Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Gentoo Linux
Gentoo Linuxadded 2022/09/25 12:0 a.m.36 views

Logcheck: Root privilege escalation

Background Logcheck mails anomalies in the system logfiles to the administrator. Description The pkgpostinst phase of the Logcheck ebuilds recursively chown the /etc/logcheck and /var/lib/logcheck directories. If the logcheck adds hardlinks to other files in these directories, the chown call will...

9.8CVSS2.2AI score0.00326EPSS
Exploits1
NVD
NVDadded 2019/11/21 6:15 p.m.9 views

CVE-2019-19191

Shibboleth Service Provider SP 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user the shibd account after installation. This allows the user to escalate to root by pointing symlinks to files such as /etc/shadow...

7.8CVSS7.6AI score0.00172EPSS
Exploits1References3
OSV
OSVadded 2019/11/21 6:15 p.m.5 views

CVE-2019-19191

Shibboleth Service Provider SP 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user the shibd account after installation. This allows the user to escalate to root by pointing symlinks to files such as /etc/shadow...

7.8CVSS7.6AI score
Exploits0References3
CNVD
CNVDadded 2018/01/08 12:0 a.m.3 views

GNU Coreutils Arbitrary File Modification Vulnerability

GNU Coreutils GNU Core Utilities, GNU Core Utilities is a package developed by the GNU Project that contains several basic tools required for Unix-like applications, such as textutils textutils, shellutils shell utilities, fileutils file utilities, and so on. A security vulnerability exists in GN...

7.1CVSS6.7AI score0.00056EPSS
Exploits1References1
UbuntuCve
UbuntuCveadded 2017/11/24 5:29 a.m.15 views

CVE-2017-16933

etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2USER account for creation of a link...

7CVSS7.1AI score0.0003EPSS
Exploits1References2
Prion
Prionadded 2017/09/28 1:29 a.m.8 views

Design/Logic Flaw

The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use...

7.2CVSS6.9AI score0.00361EPSS
Exploits3References8Affected Software1
Prion
Prionadded 2014/04/16 6:37 p.m.15 views

Design/Logic Flaw

kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown...

7.5CVSS8AI score0.01486EPSS
Exploits1References3Affected Software3
Tenable Nessus
Tenable Nessusadded 2008/02/06 12:0 a.m.9 views

SuSE 10 Security Update : Geronimo (ZYPP Patch Number 4967)

A chown in the geronimo init script could change ownership of directories it did not own, due to following symlinks. The default setup would corrupt /var/tmp on start. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

5.5AI score
Exploits0
Rows per page
Query Builder