Lucene search
K

83 matches found

RedhatCVE
RedhatCVE
added 2026/05/06 8:20 a.m.6 views

CVE-2026-7791

Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin authenticated user to place arbitrary files into arbitrary locations bypassing file system permission protections, leadi...

8.5CVSS5.9AI score0.00007EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/05 12:30 a.m.8 views

EUVD-2026-27149

Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin authenticated user to place arbitrary files into arbitrary locations bypassing file system permission protections, leadi...

8.5CVSS5.9AI score0.00007EPSS
Exploits0References2
CVE
CVE
added 2026/05/04 10:7 p.m.12 views

CVE-2026-7791

CVE-2026-7791 concerns the Skylight Workspace Config Service in Amazon WorkSpaces for Windows prior to version 2.6.2034.0 . A flaw in log rotation privilege management lets a local non-admin authenticated user place arbitrary files in arbitrary locations, bypassing file system permissions and ena...

8.5CVSS5.9AI score0.00007EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/04 10:7 p.m.1 views

CVE-2026-7791

Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin authenticated user to place arbitrary files into arbitrary locations bypassing file system permission protections, leadi...

8.5CVSS5.9AI score0.00007EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.7 views

Amazon WorkSpaces 安全漏洞

Amazon WorkSpaces is a fully managed, persistent desktop virtualization service provided by Amazon, Inc. It allows your users to access the data, applications, and resources they need from any supported device, at any time. Versions of Amazon WorkSpaces prior to 2.6.2034.0 contained a security...

8.5CVSS5.9AI score0.00007EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.6 views

PT-2026-36929

Name of the Vulnerable Software and Affected Versions Amazon WorkSpaces for Windows versions prior to 2.6.2034.0 Description Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service allows a local non-admin authenticated user to place arbitrary files in...

8.5CVSS5.9AI score0.00007EPSS
Exploits0References7
OSV
OSV
added 2026/03/25 10:10 a.m.1 views

SUSE-SU-2026:1010-1 Security update 5.0.7 for Multi-Linux Manager Server

This update fixes the following issues: branch-network-formula: - Update to version 1.1.0 Enable containers on SLE15SP7 Exclude podman interfaces from sysctl setting cobbler: - Compatibility fixes for tftpboot directory setup inter-server-sync: - Version 0.3.10-0 Write log to a rotated file witho...

7.5CVSS7.1AI score0.00036EPSS
Exploits1References43
OSV
OSV
added 2025/10/27 1:11 p.m.1 views

SUSE-SU-2025:3809-1 Security update for rabbitmq-server

This update for rabbitmq-server fixes the following issues: - CVE-2025-50200: prevented logging of Basic Auth header from HTTP requests bsc1245105 - fixed a bad logrotate configuration that allowed escalation from rabbitmq to root, /var/log/rabbitmq ownership is now 750 bsc1246091...

6.7CVSS5.8AI score0.00062EPSS
Exploits1References4
NVD
NVD
added 2025/10/07 8:15 p.m.3 views

CVE-2025-11462

Improper Link Resolution Before File Access in the AWS VPN Client for macOS versions 1.3.2- 5.2.0 allows a local user to execute code with elevated privileges. Insufficient validation checks on the log destination directory during log rotation could allow a non-administrator user to create a...

9.3CVSS0.00037EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/07 7:44 p.m.7 views

CVE-2025-11462 Local Privilege Escalation Vulnerability in AWS Client VPN macOS Client

Improper Link Resolution Before File Access in the AWS VPN Client for macOS versions 1.3.2- 5.2.0 allows a local user to execute code with elevated privileges. Insufficient validation checks on the log destination directory during log rotation could allow a non-administrator user to create a...

9.3CVSS0.00037EPSS
Exploits0References2
CVE
CVE
added 2025/10/07 7:44 p.m.10 views

CVE-2025-11462

CVE-2025-11462 affects AWS VPN Client for macOS, versions 1.3.2–5.2.0. Improper validation of the log destination directory during log rotation allows a local user to create a symlink from a client log file to a privileged location, enabling code execution with root privileges if crafted API call...

9.3CVSS7.3AI score0.00037EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/07 12:0 a.m.2 views

PT-2025-41169

Name of the Vulnerable Software and Affected Versions AWS VPN Client for macOS versions 1.3.2 through 5.2.0 Description A flaw exists in the AWS VPN Client for macOS that allows a local user to execute code with elevated privileges. Insufficient validation of the log destination directory during...

9.3CVSS7.2AI score0.00037EPSS
Exploits0References18
CNNVD
CNNVD
added 2025/10/07 12:0 a.m.2 views

Amazon AWS VPN Client 安全漏洞

Amazon AWS VPN Client is a fully managed remote access VPN solution from Amazon.com, Inc. A security vulnerability exists in Amazon AWS VPN Client versions 1.3.2 through 5.2.0, which stems from insufficient validation of the log target directory during log rotation, and could lead to elevation of...

9.3CVSS7.7AI score0.00037EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2025/07/18 12:0 a.m.2 views

Fedora: Security Advisory (FEDORA-2025-0f490a9a10)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.00028EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/07/18 12:0 a.m.5 views

Fedora 41 : minidlna (2025-0f490a9a10)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-0f490a9a10 advisory. Avoid restarting minidlna.service when rotating logs if it's not running. Fix CVE-2023-47430 . Tenable has extracted the preceding description block directly...

7.5CVSS5.5AI score0.00028EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/07/18 12:0 a.m.3 views

Fedora 42 : minidlna (2025-9fb8ee63fb)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-9fb8ee63fb advisory. Avoid restarting minidlna.service when rotating logs if it's not running. Fix CVE-2023-47430 . Tenable has extracted the preceding description block directly...

7.5CVSS5.5AI score0.00028EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2025/05/07 12:0 a.m.4 views

Ensure That the Log Size Limit Is Correct

The size of an audit log file must be limited. The log rotation mechanism can be used to create new log files once the file size limit is reached. If the upper limit is too high, the size of a single log file may be too large, which is inconvenient for management. If the upper limit is too low, t...

6.9AI score
Exploits0References2
OpenVAS
OpenVAS
added 2025/05/07 12:0 a.m.2 views

Ensure That Rotation Is Enabled for Audit Logs

maxlogfileaction decides the action taken when the size of a log file reaches the upper limit. By default, ROTATE is configured in openEuler, indicating that a new log file is created when the size of a log file reaches the upper limit and the original log file is not deleted. numlogs specifies t...

6.8AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/03/17 1:38 a.m.16 views

Moderate: Red Hat Security Advisory: ACS 4.7 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes RHACS. The updated image includes new features and security and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base...

6.5CVSS6.7AI score0.00179EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/02/05 4:46 a.m.4 views

CVE-2024-36416

SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

8.6CVSS6.8AI score0.44701EPSS
Exploits0References1
Rows per page
Query Builder