Lucene search
K

256 matches found

RedHat Linux
RedHat Linux
added 2019/05/08 12:4 p.m.5 views

wildfly: Race condition on PID file allows for termination of arbitrary processes by local users

A flaw was discovered in wildfly that would allow local users, who are able to execute init.d script, to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root...

5.5CVSS6AI score0.0019EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/11/26 12:31 p.m.8 views

mysql: Init script calling kill with root privileges using pid from pidfile owned by mysql user (CPU Oct 2018)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the...

5.3CVSS7.1AI score0.0081EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2018/11/26 12:31 p.m.219 views

Moderate: Red Hat Security Advisory: rh-mysql57-mysql security update

An update for rh-mysql57-mysql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.7CVSS6.4AI score0.04445EPSS
Exploits0References64
OSV
OSV
added 2018/09/05 9:29 p.m.6 views

CVE-2018-16145

The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 invokes a file that can be edited by the nagios user, and would allow attackers to elevate their privileges to root after a system restart, hence obtaining full control of...

8.1CVSS5.8AI score0.02308EPSS
Exploits3References4
OSV
OSV
added 2018/07/31 7:29 p.m.8 views

CVE-2016-8657

It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group root:jboss, 664. On systems using classic /etc/init.d init scripts i.e. on Red Hat Enterprise Linux 6 a...

7.8CVSS5.5AI score0.00423EPSS
Exploits0References7
Debian
Debian
added 2018/07/20 9:51 a.m.25 views

[SECURITY] [DLA 1435-1] dnsmasq regression update

Package : dnsmasq Version : 2.72-3+deb8u3 Debian Bug : 860064 The dns-root-data update to 2017072601deb8u2 broke dnsmasqs init script, making dnsmasq no longer start when dns-root-data was installed. This update fixes dnsmasqs parsing of dns-root-data. For Debian 8 "Jessie", this problem has been...

6.8AI score
Exploits0
CNVD
CNVD
added 2018/07/05 12:0 a.m.2 views

PostgreSQL Backlink Vulnerability

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features, such as foreign keys, triggers, views, and so on. A backlink vulnerability exists in the Red Hat initialization scrip...

7.2CVSS7.1AI score0.00541EPSS
Exploits0References1
OSV
OSV
added 2018/05/22 5:29 p.m.6 views

CVE-2016-8656

Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation...

7.8CVSS5.8AI score0.00366EPSS
Exploits0References13
RedHat Linux
RedHat Linux
added 2018/05/17 6:27 p.m.5 views

jboss: jbossas writable config files allow privilege escalation

It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group root:jboss, 664. On systems using classic /etc/init.d init scripts i.e. on Red Hat Enterprise Linux 6 a...

7.8CVSS5.8AI score0.00423EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/05/17 6:27 p.m.6 views

jboss: jbossas: unsafe chown of server.log in jboss init script allows privilege escalation

It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation...

7.8CVSS7.3AI score0.00366EPSS
Exploits0References4
Fedora
Fedora
added 2018/04/19 12:32 a.m.44 views

[SECURITY] Fedora 27 Update: corosync-2.4.4-1.fc27

This package contains the Corosync Cluster Engine Executive, several default APIs and libraries, default configuration files, and an init script...

7.5CVSS2.5AI score0.03172EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2018/03/21 2:46 p.m.4 views

mysql: unsafe chmod/chown use in init script (CPU Jan 2017)

Multiple flaws were found in the way the MySQL init script handled initialization of the database data directory and permission setting on the error log file. The mysql operating system user could use these flaws to escalate their privileges to root...

5.6CVSS7.2AI score0.0136EPSS
Exploits0References4
CNVD
CNVD
added 2018/03/05 12:0 a.m.3 views

Micro Focus SUSE Linux Enterprise Server Competitive Conditions Vulnerability

Micro Focus SUSE Linux Enterprise Server is a suite of enterprise server edition Linux operating systems from Micro Focus in the UK. A competitive condition vulnerability exists in the postgresql init script in Micro Focus SUSE Linux Enterprise Server. An attacker can exploit this vulnerability t...

7.3CVSS6.9AI score0.00978EPSS
Exploits4References1
OSV
OSV
added 2018/03/01 8:29 p.m.2 views

CVE-2017-14798

A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root...

7CVSS5.8AI score0.00978EPSS
Exploits4References4
CVE
CVE
added 2018/03/01 7:0 p.m.187 views

CVE-2017-14798

CVE-2017-14798 describes a race condition in the PostgreSQL init script that could allow an attacker who can access the postgres account to escalate privileges to root. Public material (including exploit code and security advisories) confirms the vulnerability path via the init script and local a...

7.3CVSS7.1AI score0.00978EPSS
Exploits4References4Affected Software1
RedHat Linux
RedHat Linux
added 2018/02/06 1:0 p.m.6 views

mysql: unsafe chmod/chown use in init script (CPU Jan 2017)

Multiple flaws were found in the way the MySQL init script handled initialization of the database data directory and permission setting on the error log file. The mysql operating system user could use these flaws to escalate their privileges to root...

5.6CVSS7.2AI score0.0136EPSS
Exploits0References4
OSV
OSV
added 2018/01/10 7:29 p.m.5 views

CVE-2017-12189

It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656...

7.8CVSS7.3AI score0.00337EPSS
Exploits0References6
NVD
NVD
added 2018/01/10 7:29 p.m.30 views

CVE-2017-12189

It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656...

7.8CVSS7.2AI score0.00337EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2018/01/03 10:49 a.m.4 views

jboss: unsafe chown of server.log in jboss init script allows privilege escalation (Incomplete fix for CVE-2016-8656)

It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation...

7.8CVSS7.3AI score0.00366EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/01/03 10:31 a.m.4 views

jboss: unsafe chown of server.log in jboss init script allows privilege escalation (Incomplete fix for CVE-2016-8656)

It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation...

7.8CVSS7.3AI score0.00366EPSS
Exploits0References4
Rows per page
Query Builder