Lucene search
+L

331 matches found

bdu_fstec
bdu_fstec
added 2022/04/20 12:0 a.m.13 views

The vulnerability of the Display Key Combination Fast Access swhkd in the Wayland display server protocol allows a hacker to access protected information or cause a service failure.

The vulnerability of the Display Key Combination daemon swhkd in the Wayland display server protocol implementation relates to the ability to save the PID of a process in the file /tmp/swhkd.pid and incorporate the PID of an existing process into it. Exploiting this vulnerability can allow a remo...

9.1CVSS7.2AI score0.00506EPSS
Exploits1References6Affected Software1
cnnvd
cnnvd
added 2022/03/30 12:0 a.m.5 views

SWHKD 后置链接漏洞

SWHKD is a display protocol independent hotkey daemon made in Rust. A denial of service vulnerability exists in SWHKD version 1.1.5, which stems from the insecure use of the /tmp/swhks.pid pathname and can be exploited by an attacker to potentially cause a denial of service...

7.1CVSS5.7AI score0.00493EPSS
Exploits1References4
nessus
nessus
added 2022/03/17 12:0 a.m.20 views

openSUSE 15 Security Update : chrony (openSUSE-SU-2022:0845-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:0845-1 advisory. - A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd...

6CVSS6.6AI score0.00485EPSS
Exploits0References16
cnnvd
cnnvd
added 2022/01/13 12:0 a.m.7 views

Zabbix Sia Zabbix 安全漏洞

Zabbix Sia Zabbix is an open source monitoring system from the Latvian company Zabbix SIA Zabbix Sia. The system supports network monitoring, server monitoring, cloud monitoring and application monitoring. A security vulnerability exists in Zabbix that stems from the DACOVERRIDE SELinux function...

7.5CVSS6.5AI score0.00796EPSS
Exploits0References6
nessus
nessus
added 2021/12/25 12:0 a.m.32 views

SUSE SLES12 Security Update : chrony (SUSE-SU-2021:4147-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2021:4147-1 advisory. Chrony was updated to 4.1: Add support for NTS servers specified by IP address matching Subject Alternative Name in server certificate Add...

6CVSS6.6AI score0.00485EPSS
Exploits0References26
rosalinux
rosalinux
added 2021/07/02 5:36 p.m.35 views

Advisory ROSA-SA-2021-1935

Software: openldap 2.4.44 OS: Cobalt 7.9 CVE-ID: CVE-2017-14159 CVE-Crit: MEDIUM CVE-DESC: slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping the privileges of a non-root account, which could allow local users to kill arbitrary processes using access to that non-root account t...

7.5CVSS8.1AI score0.84224EPSS
Exploits1
nessus
nessus
added 2021/07/02 12:0 a.m.31 views

EulerOS Virtualization for ARM 64 3.0.2.0 : chrony (EulerOS-SA-2021-2110)

According to the version of the chrony package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A flaw was found in chrony when creating the PID file under the /var/run/chrony folder. The file is created during chronyd...

6CVSS6.5AI score0.00485EPSS
Exploits0References2
prion
prion
added 2021/06/02 12:15 p.m.18 views

Input validation

It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform - Continuous Delivery EAP-CD introducing regression. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script ...

4.9CVSS6.2AI score0.00192EPSS
Exploits0References1
cvelist
cvelist
added 2021/06/02 11:27 a.m.36 views

CVE-2020-14317

It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform - Continuous Delivery EAP-CD introducing regression. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script ...

4.8AI score0.00192EPSS
Exploits0References1
oraclelinux
oraclelinux
added 2021/05/25 12:0 a.m.58 views

unbound security, bug fix, and enhancement update

1.7.3-15 - Fix SPEC file to not check md5 mtime and size of /var/lib/unbound/root.key - Resolves: rhbz1714175 - Use system-wide crypto policy setting PROFILE=SYSTEM instead of custom setting - Resolves: rhbz1842837 - Enable additional logging in unbound - Resolves: rhbz1850460 - security hardenin...

