Lucene search
K

91 matches found

OSV
OSV
added 2023/01/12 8:25 a.m.41 views

RLSA-2023:0099 Moderate: virt:rhel and virt-devel:rhel security and bug fix update

Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting wi...

6.5CVSS6.4AI score0.00281EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/06/22 12:0 a.m.36 views

openSUSE 15 Security Update : firejail (openSUSE-SU-2022:10015-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2022:10015-1 advisory. - A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the...

7.8CVSS7.4AI score0.00382EPSS
Exploits0References4
Veracode
Veracode
added 2022/06/13 2:16 p.m.22 views

Privilege Escalation

firejail is vulnerable to privilege escalation. The vulnerability exists due to a Privilege Context Switching issue allowing an attacker to craft a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target allowing a local attacker can enter an environment in...

7.8CVSS7AI score0.00382EPSS
Exploits0References12Affected Software1
OSV
OSV
added 2022/06/09 4:15 p.m.16 views

CVE-2022-31214

A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user...

7.8CVSS6.8AI score
Exploits0References8
NVD
NVD
added 2022/06/09 4:15 p.m.15 views

CVE-2022-31214

A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user...

7.8CVSS0.00382EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2022/06/09 4:15 p.m.31 views

CVE-2022-31214

A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user...

7.8CVSS7.2AI score0.00382EPSS
Exploits0References2
Prion
Prion
added 2022/06/09 4:15 p.m.18 views

Design/Logic Flaw

A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user...

7.2CVSS7.5AI score0.00382EPSS
Exploits0References8Affected Software3
Debian CVE
Debian CVE
added 2022/06/09 12:0 a.m.37 views

CVE-2022-31214

A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user...

7.8CVSS7.6AI score0.00382EPSS
Exploits0
Cvelist
Cvelist
added 2022/06/09 12:0 a.m.34 views

CVE-2022-31214

A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user...

7.8AI score0.00382EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2021/10/07 12:0 a.m.27 views

Photon OS 1.0: Docker PHSA-2021-1.0-0439

An update of the docker package has been released. - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where attempting to copy files using docker cp into a specially-crafted container can result in Unix file permission...

7.8CVSS5.9AI score0.00482EPSS
Exploits0References3
Prion
Prion
added 2021/10/04 5:15 p.m.26 views

Design/Logic Flaw

containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory...

7.2CVSS6.5AI score0.00482EPSS
Exploits0References7Affected Software3
Prion
Prion
added 2021/06/16 8:15 p.m.14 views

Design/Logic Flaw

D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600DIR-2640 stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users...

7.2CVSS6.8AI score0.01355EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2021/06/16 7:55 p.m.38 views

CVE-2021-34204

D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600DIR-2640 stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users...

6.9AI score0.01355EPSS
Exploits1References2
NVD
NVD
added 2020/05/13 7:15 p.m.16 views

CVE-2020-2016

A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account. This allows an attacker who has escaped the restricted shell as a low privilege administrator, possibly by exploiting anothe...

8.5CVSS7.2AI score0.00568EPSS
Exploits0References1
Prion
Prion
added 2020/05/13 7:15 p.m.13 views

Race condition

A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account. This allows an attacker who has escaped the restricted shell as a low privilege administrator, possibly by exploiting anothe...

8.5CVSS7.2AI score0.00568EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2020/05/13 4:0 p.m.52 views

PAN-OS: Temporary file race condition vulnerability in PAN-OS leads to local privilege escalation

A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account. This allows an attacker who has escaped the restricted shell as a low privilege administrator, possibly by exploiting anothe...

7CVSS2.2AI score0.00568EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/05/01 12:0 a.m.24 views

EulerOS Virtualization for ARM 64 3.0.2.0 : libmirage (EulerOS-SA-2020-1565)

According to the versions of the libmirage package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - libMirage 3.2.2 in CDemu has a NULL pointer dereference in the NRG parser in parser.c.CVE-2019-15757 -...

7.8CVSS6.6AI score0.01588EPSS
Exploits2References3
NVD
NVD
added 2020/01/29 4:15 p.m.21 views

CVE-2019-7656

A privilege escalation vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any unprivileged Linux user to escalate privileges to root. The installer sets too relaxed permissions on /usr/local/WowzaStreamingEngine/bin/ core program files. By injecting a payload into one of those files...

7.8CVSS7.8AI score0.00451EPSS
Exploits1References4
Prion
Prion
added 2020/01/29 4:15 p.m.14 views

Privilege escalation

A privilege escalation vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any unprivileged Linux user to escalate privileges to root. The installer sets too relaxed permissions on /usr/local/WowzaStreamingEngine/bin/ core program files. By injecting a payload into one of those files...

7.2CVSS7.8AI score0.00451EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2020/01/29 3:21 p.m.19 views

CVE-2019-7656

A privilege escalation vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any unprivileged Linux user to escalate privileges to root. The installer sets too relaxed permissions on /usr/local/WowzaStreamingEngine/bin/ core program files. By injecting a payload into one of those files...

7.9AI score0.00451EPSS
Exploits1References4
Rows per page
Query Builder