21 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix accesses to uninit stack slots Privileged programs are supposed to be able to read uninitialized stack memory ever since 6715df8d5 but, before this patch, these accesses were permitted inconsistently. In particular,...
Ensure That Common Users Run Privileged Programs Using the sudo Command
The sudo command enables a specified common user to execute certain programs with the root permission. Most system management commands need to be executed by the root user. For the system administrator, properly authorizing other users can reduce the burden of the system administrator. However,...
Ensure That Common Users Run Privileged Programs Using the sudo Command
The sudo command enables a specified common user to execute certain programs with the root permission. Most system management commands need to be executed by the root user. For the system administrator, properly authorizing other users can reduce the burden of the system administrator. However,...
ALPINE-CVE-2023-6597
An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged...
UBUNTU-CVE-2023-6597
An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged...
CVE-2023-6597
An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged...
Design/Logic Flaw
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix accesses to uninit stack slots Privileged programs are supposed to be able to read uninitialized stack memory ever since 6715df8d5 but, before this patch, these accesses were permitted inconsistently. In particular,...
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-2253)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Arbitrary Code Execution
spice-gtk is vulnerable to arbitrary code execution attacks. The vulnerability exists as libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment...
PT-2014-3521 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 3.14.1 Description: The Netlink implementation in the Linux kernel does not provide a mechanism for authorizing socket operations based on the opener of a socket. This allows local users to bypass intended access...
CVE-2012-4425
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do...
CVE-2012-3524
libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the...
Code injection
libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the...
CVE-2012-4425
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do...
Fedora 13 : glibc-2.12.1-4 (2010-16655)
Require suid bit on audit objects in privileged programs CVE-2010-3856 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
glibc security update
2.5-49.el55.7 - Require suid bit on audit objects in privileged programs 645677, CVE-2010-3856...
Design/Logic Flaw
nilfs-utils before 2.0.14 installs multiple programs with unnecessary setuid privileges, which allows local users to execute arbitrary commands via the device string in a -c command line option to mkfs.nilfs2...
Apple Mac OSX 10.4.7 - Mach Exception Handling Local (10.3.x)
Apple Mac OSX 10.4.7 - Mach Exception Handling Local 10.3.x / excploit.c - 28 Nov 2005 - [email protected] Exploitable Mach Exception Handling Affected: Mac OS X 10.4.6 darwin 8.6.0 and older When a process executes a setuid executable, all existing rights to the task port are invalidated,...
Mac OS X <= 10.4.7 Mach Exception Handling Local Exploit (10.3.x 0day)
Exploit for macOS platform in category local exploits ====================================================================== Mac OS X = 10.4.7 Mach Exception Handling Local Exploit 10.3.x 0day ====================================================================== / excploit.c - 28 Nov 2005 -...
SCO Unixware 7.07.0.17.17.1.1 - Privileged Program Debugging
SCO Unixware 7.07.0.17.17.1.1 - Privileged Program Debugging // source: https://www.securityfocus.com/bid/869/info Unixware's security model includes the concept of privileges. These can be assigned to processes and allow them to perform tasks that otherwise could only be performed by the root...