9.8CVSS0.02179EPSS
Exploits0
osv
osv
added 2021/05/20 8:51 a.m.16 views

OPENSUSE-SU-2021:0754-1 Security update for exim

This update for exim fixes the following issues: Exim was updated to exim-4.94.2 security update boo1185631 CVE-2020-28007: Link attack in Exim's log directory CVE-2020-28008: Assorted attacks in Exim's spool directory CVE-2020-28014: Arbitrary PID file creation CVE-2020-28011: Heap buffer overfl...

9.8CVSS8AI score0.82238EPSS
Exploits34References32
opensuse
opensuse
added 2021/05/20 12:0 a.m.84 views

Security update for exim (critical)

openSUSE Security Update: Security update for exim Announcement ID: openSUSE-SU-2021:0753-1 Rating: critical References: 1079832 1136587 1142207 1154183 1160726 1171490 1171877 1173693 1185631 Cross-References: CVE-2017-1000369 CVE-2017-16943 CVE-2017-16944 CVE-2018-6789 CVE-2019-10149...

10CVSS7.4AI score0.99961EPSS
Exploits59References9
opensuse
opensuse
added 2021/05/20 12:0 a.m.71 views

Security update for exim (critical)

openSUSE Security Update: Security update for exim Announcement ID: openSUSE-SU-2021:0754-1 Rating: critical References: 1079832 1171490 1171877 1173693 1185631 Cross-References: CVE-2017-1000369 CVE-2017-16943 CVE-2017-16944 CVE-2018-6789 CVE-2019-16928 CVE-2020-12783 CVE-2020-28007 CVE-2020-280...

9.8CVSS7.4AI score0.82238EPSS
Exploits34References5
osv
osv
added 2021/05/04 1:30 p.m.5 views

UBUNTU-CVE-2021-27216

Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a deletepidfile race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options...

6.3CVSS7.2AI score0.00976EPSS
Exploits4References4
bdu_fstec
bdu_fstec
added 2021/04/06 12:0 a.m.6 views

The vulnerability of the Chrony daemon in the implementation of the Network Time Protocol (NTP) allows a attacker to cause a service failure.

The vulnerability of the Chrony daemon in the implementation of the Network Time Protocol NTP is related to an incorrect definition of the link before accessing the file in the /var/run/chrony directory. Exploiting this vulnerability could allow a attacker to cause a service failure by using a...

6.2CVSS6.6AI score0.00485EPSS
Exploits0References11Affected Software3
osv
osv
added 2021/03/27 2:27 p.m.6 views

MGASA-2021-0154 Updated unbound packages fix a security vulnerability

Unbound contains a local vulnerability that would allow for a local symlink attack. When writing the PID file Unbound creates the file if it is not there, or opens an existing file for writing. In case the file was already present, it would follow symlinks if the file happened to be a symlink...

5.5CVSS7.1AI score0.00484EPSS
Exploits0References3
osv
osv
added 2021/03/15 9:40 p.m.6 views

USN-4808-1 tinyproxy vulnerability

It was discovered that Tinyproxy created its pid file with insecure permissions. An attacker could use the vulnerability to cause arbitrary processes to be killed, resulting in a denial of service...

5.5CVSS6AI score0.00292EPSS
Exploits0References2
nessus
nessus
added 2021/03/10 12:0 a.m.34 views

EulerOS Virtualization 3.0.6.6 : chrony (EulerOS-SA-2021-1462)

According to the version of the chrony packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created...

6CVSS6.5AI score0.00485EPSS
Exploits0References2
nessus
nessus
added 2021/03/10 12:0 a.m.35 views

EulerOS Virtualization 3.0.2.6 : chrony (EulerOS-SA-2021-1429)

According to the version of the chrony package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created...

6CVSS6.6AI score0.00485EPSS
Exploits0References2
osv
osv
added 2021/03/05 11:2 a.m.1 views

OESA-2021-1083 unbound security update

Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards. To help increase online privacy, Unbound supports DNS-over-TLS which allows clients to encrypt their communication. Unbound is available for most...

5.5CVSS6.5AI score0.00484EPSS
Exploits0References2
Rows per page
Query Builder