8022 matches found
CVE-2023-1326 local privilege escalation in apport-cli
A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate...
CVE-2023-1326
A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate...
UBUNTU-CVE-2023-1326
A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate...
PT-2023-16898 · Unknown +2 · Apport-Cli +2
Name of the Vulnerable Software and Affected Versions: apport-cli versions 2.26.0 and earlier Description: A privilege escalation attack was found, similar to a known issue, which can be exploited by a local attacker if the system is specially configured. This configuration includes allowing...
The vulnerability of the command-line interface (CLI) of Cisco Aironet Access Point microprogramming software allows a attacker to execute arbitrary commands with root privileges.
The vulnerability of the command-line interface CLI of Cisco Aironet Access Point software exists because measures to neutralize special elements used in operating system commands have not been taken. Exploiting this vulnerability allows an attacker to execute arbitrary commands with root...
CVE-2023-29581
yasm 1.3.0.55.g101bc has a segmentation violation in the function deleteToken at modules/preprocs/nasm/nasm-pp.c. NOTE: although a libyasm application could become unavailable if this were exploited, the vendor's position is that there is no security relevance because there is either supposed to ...
CVE-2023-29580
yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the component yasmexprcreate at /libyasm/expr.c...
Vulnerabilities fixed in Fortinet FortiWeb and FortiADC
Fortinet has fixed vulnerabilities in FortiWeb and FortiADC. A malicious party can exploit the vulnerability with reference CVE-2022-43955 exploit to perform a cross-site scripting attack XSS on the web interface of the vulnerable systems. Such an attack can lead to execution of code within the...
CVE-2023-26554
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\0' character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd...
CVE-2023-26551
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cpcpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd...
CVE-2023-26553
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd...
vitess allows users to create keyspaces that can deny access to already existing keyspaces
Impact Users can either intentionally or inadvertently create a keyspace containing / characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces using vtctldclient GetKeyspaces will also return an error. Note th...
Privilege Escalation
org.apache.james:james-server-cli is vulnerable to Privilege Escalation. The library does not require admin privileges to access the JMX management service by default, which allows a local authenticated attacker to elevate their privileges...
[SECURITY] Fedora 37 Update: podman-4.4.4-3.fc37
podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...
CVE-2023-20153
Multiple vulnerabilities in specific Cisco Identity Services Engine ISE CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid...
CVE-2023-20023
Multiple vulnerabilities in specific Cisco Identity Services Engine ISE CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid...
CVE-2023-20022
Multiple vulnerabilities in specific Cisco Identity Services Engine ISE CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid...
Command injection
Multiple vulnerabilities in specific Cisco Identity Services Engine ISE CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid...
CVE-2023-20021
Multiple vulnerabilities in specific Cisco Identity Services Engine ISE CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid...
CVE-2023-20023 Cisco Identity Services Engine Privilege Escalation Vulnerabilities
Multiple vulnerabilities in specific Cisco Identity Services Engine ISE CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid...