Lucene search
K

216 matches found

SUSE CVE
SUSE CVE
added 2023/12/12 1:6 a.m.4 views

SUSE CVE-2023-6507

An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...

4.9CVSS8.7AI score0.01326EPSS
Exploits0References3
OSV
OSV
added 2023/08/14 5:15 a.m.1 views

DEBIAN-CVE-2023-40303

GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of setid family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary us...

7.8CVSS7.3AI score0.0039EPSS
Exploits1References1
Veracode
Veracode
added 2023/07/26 4:35 a.m.18 views

Privilege Dropping

github.com/apptainer/apptainer is vulnerable to Privilege Dropping. The vulnerability exists because the library does not restore the old syscall setresuid behavior when escalating or dropping privileges, which allows an attacker to provide a maliciously crafted starter config to delete any...

6.1CVSS6.7AI score0.00241EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/06/11 12:0 p.m.16 views

RUSTSEC-2023-0042 Ouroboros is Unsound

Summary Ouroboros has a soundness problem, but a fix has been implemented in 0.16.0. More details: In 0.15.0, Ouroboros works internally by creating a struct where all uses of 'this are replaced by 'static. However, a recent addition to Miri checks that references passed to functions are valid...

7AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/05/09 12:0 a.m.6 views

PT-2025-25948 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A potential use-after-free bug has been identified in the Linux kernel. The issue arises from the function raid5 release stripesh dropping the reference to sh, which may cause sh to be...

8.8CVSS5.8AI score0.12746EPSS
Exploits32References1132
CNVD
CNVD
added 2023/02/23 12:0 a.m.15 views

Mozilla Firefox Information Disclosure Vulnerability (CNVD-2023-68439)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. An information disclosure vulnerability exists in Mozilla Firefox prior to version 110, which originates when dragging and dropping an image, the size of the image may be disclosed, which can be...

6.5CVSS6.1AI score0.00767EPSS
Exploits1References1
F5 Networks
F5 Networks
added 2023/02/21 7:33 p.m.20 views

K41515225: BIG-IP SSL connection security exposure

Security Advisory Description On a virtual server configured with both Client SSL and Server SSL profiles, when receiving a TCP FIN midstream in an SSL connection, the BIG-IP system immediately proxies the FIN to the remote host on the peer side. If the remote host on the peer side acknowledges t...

6.6AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:46 a.m.3 views

SUSE CVE-2012-2653

arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon...

10CVSS7.3AI score0.03202EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:24 a.m.2 views

SUSE CVE-2014-9773

modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the 1 LIST, 2 CLEAR, or 3 MODIFY keyword nicks...

7.5CVSS7AI score0.02041EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:49 a.m.3 views

SUSE CVE-2017-6348

The hashbindelete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cause a denial of service deadlock via crafted operations on IrDA devices...

6.2CVSS6AI score0.00381EPSS
Exploits0References10
OSV
OSV
added 2022/12/07 1:15 a.m.1 views

DEBIAN-CVE-2022-42329

Guests can trigger deadlock in Linux netback driver This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packe...

5.5CVSS6.4AI score0.0021EPSS
Exploits0References1
OSV
OSV
added 2022/12/07 1:15 a.m.16 views

AZL-11584 CVE-2022-42329 affecting package kernel for versions less than 5.15.92.1-1

Guests can trigger deadlock in Linux netback driver This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packe...

5.5CVSS6.7AI score0.0021EPSS
Exploits0References1
OSV
OSV
added 2022/12/07 1:15 a.m.9 views

CVE-2022-42328

Guests can trigger deadlock in Linux netback driver This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packe...

5.5CVSS6.8AI score
Exploits0References6
Kitploit
Kitploit
added 2022/05/27 12:30 p.m.35 views

Ransomware-Simulator - Ransomware Simulator Written In Golang

The goal of this repository is to provide a simple, harmless way to check your AV's protection on ransomware. This tool simulates typical ransomware behaviour, such as: Staging from a Word document macro Deleting Volume Shadow Copies Encrypting documents embedded and dropped by the simulator into...

7.3AI score
Exploits0References1
OpenVAS
OpenVAS
added 2022/05/25 12:0 a.m.12 views

Ubuntu: Security Advisory (USN-5439-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS7.2AI score0.00137EPSS
Exploits0References2
OSV
OSV
added 2022/05/24 5:41 p.m.11 views

GHSA-68P4-PJPF-XWCQ insert_slice_clone can double drop if Clone panics.

Affected versions of this crate used ptr::copy when inserting into the middle of a Vec. When ownership was temporarily duplicated during this copy, it calls the clone method of a user provided element. This issue can result in an element being double-freed if the clone call panics. Commit 20cb73d...

5.3CVSS5AI score0.01359EPSS
Exploits1References5
OSV
OSV
added 2022/05/14 1:5 a.m.20 views

GHSA-F9HX-5JQ4-FGJM phpMyAdmin CSRF Vulnerability

phpMyAdmin versions 4.7.x prior to 4.7.6.1/4.7.7 are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc...

8.8CVSS8.4AI score0.08464EPSS
Exploits5References5
CloudLinux
CloudLinux
added 2022/04/25 6:6 p.m.71 views

Fix of CVE: CVE-2019-18276

CVE-2019-18276: Fix priviledge dropping when running with effective UID not equal to real UID...

7.8CVSS2.6AI score0.02608EPSS
Exploits5References1
OSV
OSV
added 2022/04/25 6:6 p.m.6 views

CLSA-2022-1650910003 Fix of CVE: CVE-2019-18276

CVE-2019-18276: Fix priviledge dropping when running with effective UID not equal to real UID...

7.8CVSS7.1AI score0.02608EPSS
Exploits5References1
OSV
OSV
added 2022/04/25 5:50 p.m.4 views

CLSA-2022-1650909007 Fixed CVE-2019-18276 in bash

CVE-2019-18276: Fix priviledge dropping when running with effective UID not equal to real UID...

7.8CVSS7.1AI score0.02608EPSS
Exploits5References1
Rows per page
Query Builder