Lucene search
K

101 matches found

Oracle linux
Oracle linux
added 2020/03/18 12:0 a.m.42 views

zsh security update

5.0.2-34.el77.2 - improve printing of error messages introduced by the fix of CVE-2019-20044 5.0.2-33.el77.1 - drop privileges securely when unsetting PRIVILEGED option CVE-2019-20044...

7.8CVSS2.7AI score0.00495EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2020/03/17 4:43 p.m.34 views

Important: Red Hat Security Advisory: zsh security update

An update for zsh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

7.8CVSS7.2AI score0.00495EPSS
Exploits0References2
NVD
NVD
added 2019/11/19 11:15 p.m.18 views

CVE-2011-3350

masqmail 0.2.21 through 0.2.30 improperly calls seteuid in src/log.c and src/masqmail.c that results in improper privilege dropping...

9.8CVSS9.6AI score0.01686EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2019/11/19 11:15 p.m.31 views

CVE-2011-3350

masqmail 0.2.21 through 0.2.30 improperly calls seteuid in src/log.c and src/masqmail.c that results in improper privilege dropping...

9.8CVSS7.2AI score0.01686EPSS
Exploits0References1
Prion
Prion
added 2019/11/19 11:15 p.m.14 views

Input validation

masqmail 0.2.21 through 0.2.30 improperly calls seteuid in src/log.c and src/masqmail.c that results in improper privilege dropping...

7.5CVSS7.1AI score0.01686EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2019/11/19 10:16 p.m.62 views

CVE-2011-3350

masqmail versions 0.2.21–0.2.30 improperly call seteuid() in src/log.c and src/masqmail.c, resulting in improper privilege dropping. Affected by this is the ability to retain elevated privileges when dropping privileges, with no remediation details provided in the supplied documents. This vulnera...

9.8CVSS9.4AI score0.01686EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/11/19 10:16 p.m.22 views

CVE-2011-3350

masqmail 0.2.21 through 0.2.30 improperly calls seteuid in src/log.c and src/masqmail.c that results in improper privilege dropping...

9.6AI score0.01686EPSS
Exploits0References3
OSV
OSV
added 2019/10/29 7:15 p.m.3 views

DEBIAN-CVE-2012-1187

Bitlbee does not drop extra group privileges correctly in unix.c...

9.8CVSS8.6AI score0.01646EPSS
Exploits0References1
OSV
OSV
added 2017/09/05 6:29 p.m.3 views

ALPINE-CVE-2017-14159

slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command, ...

4.7CVSS6.7AI score0.00349EPSS
Exploits0References1
Prion
Prion
added 2017/03/22 8:59 p.m.22 views

Code injection

AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971...

10CVSS8.6AI score0.16179EPSS
Exploits12References4Affected Software3
Cvelist
Cvelist
added 2017/03/22 8:0 p.m.26 views

CVE-2017-6972

AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971...

8.7AI score0.14603EPSS
Exploits3References4
CVE
CVE
added 2017/03/22 8:0 p.m.92 views

CVE-2017-6972

CVE-2017-6972 affects AlienVault USM/OSSIM before 5.3.7 and NfSen before 1.3.8, exposing a privilege-dropping bug that causes NfSen Perl components to run as root. Public exploit references (exploit-db entries 42314, 42305/42306) describe remote command execution and potential root access when ex...

10CVSS8.6AI score0.14603EPSS
Exploits3References4Affected Software2
OpenVAS
OpenVAS
added 2015/10/06 12:0 a.m.34 views

Oracle: Security Advisory (ELSA-2010-0819)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.9CVSS5.1AI score0.00416EPSS
Exploits0References2
Prion
Prion
added 2015/08/17 12:0 a.m.19 views

Race condition

Race condition in runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages incorrect privilege dropping associated with a locking error...

9.3CVSS7.3AI score0.07421EPSS
Exploits1References6Affected Software1
CNVD
CNVD
added 2015/07/02 12:0 a.m.5 views

Apple MAC OS X Install.framework runner privilege dropping vulnerability

Apple Mac OS X is a commercial operating system. The Apple Mac OS X Install.framework 'runner' setuid program fails to properly discard privileges, allowing attackers to exploit the vulnerability to run malicious applications and execute arbitrary code...

9.3CVSS7.2AI score0.09301EPSS
Exploits1References1
CVE
CVE
added 2014/12/16 6:0 p.m.69 views

CVE-2014-8583

CVE-2014-8583 : mod_wsgi (Apache) before 4.2.4 fails to handle when it cannot drop group privileges during daemon process group creation, potentially allowing local privilege escalation via unspecified vectors. Affected software: mod_wsgi before 4.2.4. Impact: attacker could gain privileges with ...

6.9CVSS6.6AI score0.00403EPSS
Exploits0References10Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/12/09 12:0 a.m.25 views

openSUSE Security Update : apache2-mod_wsgi (openSUSE-SU-2014:1590-1)

apache2-modwsgi was updated to fix one security issue. This security issue was fixed : - Failure to handle errors when attempting to drop group privileges CVE-2014-8583. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

6.9CVSS5.3AI score0.00403EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.32 views

openSUSE Security Update : puppet (openSUSE-SU-2012:0835-1)

Fixed bnc747657: CVE-2012-1053, CVE-2012-1054: improper privilege dropping and file handling flaws This was done by updating to the new version in stable branch. The stable branch receives only security fixes and this update does not provide any new features. - Fixed bnc755869 CVE-2012-1988:...

6.9CVSS5.5AI score0.02632EPSS
Exploits0References12
OSV
OSV
added 2014/04/16 6:37 p.m.3 views

DEBIAN-CVE-2011-4406

The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors...

3.6CVSS6.7AI score0.00378EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.30 views

Oracle Linux 3 / 4 : util-linux (ELSA-2007-0969)

From Red Hat Security Advisory 2007:0969 : Updated util-linux packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The util-linux package contains a large...

7.2CVSS5.3AI score0.0044EPSS
Exploits0References3
Rows per page
Query Builder