48 matches found
CVE-2024-58095
In the Linux kernel, the following vulnerability has been resolved: jfs: add check read-only before txBeginAnon call Added a read-only check before calling txBeginAnon in extAlloc and extRecord. This prevents modification attempts on a read-only mounted filesystem, avoiding potential errors or...
CVE-2025-1127 Combination Path Traversal and Concurrent Execution vulnerability exists within the embedded web server
The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user and/or modify the contents of any data on the filesystem...
CVE-2024-23266
The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to modify protected parts of the file system...
GHSA-7452-XQPJ-6RPC moby Access to remapped root allows privilege escalation to real root
Impact When using --userns-remap, if the root user in the remapped namespace has access to the host filesystem they can modify files under /var/lib/docker/ that cause writing files with extended privileges. Patches Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation fr...
Design/Logic Flaw
An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which...
CVE-2020-8907
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "docker" group, an attacker with this role is able to run docker and...
CVE-2020-8933 Priviged Escalation in Google Cloud Platform's Guest-OSLogin
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using the membership to the "lxd" group, an attacker can attach host devices and filesystems. Within ...
CVE-2020-8907
Removed by vendor...
CVE-2020-8907 Priviged Escalation in Google Cloud Platform's Guest-OSLogin
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "docker" group, an attacker with this role is able to run docker and...
CVE-2020-3336 Cisco TelePresence Collaboration Endpoint and RoomOS Software Command Injection Vulnerability
A vulnerability in the software upgrade process of Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software could allow an authenticated, remote attacker to modify the filesystem to cause a denial of service DoS or gain privileged access to the root filesystem. The vulnerabili...
CVE-2020-5237
Multiple relative path traversal vulnerabilities in the oneup/uploader-bundle before 1.9.3 and 2.1.5 allow remote attackers to upload, copy, and modify files on the filesystem potentially leading to arbitrary code execution via the 1 filename parameter to BlueimpController.php; the 2 dzchunkindex...
Code injection
An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, as distributed by Telus. By attaching a UART adapter to the UART pins on the system board, an attacker can use a special key sequence Ctrl-\ to obtain a shell with root privileges. After gaining root access, the attacker can...
CVE-2019-12789
An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, as distributed by Telus. By attaching a UART adapter to the UART pins on the system board, an attacker can use a special key sequence Ctrl-\ to obtain a shell with root privileges. After gaining root access, the attacker can...
CVE-2019-6618
On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, users with the Resource Administrator role can modify sensitive portions of the filesystem if provided Advanced Shell Access, such as editing /etc/passwd. This allows modifications to user objects and i...
CVE-2018-4045
An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root...
CVE-2018-4033
The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root...
MacPaw CleanMyMac X Input Validation Vulnerability (CNVD-2019-23274)
MacPaw CleanMyMac X is a cleaning tool dedicated to the macOS platform. The product is capable of removing junk files, history cache, logs, etc. from your computer. An input validation vulnerability exists in MacPaw CleanMyMac X version 4.04, which can be exploited by a local attacker to modify t...
MacPaw CleanMyMac X Input Validation Vulnerability (CNVD-2019-23283)
MacPaw CleanMyMac X is a cleaning tool dedicated to the macOS platform. The product is capable of removing junk files, history cache, logs, etc. from your computer. An input validation vulnerability exists in the MacPaw CleanMyMac X version 4.04 helper service, which can be exploited by a local...
MacPaw CleanMyMac X Input Validation Vulnerability (CNVD-2019-23276)
MacPaw CleanMyMac X is a cleaning tool dedicated to the macOS platform. The product is capable of removing junk files, history cache, logs, etc. from your computer. An input validation vulnerability exists in the MacPaw CleanMyMac X version 4.04 helper service, which can be exploited by a local...
MacPaw CleanMyMac X Input Validation Vulnerability (CNVD-2019-23278)
MacPaw CleanMyMac X is a cleaning tool dedicated to the macOS platform. The product is capable of removing junk files, history cache, logs, etc. from your computer. An input validation vulnerability exists in the MacPaw CleanMyMac X version 4.04 helper service, which can be exploited by a local...