25 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-37706
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - enlightenmentsys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles...
Exploit for Improper Privilege Management in Enlightenment
CVE-2022-37706 Exploit: Enlightenment v0.25.3 Privilege Escala...
Fedora 37 : efl / enlightenment (2022-7090749bf4)
The remote Fedora 37 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2022-7090749bf4 advisory. Update efl to 1.26.3, enlightenment to 0.25.4. Fixes CVE-2022-37706 Tenable has extracted the preceding description block directly from the Fedora...
Enlightenment v0.25.3 - Privilege escalation
Exploit Title: Enlightenment v0.25.3 - Privilege escalation Author: nu11secur1ty Date: 12.26.2022 Vendor: https://www.enlightenment.org/ Software: https://www.enlightenment.org/download Reference: https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2022-37706 CVE ID: CVE-2022-37706 Descriptio...
SUSE CVE-2022-37706
enlightenmentsys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring...
CVE-2022-37706
enlightenmentsys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring...
CVE-2022-37706
enlightenmentsys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring...
CVE-2022-37706
enlightenmentsys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring...
CVE-2022-37706
enlightenmentsys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring...
CVE-2022-37706
CVE-2022-37706 is a local privilege-escalation in Enlightenment where enlightenment_sys is setuid root and mishandles pathnames starting with /dev/.., allowing a local user to gain root privileges. Affected: Enlightenment before 0.25.4 (enlightenment_sys binary). Root cause: insecure handling of ...
Fedora 36 : efl / enlightenment (2022-0cc77b384a)
The remote Fedora 36 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2022-0cc77b384a advisory. Update efl to 1.26.3, enlightenment to 0.25.4. Fixes CVE-2022-37706 Tenable has extracted the preceding description block directly from the Fedora...
openSUSE 15 Security Update : enlightenment (openSUSE-SU-2022:10153-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:10153-1 advisory. - enlightenmentsys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function...
Security update for enlightenment (important)
openSUSE Security Update: Security update for enlightenment Announcement ID: openSUSE-SU-2022:10153-1 Rating: important References: 1203631 Cross-References: CVE-2022-37706 Affected Products: openSUSE Backports SLE-15-SP4 An update that fixes one vulnerability is now available. Description: This...
Mageia: Security Advisory (MGASA-2022-0360)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated enlightenment packages fix security vulnerability
Updated enlightenment package to fix the security vulnerability, CVE-2022-37706 that would allow an user to gain root privileges...
MGASA-2022-0360 Updated enlightenment packages fix security vulnerability
Updated enlightenment package to fix the security vulnerability, CVE-2022-37706 that would allow an user to gain root privileges...
Ubuntu 22.04.1 X64 Desktop Enlightenment 0.25.3-1 Privilege Escalation Exploit
This Metasploit module exploits a command injection within Enlightenment's enlightenmentsys binary. This is done by calling the mount command and feeding it paths which meet all of the system requirements, but execute a specific path as well due to a semi-colon being used. This module was tested ...
Ubuntu 22.04.1 X64 Desktop Enlightenment 0.25.3-1 Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ubuntu Enlightenment Mount Priv Esc', 'Description' = %q This module exploits a command injection within Enlightenment's enlightenmentsys binary...
Ubuntu Enlightenment Mount Priv Esc
This module exploits a command injection within Enlightenment's enlightenmentsys binary. This is done by calling the mount command and feeding it paths which meet all of the system requirements, but execute a specific path as well due to a semi-colon being used. This module was tested on Ubuntu...
Debian DSA-5233-1 : e17 - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5233 advisory. - enlightenmentsys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames tha...