Lucene search
K

101 matches found

Tenable Nessus
Tenable Nessus
added 2012/08/28 12:0 a.m.25 views

CentOS 6 : python-paste-script (CESA-2012:1206)

An updated python-paste-script package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

5.1CVSS5.5AI score0.0404EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2012/03/05 12:0 a.m.34 views

SuSE 11.1 Security Update : puppet (SAT Patch Number 5876)

This update of puppet fixes two vulnerabilities that could potentially be exploited by local attackers to escalate privileges due to improper privilege dropping and file handling issues symlink flaws in puppet. CVE-2012-1053 / CVE-2012-1054 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

6.9CVSS5.3AI score0.00384EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2011/07/06 12:0 a.m.39 views

RHEL 6 : krb5-appl (RHSA-2011:0920)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:0920 advisory. The krb5-appl packages provide Kerberos-aware telnet, ftp, rcp, rsh, and rlogin clients and servers. While these have been replaced by tools such as...

6.5CVSS5.9AI score0.03938EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2011/07/05 6:11 p.m.4 views

krb5-appl: ftpd incorrect group privilege dropping (MITKRB5-SA-2011-005)

It was found that ftpd, a Kerberos-aware FTP server, did not properly drop privileges. On Red Hat Enterprise Linux 5, the ftpd daemon did not check for the potential failure of the krb5setegid function call. On systems where the set real, set effective, or set saved group ID system calls might...

6.5CVSS6.3AI score0.03938EPSS
Exploits0References4
Debian
Debian
added 2011/04/11 4:49 p.m.28 views

[BSA-032] Security update for tmux

Daniel Danner discovered that tmux, a terminal multiplexer, is not properly dropping group privileges. Due to a patch introduced by Debian, when invoked with the -S option, tmux is not dropping permissions obtained through its setgid installation CVE-2011-1496. For the lenny-backports distributio...

4.6CVSS5.8AI score0.00952EPSS
Exploits6
Oracle linux
Oracle linux
added 2011/02/10 12:0 a.m.38 views

pam security update

1.1.1-4.1 - fix insecure dropping of priviledges in pamxauth, pamenv, and pammail - CVE-2010-3316 637898, CVE-2010-3435 641335 - fix insecure executing of scripts with user supplied environment variables in pamnamespace - CVE-2010-3853 643043...

7.2CVSS2.5AI score0.00416EPSS
Exploits0
OSV
OSV
added 2011/01/24 6:0 p.m.6 views

CVE-2010-3430

The privilege-dropping implementation in the 1 pamenv and 2 pammail modules in Linux-PAM aka pam 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a...

5.5AI score
Exploits0References16
OSV
OSV
added 2011/01/24 6:0 p.m.10 views

CVE-2010-3431

The privilege-dropping implementation in the 1 pamenv and 2 pammail modules in Linux-PAM aka pam 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unintended uid, as demonstrated by a symlink attack on...

5.5AI score
Exploits0References16
NVD
NVD
added 2011/01/24 6:0 p.m.23 views

CVE-2010-3430

The privilege-dropping implementation in the 1 pamenv and 2 pammail modules in Linux-PAM aka pam 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a...

4.7CVSS5.5AI score0.0034EPSS
Exploits0References16
NVD
NVD
added 2011/01/24 6:0 p.m.28 views

CVE-2010-3431

The privilege-dropping implementation in the 1 pamenv and 2 pammail modules in Linux-PAM aka pam 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unintended uid, as demonstrated by a symlink attack on...

1.9CVSS5.5AI score0.00349EPSS
Exploits0References16
CVE
CVE
added 2011/01/24 5:0 p.m.110 views

CVE-2010-3430

CVE-2010-3430 documents a privilege drop flaw in Linux-PAM (pam_env and pam_mail) where setfsgid/setgroups aren’t called, enabling local users to glean sensitive info via a symlink attack on ~/.pam_environment. The issue stems from Linux-PAM before version 1.1.2 pam_env/pam_mail reading files wit...

4.7CVSS5.5AI score0.0034EPSS
Exploits0References16Affected Software1
CVE
CVE
added 2011/01/24 5:0 p.m.93 views

CVE-2010-3431

The CVE-2010-3431 entry concerns Linux-PAM (pam) privilege elevation via pam_env/pam_mail. Affected if using pam before 1.1.2 where setfsuid return values are not checked, enabling local users to obtain sensitive information through root-privilege filesystem activity (notably a symlink attack on ...

1.9CVSS5.5AI score0.00349EPSS
Exploits0References16Affected Software1
Debian CVE
Debian CVE
added 2011/01/24 5:0 p.m.31 views

CVE-2010-3430

The privilege-dropping implementation in the 1 pamenv and 2 pammail modules in Linux-PAM aka pam 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a...

4.7CVSS5.5AI score0.0034EPSS
Exploits0
Cvelist
Cvelist
added 2011/01/24 5:0 p.m.32 views

CVE-2010-3430

The privilege-dropping implementation in the 1 pamenv and 2 pammail modules in Linux-PAM aka pam 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a...

5.4AI score0.0034EPSS
Exploits0References16
Debian CVE
Debian CVE
added 2011/01/24 5:0 p.m.28 views

CVE-2010-3431

The privilege-dropping implementation in the 1 pamenv and 2 pammail modules in Linux-PAM aka pam 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unintended uid, as demonstrated by a symlink attack on...

1.9CVSS5.5AI score0.00349EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2011/01/24 12:0 a.m.33 views

CVE-2010-3430

The privilege-dropping implementation in the 1 pamenv and 2 pammail modules in Linux-PAM aka pam 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a...

4.7CVSS6.6AI score0.0034EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2011/01/24 12:0 a.m.24 views

CVE-2010-3431

The privilege-dropping implementation in the 1 pamenv and 2 pammail modules in Linux-PAM aka pam 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unintended uid, as demonstrated by a symlink attack on...

1.9CVSS6.6AI score0.00349EPSS
Exploits0References2
Oracle linux
Oracle linux
added 2010/11/01 12:0 a.m.40 views

pam security update

0.99.6.2-6.2 - fix insecure dropping of priviledges in pamxauth and pammail - CVE-2010-3316 637898, CVE-2010-3435 641335 - fix insecure executing of scripts with user supplied environment variables in pamnamespace - CVE-2010-3853 643043...

6.9CVSS2.5AI score0.00416EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2008/01/29 12:0 a.m.12 views

CVE-2008-0008

The padroproot function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from 1 setresuid, 2 setreuid, 3 setuid, and 4 seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as...

7.2CVSS5.9AI score0.00556EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.17 views

Debian Security Advisory DSA 108-1 (wmtv)

The remote host is missing an update to wmtv announced via advisory DSA 108-1. OpenVAS Vulnerability Test $Id: deb1081.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 108-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

7.2CVSS0.7AI score0.00494EPSS
Exploits0
Rows per page
Query Builder