15 matches found
EUVD-2024-3096
Malicious code in bioql PyPI...
CVE-2024-48911
OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unprivileged user to change the config file and...
Privilege Escalation
OpenCanary is vulnerable to Privilege Escalation. The vulnerability is due to the config file being stored in an unprivileged user directory, allowing an unprivileged user to modify it and escalate permissions when the root user later runs the daemon...
Incorrect Authorization
Overview opencanary is an OpenCanary daemon Affected versions of this package are vulnerable to Incorrect Authorization through the configuration file. An attacker can escalate privileges by modifying the configuration file, which is executed by the daemon running as root. Remediation Upgrade...
OpenCanary Executes Commands From Potentially Writable Config File
Impact OpenCanary directly executed commands taken from its config file. Where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unprivileged user to change the config file and escalate permissions when root later runs the daemon...
GHSA-PF5V-PQFV-X8JJ OpenCanary Executes Commands From Potentially Writable Config File
Impact OpenCanary directly executed commands taken from its config file. Where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unprivileged user to change the config file and escalate permissions when root later runs the daemon...
CVE-2024-48911
OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unprivileged user to change the config file and...
PYSEC-2024-248
OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unprivileged user to change the config file and...
PYSEC-2024-248
OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unprivileged user to change the config file and...
CVE-2024-48911
CVE-2024-48911 affects OpenCanary. Before 0.9.4, the config file could be edited by an unprivileged user in an unprivileged directory while the daemon runs as root, allowing that user to influence commands executed later by root and escalate privileges. The issue is fixed in OpenCanary 0.9.4 and ...
CVE-2024-48911 OpenCanary Executes Commands From Potentially Writable Config File
OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unprivileged user to change the config file and...
CVE-2024-48911 OpenCanary Executes Commands From Potentially Writable Config File
OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unprivileged user to change the config file and...
CVE-2024-48911 OpenCanary Executes Commands From Potentially Writable Config File
OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unprivileged user to change the config file and...
OpenCanary 安全漏洞
OpenCanary is an open source multi-protocol network honeypot from Thinkst Applied Research. A security vulnerability exists in OpenCanary prior to version 0.9.4 that stems from a configuration file being stored in the unprivileged user directory, but the daemon is executed by root, thus allowing ...
PT-2024-33263 · Unknown · Opencanary
Name of the Vulnerable Software and Affected Versions: OpenCanary versions prior to 0.9.4 Description: OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Where the config file is stored in an unprivileged user directory but the daemon is executed...