Lucene search
K

575 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2021-21290

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers &...

6.2CVSS6.2AI score0.01777EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/07/08 12:0 a.m.5 views

PT-2025-28647

Name of the Vulnerable Software and Affected Versions Git versions 2.43.7 through 2.50.1 Description Git contains a link following vulnerability stemming from inconsistent handling of carriage return characters in configuration files. This flaw allows attackers to execute arbitrary code via...

8.6CVSS8.4AI score0.02775EPSS
Exploits9References243
Metasploit
Metasploit
added 2025/05/29 6:52 p.m.345 views

PHP Exec

Execute a PHP payload as an OS command from a Posix-compatible shell Module Options msf use payload/cmd/unix/php/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf payloadmeterpreterreversetcp show options ...show and...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 1:14 a.m.14 views

CVE-2022-41954

MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems not Windows or macos, MPXJ's use of File.createTempFile.. results in temporary files being created with the permissions -rw-r--r--. This means that any other...

3.3CVSS6.2AI score0.00208EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:20 p.m.9 views

CVE-2021-22572

On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is File.createTempFile creates files in the the system temporary directory with world readable permissions. Any sensitive information written to theses files is visible to all other loc...

5.5CVSS6.3AI score0.00128EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:18 p.m.6 views

CVE-2021-21331

The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive...

4.3CVSS6.3AI score0.00563EPSS
Exploits0References1
Rosalinux
Rosalinux
added 2025/04/11 9:49 p.m.11 views

Advisory ROSA-SA-2025-2807

Software: less 530 OS: ROSA Virtualization 3.0 packageevrstring: less-530-3.rv30 CVE-ID: CVE-2022-48624 BDU-ID: 2024-04438 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the closealtfile filename.c function for UNIX-like Less text terminals is related to the skipping of Shellquote calls for...

7.8CVSS8.9AI score0.01059EPSS
Exploits0
Cvelist
Cvelist
added 2025/02/25 8:13 p.m.25 views

CVE-2025-27148 Gradle vulnerable to local privilege escalation through system temporary directory

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library initialization could be...

8.8CVSS0.00224EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2025/02/25 8:13 p.m.7 views

CVE-2025-27148

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library initialization could be...

8.8CVSS7.9AI score0.00224EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/14 12:47 p.m.12 views

CVE-2023-43123

On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method...

5.5CVSS5.9AI score0.00346EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2025/02/03 12:0 a.m.5 views

The vulnerability of the RIB Revalidation component of the networking routing implementation software on Unix-like systems allows a perpetrator to cause service interruptions.

The vulnerability of the RIB Revalidation component of the networking routing implementation software on Unix-like systems is related to errors in resource release. Exploiting this vulnerability can allow a malicious actor to cause service failures...

7.8CVSS7.3AI score0.00823EPSS
Exploits0References4Affected Software3
Redos
Redos
added 2025/01/21 12:0 a.m.18 views

ROS-20250121-04

A vulnerability in the RIB Revalidation component of a software tool that implements network routing on Unix-like FRRouting systems is related to the launch of RIB reanalysis for FRR routers. Unix-like FRRouting systems is related to triggering RIB reanalysis for FRR routers, using RTR, causing...

7.5CVSS6.8AI score0.00823EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/01/18 12:0 a.m.4 views

PT-2025-4606 · Gitoxide · Gitoxide

Name of the Vulnerable Software and Affected Versions: gitoxide versions prior to 0.17.0 Description: The issue arises from the gix-worktree-state specifying 0777 permissions when checking out executable files. This is intended to be restricted by the umask, but one of the strategies used to set...

6.8CVSS6.2AI score0.00361EPSS
Exploits0References20
NVD
NVD
added 2024/12/23 4:15 p.m.16 views

CVE-2024-53256

Rizin is a UNIX-like reverse engineering framework and command-line toolset. rizin.c still had an old snippet of code which suffered a command injection due the usage of rzcorecmdf to invoke the command m which was removed in v0.1.x. A malicious binary defining bclass part of RzBinInfo is execute...

7.8CVSS0.01176EPSS
Exploits0References3
OSV
OSV
added 2024/12/23 3:17 p.m.6 views

CVE-2024-53256 Rizin has a command injection via RzBinInfo bclass due legacy code

Rizin is a UNIX-like reverse engineering framework and command-line toolset. rizin.c still had an old snippet of code which suffered a command injection due the usage of rzcorecmdf to invoke the command m which was removed in v0.1.x. A malicious binary defining bclass part of RzBinInfo is execute...

7.8CVSS7.3AI score0.01176EPSS
Exploits0References5
CNVD
CNVD
added 2024/11/20 12:0 a.m.2 views

Unspecified vulnerability in FreeBSD (CNVD-2025-09233)

FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. FreeBSD has security vulnerabilities, and no detailed vulnerability details are provided at this time...

6.5CVSS6.8AI score0.00305EPSS
Exploits0References1
CNVD
CNVD
added 2024/11/20 12:0 a.m.9 views

Unspecified vulnerability in FreeBSD (CNVD-2025-09234)

FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. FreeBSD has security vulnerabilities, and no detailed vulnerability details are provided at this time...

6.5CVSS6.8AI score0.00378EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/11 12:0 a.m.2 views

Mutt 安全漏洞

Mutt is a text-based e-mail client for Unix-like systems developed by Michael Elkins. A security vulnerability exists in Mutt, which stems from the To and Cc e-mail headers not being verified by cryptographic signatures, thereby compromising the confidentiality of the e-mail...

6.5CVSS7.2AI score0.00331EPSS
Exploits0References2
OSV
OSV
added 2024/11/08 3:7 p.m.2 views

OESA-2024-2351 hadoop security update

Apache Hadoop is a framework that allows for the distributed processing of large data sets across clusters of computers using simple programming models. It is designed to scale up from single servers to thousands of machines, each offering local computation and storage. Security Fixes: Apache...

6.2CVSS6.4AI score0.00383EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/10/30 12:0 a.m.4 views

The vulnerability of the password_change.cgi web interface for Unix-like systems, Usermin, allows a perpetrator to execute an attack using brute-force methods.

The vulnerability of the passwordchange.cgi script in the Webmin hosting panel and the web interface for Unix-like systems, Usermin, is related to deficiencies in the error reporting mechanism. Exploiting this vulnerability allows a malicious actor to execute an attack using brute-force methods...

5.3CVSS5.6AI score0.02499EPSS
Exploits5References6Affected Software2
Rows per page
Query Builder