setuid program could use this flaw to potentially execute...