Lucene search
+L

30 matches found

CVE
CVE
added 2024/11/14 7:7 p.m.75 views

CVE-2024-10394

CVE-2024-10394 describes a local vulnerability in OpenAFS where an attacker can bypass the PAG throttling on Unix clients, allowing the creation of a PAG with an existing id and potentially stealing credentials in that PAG. Multiple connected advisories confirm the issue affects OpenAFS and outli...

8.4CVSS5.8AI score0.00202EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/11/14 7:7 p.m.15 views

CVE-2024-10394 Theft of credentials in Unix client PAGs

A local user can bypass the OpenAFS PAG Process Authentication Group throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the PAG and letting the user steal the credentials in that PAG...

8.4CVSS7.1AI score0.00202EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/11/14 12:0 a.m.5 views

PT-2024-16242 · Openafs +1 · Openafs +1

Name of the Vulnerable Software and Affected Versions: OpenAFS affected versions not specified Description: A local user can bypass the OpenAFS PAG Process Authentication Group throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining...

8.4CVSS5.6AI score0.00563EPSS
Exploits0References26
Fedora
Fedora
added 2023/11/06 1:30 a.m.30 views

[SECURITY] Fedora 39 Update: xorg-x11-server-Xwayland-23.2.2-1.fc39

Xwayland is an X server for running X clients under Wayland...

7.8CVSS7.3AI score0.0062EPSS
Exploits0
CNNVD
CNNVD
added 2022/10/12 12:0 a.m.3 views

FreeRDP 安全漏洞

FreeRDP is an open source implementation of the Remote Desktop Protocol RDP from the FreeRDP team. A security vulnerability exists in FreeRDP versions prior to 2.8.1, which stems from the fact that a FreeRDP-based client on a unix system using the /parallel command line switch may read...

7.5CVSS6.4AI score0.00829EPSS
Exploits0References13
RedHat Linux
RedHat Linux
added 2021/11/09 5:37 p.m.4 views

squid: improper input validation in HTTP Range header

An incorrect input validation flaw was found in Squid, where it is vulnerable to a denial of service attack against all clients using the proxy. The highest threat from this vulnerability is to system availability...

6.5CVSS5.7AI score0.95785EPSS
Exploits2References5
IBM Security Bulletins
IBM Security Bulletins
added 2019/02/07 11:0 p.m.35 views

Security Bulletin: IBM Spectrum Protect (formerly Tivoli Storage Manager) Unix Clients are vulnerable to unauthorized access to files by non-privileged users (CVE-2017-1301)

Summary IBM Spectrum Protect formerlyTivoli Storage Manager Unix Clients may use a symbolic link to provide non-privileged users access to files that require root privileges. Vulnerability Details CVEID: CVE-2017-1301 DESCRIPTION: IBM Spectrum Protect could allow a local attacker to launch a...

5.5CVSS0.8AI score0.00359EPSS
Exploits0Affected Software2
FreeBSD
FreeBSD
added 2007/09/11 12:0 a.m.37 views

samba -- nss_info plugin privilege escalation vulnerability

The Samba development team reports: The idmapad.so library provides an nssinfo extension to Winbind for retrieving a user's home directory path, login shell and primary group id from an Active Directory domain controller. This functionality is enabled by defining the "winbind nss info" smb.conf...

6.9CVSS6.3AI score0.00724EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2004/02/03 12:0 a.m.40 views

smbmountDoS.txt

Announced: 2004-02-02 Type: Denial of Service Attack on Windows Impact: smbmount can stop Windows from sharing files Writer: Daniel Kabs, Germany [email protected] Credits: Thanks to Steve Ladjabi [email protected] Contents: 1. Abstract 2. Affected Systems 3. Attack Setup 4. Symptoms 5...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2002/09/18 12:0 a.m.21 views

Cisco VPN 5000 Client - Buffer Overrun (2)

// source: https://www.securityfocus.com/bid/5734/info Buffer overrun vulnerabilities have been reported in the Cisco VPN 5000 UNIX clients available for Linux and Solaris systems. The condition affects the binaries 'closetunnel' and 'opentunnel', both installed setuid root by default. Malicious...

7.4AI score
Exploits0
Rows per page
Query Builder