8 matches found
CVE-2025-23395
Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with root ownership, the invoking user's real group ownership and file mode 0644. All data written to the...
WordPress miniorange otp verification Plugin <= 4.2.1 is vulnerable to Broken Access Control
Software miniorange otp verification Type Plugin Vulnerable versions = 4.2.1 Fixed in 4.2.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47776 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 60649c9bd1ee Credits Abdi Pranat...
SUSE CVE-2012-2111
The 1 CreateAccount, 2 OpenAccount, 3 AddAccountRights, and 4 RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obta...
CVE-2018-13606
The mintToken function of a smart contract implementation for ARChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value...
samba: Incorrect permission checks when granting/removing privileges
The 1 CreateAccount, 2 OpenAccount, 3 AddAccountRights, and 4 RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obta...
DEBIAN-CVE-2012-2111
The 1 CreateAccount, 2 OpenAccount, 3 AddAccountRights, and 4 RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obta...
[Backports-security-announce] Security Update for git-core
Sebastian Harl uploaded new packages for git-core which fixed the following security problems: DSA 1777-1, Debian bug 516669 Peter Palfrader discovered that on some architectures files under /usr/share/git-core/templates/ were owned by a non-root user. This allows a user with that uid on the loca...
GLSA-200504-12 : rsnapshot: Local privilege escalation
The remote host is affected by the vulnerability described in GLSA-200504-12 rsnapshot: Local privilege escalation The copysymlink subroutine in rsnapshot follows symlinks when changing file ownership, instead of changing the ownership of the symlink itself. Impact : Under certain circumstances,...