19 matches found
EUVD-2014-8377
Malware in sbrugna...
EUVD-2008-6715
Malware in sbrugna...
EUVD-2000-0365
Malware in sbrugna...
CVE-2024-52561
A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 build 55740. When a snapshot of a virtual machine is deleted, a root service verifies and modifies the ownership of the snapshot files. By using a symlink, an attacker can change...
CVE-2022-42322
Xenstore: Cooperating guests can create arbitrary numbers of nodes This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by...
CVE-2024-52522
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target...
RHEL 7 : coreutils (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - coreutils: Non-privileged session can escape to the parent session in chroot CVE-2016-2781 - In GNU...
PT-2022-6949 · Openldap2 · Openldap2
Name of the Vulnerable Software and Affected Versions: openldap2 versions prior to 2.6.3-404.1 Description: The issue is related to an Untrusted Search Path vulnerability in openldap2, which allows local attackers with control of the ldap user or group to change ownership of arbitrary directory...
Unspecified vulnerability in cPanel (CNVD-2021-37215)
cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in versions of cPanel prior to 82.0.18. The vulnerability can be exploited by an attacker to...
MGASA-2019-0022 Updated coreutils packages fix security vulnerabilities
A flaw was found in GNU Coreutils through 8.29 in chown-core.c. The functions chown and chgrp do not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition...
Design/Logic Flaw
The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks...
ALPINE-CVE-2017-18018
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition...
CVE-2017-18018
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition...
CVE-2017-18018
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition...
KDE 1.1.2 KApplication configfile vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/1291/info The KDE configuration-file management has a bug which could result in root compromise. Due to insecure creation of configuration rc files via KApplication-class, local users can modify ownership of arbitrary fil...
KDE 1.1.2 KApplication configfile vulnerability (3)
No description provided by source. source: http://www.securityfocus.com/bid/1291/info The KDE configuration-file management has a bug which could result in root compromise. Due to insecure creation of configuration rc files via KApplication-class, local users can modify ownership of arbitrary fil...
CDRTools 2.0 RSCSI Debug File Arbitrary Local File Manipulation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8328/info It has been reported that the rscsi utility may provide for the modification of ownership and the corruption of arbitrary attacker specified files. It has been reported that a local attacker may invoke the rscsi...
KDE 1.1.2 KApplication configfile - Local Privilege Escalation (1)
KDE 1.1.2 KApplication configfile - Local Privilege Escalation 1 source: https://www.securityfocus.com/bid/1291/info The KDE configuration-file management has a bug which could result in root compromise. Due to insecure creation of configuration rc files via KApplication-class, local users can...
CVE-2000-0366
dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files...