9 matches found
(Pwn2Own) Microsoft Edge Feedback Log File Handling Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
GHSA-6WXM-MPQJ-6JPF Insecure Temporary File usage in github.com/golang/glog
When logs are written to a widely-writable directory the default, an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that...
RHEL 4 : libsdp (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - libsdp: insecure log file handling CVE-2010-4173 Note that Nessus has not tested for this issue but has instead...
RHEL 5 : libsdp (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - libsdp: insecure log file handling CVE-2010-4173 Note that Nessus has not tested for this issue but has instead...
RHEL 6 / 7 : rh-mariadb101-mariadb and rh-mariadb101-galera (RHSA-2018:0574)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0574 advisory. MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The...
SUSE-SU-2023:2164-1 Security update for cloud-init
This update for cloud-init contains following fixes: - CVE-2021-3429: Do not write the generated password to the log file. bsc1184758 - CVE-2023-1786: Do not expose sensitive data gathered from the CSP. bsc1210277 Other fixes: - Change log file creation mode to 640. bsc1183939 - Write proper...
Updated mariadb packages fix security vulnerability
Root Privilege Escalation CVE-2016-6664. Unspecified vulnerability affecting the Optimizer component CVE-2017-3238. Unspecified vulnerability affecting the Charsets component CVE-2017-3243. Unspecified vulnerability affecing the DML component CVE-2017-3244. Unspecified vulnerability affecting...
Cisco Prime Infrastructure Remote Code Execution Vulnerability
Cisco Prime Infrastructure is a solution for wireless management through Cisco Technologies LMS and NCS. Cisco Prime Infrastructure has a remote code execution vulnerability in log file handling, which allows an authenticated, remote attacker to alter system file logs to execute arbitrary code...
The vulnerability of the Windows operating system allows a hacker to execute arbitrary code in the context of the current user.
The vulnerability of the Windows operating system exists due to incorrect handling of the event log file. The vulnerability can be exploited by opening the event log file created by the attacker. As a result of exploiting this vulnerability, an attacker who operates remotely can execute arbitrary...