44 matches found
SUSE CVE-2026-0394
When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowed characters, path traversal can happen if the domain component is directory partial. This allows inadvertently reading /etc/passwd or some other pa...
EUVD-2020-3127
Malware in sbrugna...
EUVD-2020-12564
Malware in sbrugna...
Allocation of Resources Without Limits or Throttling
Overview github.com/cri-o/cri-o/server is an OCI-based implementation of Kubernetes Container Runtime Interface Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the handling of the /etc/passwd file. An attacker with minimal privileges to...
RHEL 5 : libuser (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libuser: TOCTOU race conditions by copying and removing directory trees CVE-2012-5630 - libuser: Security...
PT-2024-22561 · Raspap · Raspap
Name of the Vulnerable Software and Affected Versions: RaspAP aka raspap-webgui versions 3.0.9 and earlier Description: The issue allows remote attackers to read the /etc/passwd file via a crafted request. Recommendations: For RaspAP aka raspap-webgui versions 3.0.9 and earlier, update to a versi...
CVE-2024-28753
RaspAP aka raspap-webgui through 3.0.9 allows remote attackers to read the /etc/passwd file via a crafted request...
CVE-2024-28753
RaspAP aka raspap-webgui through 3.0.9 allows remote attackers to read the /etc/passwd file via a crafted request...
EulerOS Virtualization 2.10.0 : shadow (EulerOS-SA-2023-2568)
According to the versions of the shadow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although ...
EulerOS Virtualization 2.10.1 : shadow (EulerOS-SA-2023-2549)
According to the versions of the shadow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although ...
EulerOS Virtualization 2.9.1 : shadow (EulerOS-SA-2023-2519)
According to the versions of the shadow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although ...
CVE-2023-29383
A flaw was found in Shadow, where it is possible to inject control characters into fields provided to the SUID program change fingerchfn. Although it is not possible to exploit this directly for example, adding a new user fails because \n is in the block list, it is possible to misrepresent the...
Design/Logic Flaw
In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not possible to exploit this directly e.g., adding a new user fails because \n is in the block list, it is possible to misrepresent the /etc/passwd file when...
CVE-2021-20264
CVE-2021-20264 is an in-container openjdk vulnerability where a local attacker with container access can modify /etc/passwd and escalate privileges. The issue affects Red Hat Build of OpenJDK in OpenJDK 1.8–11 deployments used by multiple products. As stated, exploitation is local and requires au...
CVE-2020-10695
An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. An attacker with access to the container can use this flaw to modify the /etc/passwd and escalate their privileges...
CVE-2020-10695
An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. An attacker with access to the container can use this flaw to modify the /etc/passwd and escalate their privileges...
CVE-2019-19352
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges...
Design/Logic Flaw
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges...
CVE-2019-19354
The CVE concerns an insecure modification vulnerability in /etc/passwd within operator-framework/hadoop as shipped with Red Hat OpenShift 4. An attacker with container access could modify /etc/passwd and escalate privileges due to incorrect file privileges. Public advisories (RHSA-2020:1938) indi...
Arbitrary file deletion
There was a local file disclosure vulnerability in AVideo 8.9 via the proxy streaming. An unauthenticated attacker can exploit this issue to read an arbitrary file on the server. Which could leak database credentials or other sensitive information such as /etc/passwd file...