7 matches found
Code injection
GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365...
CVE-2019-18192
GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365...
CVE-2019-18192
GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365...
CVE-2019-17365
Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable...
CVE-2019-17365
Summary: CVE-2019-17365 affects Nix up to version 2.3, where local users can gain access to arbitrary user accounts due to the parent directory of user-profile directories being world-writable. This local elevation of privilege is supported by multiple related entries (e.g., Red Hat and NVD recor...
NixOS Nix CVE-2019-17365 Local Privilege Escalation Vulnerability
Description NixOS Nix is prone to a local privilege-escalation vulnerability. An attacker may exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. Nix versions through 2.3 are vulnerable. Technologies Affected NixOS Nix 1.0 NixOS Nix 1.5 NixOS Nix 1.9...
Wacom update helper tool startProcess privilege escalation vulnerability
Summary An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the startProcess command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to...