Lucene search
K

44 matches found

SUSE CVE
SUSE CVE
added 2026/03/28 6:29 p.m.10 views

SUSE CVE-2026-0394

When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowed characters, path traversal can happen if the domain component is directory partial. This allows inadvertently reading /etc/passwd or some other pa...

5.3CVSS5.7AI score0.00427EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-3127

Malware in sbrugna...

7.8CVSS7.6AI score0.0025EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-12564

Malware in sbrugna...

7.8CVSS7.5AI score0.00275EPSS
Exploits0References5
Snyk
Snyk
added 2025/06/26 12:0 a.m.1 views

Allocation of Resources Without Limits or Throttling

Overview github.com/cri-o/cri-o/server is an OCI-based implementation of Kubernetes Container Runtime Interface Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the handling of the /etc/passwd file. An attacker with minimal privileges to...

7.1CVSS6.8AI score0.00224EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.14 views

RHEL 5 : libuser (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libuser: TOCTOU race conditions by copying and removing directory trees CVE-2012-5630 - libuser: Security...

6.3CVSS6.5AI score0.06853EPSS
Exploits10References4
Positive Technologies
Positive Technologies
added 2024/03/08 12:0 a.m.6 views

PT-2024-22561 · Raspap · Raspap

Name of the Vulnerable Software and Affected Versions: RaspAP aka raspap-webgui versions 3.0.9 and earlier Description: The issue allows remote attackers to read the /etc/passwd file via a crafted request. Recommendations: For RaspAP aka raspap-webgui versions 3.0.9 and earlier, update to a versi...

6.5CVSS6.4AI score0.00689EPSS
Exploits1References7
OSV
OSV
added 2024/03/08 12:0 a.m.7 views

CVE-2024-28753

RaspAP aka raspap-webgui through 3.0.9 allows remote attackers to read the /etc/passwd file via a crafted request...

6.5CVSS6.7AI score0.00689EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/03/08 12:0 a.m.14 views

CVE-2024-28753

RaspAP aka raspap-webgui through 3.0.9 allows remote attackers to read the /etc/passwd file via a crafted request...

6.8AI score0.00689EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.20 views

EulerOS Virtualization 2.10.0 : shadow (EulerOS-SA-2023-2568)

According to the versions of the shadow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although ...

3.3CVSS6.4AI score0.00428EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.26 views

EulerOS Virtualization 2.10.1 : shadow (EulerOS-SA-2023-2549)

According to the versions of the shadow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although ...

3.3CVSS6.4AI score0.00428EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/07/31 12:0 a.m.23 views

EulerOS Virtualization 2.9.1 : shadow (EulerOS-SA-2023-2519)

According to the versions of the shadow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although ...

3.3CVSS6.4AI score0.00428EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2023/04/17 7:30 a.m.51 views

CVE-2023-29383

A flaw was found in Shadow, where it is possible to inject control characters into fields provided to the SUID program change fingerchfn. Although it is not possible to exploit this directly for example, adding a new user fails because \n is in the block list, it is possible to misrepresent the...

5.5CVSS4.4AI score0.00428EPSS
Exploits1References5
Prion
Prion
added 2023/04/14 10:15 p.m.15 views

Design/Logic Flaw

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not possible to exploit this directly e.g., adding a new user fails because \n is in the block list, it is possible to misrepresent the /etc/passwd file when...

1.7CVSS4AI score0.00428EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2021/10/06 3:12 p.m.132 views

CVE-2021-20264

CVE-2021-20264 is an in-container openjdk vulnerability where a local attacker with container access can modify /etc/passwd and escalate privileges. The issue affects Red Hat Build of OpenJDK in OpenJDK 1.8–11 deployments used by multiple products. As stated, exploitation is local and requires au...

7.8CVSS7.6AI score0.00262EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2021/05/26 10:15 p.m.37 views

CVE-2020-10695

An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. An attacker with access to the container can use this flaw to modify the /etc/passwd and escalate their privileges...

7.8CVSS0.0025EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/05/26 9:35 p.m.38 views

CVE-2020-10695

An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. An attacker with access to the container can use this flaw to modify the /etc/passwd and escalate their privileges...

7.7AI score0.0025EPSS
Exploits0References1
OSV
OSV
added 2021/03/24 5:15 p.m.25 views

CVE-2019-19352

An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges...

7CVSS6.9AI score0.00255EPSS
Exploits0References2
Prion
Prion
added 2021/03/24 5:15 p.m.21 views

Design/Logic Flaw

An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges...

6.9CVSS6.9AI score0.00331EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2021/03/24 4:19 p.m.72 views

CVE-2019-19354

The CVE concerns an insecure modification vulnerability in /etc/passwd within operator-framework/hadoop as shipped with Red Hat OpenShift 4. An attacker with container access could modify /etc/passwd and escalate privileges due to incorrect file privileges. Public advisories (RHSA-2020:1938) indi...

7.8CVSS7.6AI score0.00279EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2020/11/16 6:15 p.m.16 views

Arbitrary file deletion

There was a local file disclosure vulnerability in AVideo 8.9 via the proxy streaming. An unauthenticated attacker can exploit this issue to read an arbitrary file on the server. Which could leak database credentials or other sensitive information such as /etc/passwd file...

5CVSS7.2AI score0.02623EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder