Lucene search
K

10 matches found

Snyk
Snyk
added 2026/04/16 12:47 a.m.4 views

Symlink Attack

Overview froxlor/froxlor is a server administration software. Affected versions of this package are vulnerable to Symlink Attack via the DataDump.add process. An attacker can gain ownership of arbitrary directories and their contents by creating a symlink within their own directory that points to...

7.7CVSS5.9AI score0.00414EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-24211

Malware in sbrugna...

9.8CVSS9AI score0.00373EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/09/02 6:17 p.m.3 views

CVE-2025-46810

A flaw was found in the traefik2 package of OpenSUSE and its derived distributions. This issue occurs due to an insecure chown call in the %post section of the traefik2 package, allowing the traefik user to obtain ownership of arbitrary files on the system when the traefik2 package is reinstalled...

8.5CVSS6.6AI score0.0015EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/11/06 9:56 a.m.25 views

CVE-2024-9902 Ansible-core: ansible-core user may read/write unauthorized content

A flaw was found in Ansible. The ansible-core user module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the user module against the unprivileged user's home directory. If the...

6.3CVSS0.00256EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/01/15 12:0 a.m.6 views

CVE-2020-36770

pkgpostinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root's ownership on files in the live root filesystem. This could be exploited by the slurm user to become the owner of root-owned files...

9.4AI score0.00373EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:16 a.m.4 views

SUSE CVE-2015-5228

The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path...

7.8CVSS6.7AI score0.00386EPSS
Exploits0References3
OSV
OSV
added 2022/11/09 2:15 p.m.2 views

CVE-2022-31253

A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior ...

7.8CVSS5.9AI score0.0033EPSS
Exploits1References1
OSV
OSV
added 2021/07/09 2:29 p.m.6 views

SUSE-SU-2021:2280-1 Security update for permissions

This update for permissions fixes the following issues: - Fork package for 12-SP5 bsc1155939 - make btmp root:utmp bsc1050467, bsc1182899 - pcp: remove no longer needed / conflicting entries bsc1171883. Fixes a potential security issue. - do not follow symlinks that are the final path element...

7.8CVSS5.7AI score0.00423EPSS
Exploits0References18
UbuntuCve
UbuntuCve
added 2021/01/12 9:15 a.m.386 views

CVE-2021-23240

selinuxeditcopytfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not...

7.8CVSS7.2AI score0.01066EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2015/06/09 7:48 p.m.6 views

abrt: abrt-dbus does not guard against crafted problem directory path arguments

It was discovered that the abrt-dbus D-Bus service did not properly check the validity of the problem directory argument in the ChownProblemDir, DeleteElement, and DeleteProblem methods. A local attacker could use this flaw take ownership of arbitrary files and directories, or to delete files and...

7.2CVSS5.9AI score0.00398EPSS
Exploits0References4
Rows per page
Query Builder