Lucene search
K

429 matches found

AlpineLinux
AlpineLinux
added 2025/05/26 3:18 p.m.13 views

CVE-2025-23395

Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with root ownership, the invoking user's real group ownership and file mode 0644. All data written to the...

7.8CVSS6.6AI score0.00201EPSS
Exploits0
SUSE Linux
SUSE Linux
added 2025/05/21 11:6 a.m.2 views

Security update for glibc

This update for glibc fixes the following issues: CVE-2025-4802: Fixed local root exploits when using static built setuid root applications. elf: Ignore LDLIBRARYPATH and debug env var for setuid for static bsc1243317 pthreads NPTL: lost wakeup fix 2 bsc1234128, BZ 25847 Mark functions in...

9.4CVSS7.3AI score0.00433EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/02/05 2:11 a.m.22 views

CVE-2024-2746

Incomplete fix for CVE-2024-1929 The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a local root exploit by tricking the daemon into loading a user controlled "plugin". All of this happened before Polkit...

8.8CVSS6.7AI score0.00289EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2024/11/22 3:51 a.m.6 views

SUSE CVE-2024-48990

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable...

7.8CVSS7.7AI score0.19924EPSS
Exploits15References3
Amazon
Amazon
added 2024/10/14 12:0 a.m.8 views

Important: oath-toolkit

Issue Overview: oath-toolkit: Local root exploit in a PAM module CVE-2024-47191 Affected Packages: oath-toolkit Issue Correction: Run dnf update oath-toolkit --releasever 2023.6.20241010 to update your system. New Packages: aarch64: libpskc-debuginfo-2.6.12-1.amzn2023.0.1.aarch64 ...

7.1CVSS7.2AI score0.00341EPSS
Exploits0
NVD
NVD
added 2024/05/08 2:15 a.m.21 views

CVE-2024-2746

Incomplete fix for CVE-2024-1929 The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a local root exploit by tricking the daemon into loading a user controlled "plugin". All of this happened before Polkit...

8.8CVSS7.7AI score0.00213EPSS
Exploits1References1
OSV
OSV
added 2024/05/08 2:15 a.m.6 views

AZL-40340 CVE-2024-1929 affecting package dnf5 for versions less than 5.1.11-3

Local Root Exploit via Configuration Dictionary in dnf5daemon-server before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary. There are issues with the D-Bus interface long before Polkit is invoked. The org.rpm.dnf.v0.SessionManager.opensession...

8.4CVSS5.7AI score0.00289EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/05/08 1:55 a.m.29 views

CVE-2024-2746 Incomplete fix for CVE-2024-1929

Incomplete fix for CVE-2024-1929 The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a local root exploit by tricking the daemon into loading a user controlled "plugin". All of this happened before Polkit...

8.8CVSS8AI score0.00213EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/05/08 1:53 a.m.14 views

CVE-2024-1929 Local Root Exploit via Configuration Dictionary

Local Root Exploit via Configuration Dictionary in dnf5daemon-server before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary. There are issues with the D-Bus interface long before Polkit is invoked. The org.rpm.dnf.v0.SessionManager.opensession...

7.5CVSS7.3AI score0.00289EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/05/08 1:53 a.m.27 views

CVE-2024-1929 Local Root Exploit via Configuration Dictionary

Local Root Exploit via Configuration Dictionary in dnf5daemon-server before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary. There are issues with the D-Bus interface long before Polkit is invoked. The org.rpm.dnf.v0.SessionManager.opensession...

7.5CVSS8.2AI score0.00289EPSS
Exploits1References1
CVE
CVE
added 2024/05/08 1:53 a.m.60 views

CVE-2024-1929

CVE-2024-1929 is a local root vulnerability in dnf5daemon-server prior to 5.1.17. The issue stems from a D-Bus config map (open_session) where an untrusted nested config map under the key

8.4CVSS6.9AI score0.00289EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/08 12:0 a.m.4 views

PT-2023-21162 · Xcat · Xcat

Name of the Vulnerable Software and Affected Versions: xCAT versions prior to 2.16.5 Description: xCAT is a toolkit for deployment and administration of computer clusters. If zones are configured as a mechanism to secure clusters in XCAT, it is possible for a local root user from one node to obta...

8.8CVSS8.4AI score0.00853EPSS
Exploits1References9
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.16 views

SUSE: Security Advisory (SUSE-SU-2020:1790-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.8AI score0.00857EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.16 views

SUSE: Security Advisory (SUSE-SU-2019:13976-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS5.7AI score0.00503EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.18 views

SUSE: Security Advisory (SUSE-SU-2020:1788-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.1AI score0.00857EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.15 views

SUSE: Security Advisory (SUSE-SU-2020:1791-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.1AI score0.00857EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.18 views

SUSE: Security Advisory (SUSE-SU-2020:1789-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.1AI score0.00857EPSS
Exploits1References4
Gitee
Gitee
added 2020/12/02 11:37 a.m.8 views

Exploit for CVE-2016-2384

This repository contains proof-of-concept exploits for two Linux kernel vulnerabilities: CVE-2016-2384 and CVE-2017-6074. CVE-2016-2384 is a double-free vulnerability in the USB MIDI driver. The exploit is a part of a proof-of-concept exploit for the vulnerability in the usb-midi driver. It is...

7.8CVSS6.7AI score0.0596EPSS
Exploits20
Gitee
Gitee
added 2020/09/11 5:2 p.m.6 views

Exploit for CVE-2014-7911

This is a local root exploit for Nexus5 Android 4.4.4KTU84P. The exploit is based on the CVE-2014-7911 vulnerability, which is a privilege escalation vulnerability in the Android operating system. The exploit is designed to gain root access on the device. The exploit is implemented in Java and us...

7.2CVSS7.3AI score0.2435EPSS
Exploits6
OSV
OSV
added 2020/06/29 6:20 p.m.8 views

OPENSUSE-SU-2020:0911-1 Security update for tomcat

This update for tomcat fixes the following issues: - CVE-2020-8022: Fixed a local root exploit due to improper permissions bsc1172405 This update was imported from the SUSE:SLE-15-SP1:Update update project...

7.8CVSS6.5AI score0.00857EPSS
Exploits1References3
Rows per page
Query Builder