CVE-2020-15542

Summary: CVE-2020-15542 affects SolarWinds Serv-U FTP Server prior to version 15.2.1, due to mishandling of the CHMOD command. The connected documents confirm the vendor release of 15.2.1 as a fix (per Serv-U 15-2-1 release notes). Impact (as stated): The CVSS metrics in the reference indicate hi...

CVE-2020-14004

An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script run as part of the icinga2 systemd service executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrar...

CVE-2020-14004

An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script run as part of the icinga2 systemd service executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrar...

CVE-2020-14004

An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script run as part of the icinga2 systemd service executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrar...

CVE-2020-14004

An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script run as part of the icinga2 systemd service executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrar...

CVE-2020-14004

An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script run as part of the icinga2 systemd service executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrar...

CVE-2020-14004

CVE-2020-14004 affects Icinga2 prior to 2.12.0-rc1. The prepare-dirs script used by icinga2/systemd runs chmod 2750 on /run/icinga2/cmd, which is under an unprivileged user by default. If /run/icinga2/cmd is a symlink, an unprivileged icinga2 user can follow it and change arbitrary files to mode ...

CVE-2016-7097

It was found that when file permissions were modified via chmod and the user modifying them was not in the owning group or capable of CAPFSETID, the setgid bit would be cleared. Setting a POSIX ACL via setxattr sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in ...

CVE-2020-7221

mysqlinstalldb in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of authpamtooldir/authpamtool. NOTE: this does not affect the Oracle MySQL product,...

UBUNTU-CVE-2020-7221

mysqlinstalldb in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of authpamtooldir/authpamtool. NOTE: this does not affect the Oracle MySQL product,...

Privilege escalation

mysqlinstalldb in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of authpamtooldir/authpamtool. NOTE: this does not affect the Oracle MySQL product,...

CVE-2020-7221

Removed by vendor...

Linux: /etc/issue.net chmod

/etc/issue.net is a text file which contains a message or system identification to be printed before the login prompt for users who connect from the network. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it...

CVE-2012-2087

ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface...

Input validation

ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface...

CVE-2012-2087

ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface...

Linux: SSH /etc/ssh/sshd_config chown

The /etc/ssh/sshdconfig file contains configuration specifications for sshd. This should be protected from unauthorized changes by non-privileged users. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or...

cPanel Security Feature Issue Vulnerability (CNVD-2019-36151)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A security signature issue vulnerability exists in cPanel versions prior to 70.0.23. An attacker can exploit this vulnerability t...

cPanel Authorization Issues Vulnerability (CNVD-2019-36140)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. An authorization issue vulnerability exists in versions of cPanel prior to 11.54.0.4. The vulnerability stems from a lack of...

CVE-2016-10771

CVE-2016-10771 affects cPanel before 60.0.25, allowing file-create and file-chmod operations during ModSecurity Audit logfile processing (SEC-165). The issue resides in the ModSecurity audit logfile processing path, enabling unauthorized changes to filesystem state. Multiple connected sources cor...