1720 matches found
ALPINE-CVE-2019-6133
In PolicyKit aka polkit 0.115, the "start time" protection mechanism can be bypassed because fork is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c...
DEBIAN-CVE-2019-6133
In PolicyKit aka polkit 0.115, the "start time" protection mechanism can be bypassed because fork is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c...
Authorization
In PolicyKit aka polkit 0.115, the "start time" protection mechanism can be bypassed because fork is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c...
CVE-2019-6133
In PolicyKit aka polkit 0.115, the "start time" protection mechanism can be bypassed because fork is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c...
CVE-2019-6133
In PolicyKit aka polkit 0.115, the "start time" protection mechanism can be bypassed because fork is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c...
CVE-2019-6133
In PolicyKit aka polkit 0.115, the "start time" protection mechanism can be bypassed because fork is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c...
UBUNTU-CVE-2019-6133
In PolicyKit aka polkit 0.115, the "start time" protection mechanism can be bypassed because fork is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c...
CVE-2019-6133
In PolicyKit aka polkit 0.115, the "start time" protection mechanism can be bypassed because fork is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c...
Fork CMS Cross-Site Scripting Vulnerability (CNVD-2019-01096)
Fork CMS is an open source content management system CMS developed using PHP. The system contains blogs , questions and answers , forms and other modules . A cross-site scripting vulnerability exists in the private/en/settings page in Fork CMS version 5.0.6. A remote attacker can exploit this...
CVE-2018-20682
Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebookadminids parameter aka "Admin ids" input in the Facebook section...
CVE-2018-20682
Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebookadminids parameter aka "Admin ids" input in the Facebook section...
Design/Logic Flaw
Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebookadminids parameter aka "Admin ids" input in the Facebook section...
CVE-2018-20682
Fork CMS 5.0.6 is affected by a stored XSS in the private/en/settings facebook_admin_ids input (Admin ids). The root cause is unsanitized/unencoded input rendered to users, enabling arbitrary script execution in stored form. Exploitation status is not detailed in the provided documents. Multiple ...
CVE-2018-20682
Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebookadminids parameter aka "Admin ids" input in the Facebook section...
polkit - Temporary auth Hijacking via PID Reuse and Non-atomic Fork Exploit
/ When a non-root user attempts to e.g. control systemd units in the system instance from an active session over DBus, the access is gated by a polkit policy that requires "authadminkeep" auth. This results in an auth prompt being shown to the user, asking the user to confirm the action by enteri...
polkit - Temporary auth Hijacking via PID Reuse and Non-atomic Fork
/ When a non-root user attempts to e.g. control systemd units in the system instance from an active session over DBus, the access is gated by a polkit policy that requires "authadminkeep" auth. This results in an auth prompt being shown to the user, asking the user to confirm the action by enteri...
CVE-2018-6337
folly::secureRandom will re-use a buffer between parent and child processes when fork is called. That will result in multiple forked children producing repeat or similar results. This affects HHVM 3.26 prior to 3.26.3 and the folly library between v2017.12.11.00 and v2018.08.09.00...
Google Android 'copy_process' function elevation of privilege vulnerability
Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. An elevation of privilege vulnerability exists in the 'copyprocess' function of the fork.c file in Android. A local attacker can exploit this vulnerability to execute arbitrary co...
CVE-2018-17595
In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI...
CVE-2018-17595
In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI...