CVE-2011-4125

A untrusted search path issue was found in Calibre at devices/linuxmounthelper.c leading to the ability of unprivileged users to execute any program as root...

Privilege Escalation

github.com/moby/moby is vulnerable to privilege escalation. The vulnerability exists due to insecure permission which allows an attacker to traverse directory contents and execute programs...

CVE-2021-41091

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where the data directory typically /var/lib/docker contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traver...

CVE-2021-41091

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where the data directory typically /var/lib/docker contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traver...

containerd 路径遍历漏洞

containerd is a container daemon from the Apache Foundation. This process is responsible for controlling the full cycle of containers on the host according to the RunC OCI specification. A path traversal vulnerability exists in containerd, which stems from insufficiently restricted permissions on...

Security Bulletin: Vulnerabilities in GPFS affect InfoSphere BigInsights (CVE-2015-0197, CVE-2015-0198, CVE-2015-0199)

Summary GPFS is an IBM component that can be used as distributed file system in Big Insights. The GPFS that is shipped with InfoSphere BigInsights contains multiple security vulnerabilities. These vulnerabilities could allow a local attacker to execute programs with root privileges, and cause...

CVE-2020-27127 Cisco Jabber Desktop and Mobile Client Software Vulnerabilities

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system OS with elevated privileges or gain access to sensitive information. For more information about these...

CVE-2020-2049

A local privilege escalation vulnerability exists in Palo Alto Networks Cortex XDR Agent on the Windows platform that allows an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory...

Cortex XDR Agent: Improper control of loaded DLL leads to local privilege escalation

A local privilege escalation vulnerability exists in Palo Alto Networks Cortex XDR Agent on the Windows platform that allows an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory...

CVE-2017-1000117

A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim...

[SECURITY] Fedora 20 Update: ktimer-4.14.1-1.fc20

KTimer is a little tool to execute programs after some time...

Fedora Update for ktimer FEDORA-2013-10182

Check for the Version of ktimer OpenVAS Vulnerability Test Fedora Update for ktimer FEDORA-2013-10182 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Fedora Update for ktimer FEDORA-2013-10130

Check for the Version of ktimer OpenVAS Vulnerability Test Fedora Update for ktimer FEDORA-2013-10130 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Design/Logic Flaw

The GIGABYTE Dldrv2 ActiveX control 1.4.206.11 allows remote attackers to 1 download arbitrary programs onto a client system, and execute these programs, via vectors involving the dl method; and 2 download arbitrary programs onto a client system via vectors involving the SetDLInfo method in...

CVE-2009-0389

WoW ActiveX 2.x is vulnerable to multiple remote code execution (RCE) vulnerabilities in the Web On Windows WOW ActiveX control. The CVE-2009-0389 description cites insecure methods (WriteIniFileString, ShellExecute) that can lead to arbitrary file writes or execution, and possible registry acces...

Gentoo Security Advisory GLSA 200606-07 (vixie-cron)

The remote host is missing updates announced in advisory GLSA 200606-07. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200606-07 (vixie-cron)

The remote host is missing updates announced in advisory GLSA 200606-07. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

JDK untrusted applet/application privilege escalation (6661918)

Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.218 allows context-dependent attackers to gain privileges via an untrusted 1 application or 2 applet, as...

CVE-2008-3109

Unspecified vulnerability in scripting language support in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted 1 application or 2 applet, as demonstrated by an application or applet that grants itself...

SOL8424 - Java Runtime Environment Vulnerability - CVE-2008-0657

Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges through an untrusted application or applet, as demonstrated by an application or applet that grants...