CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root scrip...

7.8CVSS6.8AI score0.00043EPSS

Exploits0References1

Veracode•added 2022/12/08 11:11 a.m.•16 views

Denial Of Service (DoS)

libp2p is vulnerable to denial of service. The vulnerability is due to improper validation in the number of requests, which results in the host OS killing the process...

7.5CVSS7.1AI score0.00353EPSS

Exploits0References3Affected Software1

Kitploit•added 2022/05/10 12:30 a.m.•22 views

AutoResponder - Carbon Black Response IR Tool

What is it? AutoResponder is a tool aimed to help people to carry out their Incident Response tasks WITH the help of Carbon Black Response's awesome capabilities and WITHOUT much bothering IT/System/Network Teams What can it do? Module | ✔️ / ❌ ---|--- Delete Files | ✔️ Delete Registry Values | ✔️...

7.5AI score

Exploits0References3

OSV•added 2019/03/12 5:40 p.m.•5 views

SUSE-SU-2019:13976-1 Security update for supportutils

This update for supportutils fixes the following issues: Security vulnerabilities fixed: - CVE-2018-19636: Local root exploit via inclusion of attacker controlled shell script bsc1117751 - CVE-2018-19640: Users can kill arbitrary processes bsc1118463 - CVE-2018-19638: User can overwrite arbitrary...

7.8CVSS8AI score0.00185EPSS

Exploits0References9

OSV•added 2019/02/25 10:55 a.m.•5 views

SUSE-SU-2019:0480-1 Security update for supportutils

This update for supportutils fixes the following issues: Security issues fixed: - CVE-2018-19640: Fixed an issue where users could kill arbitrary processes bsc1118463. - CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files bsc1118460. - CVE-2018-19639: Fixed a code...

7.8CVSS6.8AI score0.00185EPSS

Exploits0References18

Prion•added 2019/01/14 10:29 p.m.•25 views

Code injection

It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user e.g. User field set in the service file, a local attacker who is able to write to the PIDFile of the mentioned service may use this fl...

1.9CVSS5.3AI score0.00158EPSS

Exploits0References5Affected Software3

CVE•added 2018/03/12 4:0 a.m.•44 views

CVE-2017-18226

CVE-2017-18226 affects Gentoo net-im/jabberd2 up to version 2.6.1, where the process creates/uses /var/run/jabber owned by the jabber user. This ownership could allow local attackers to modify a PID file and kill a root-owned process by exploiting a window between PID-file modification and the ro...

5.5CVSS5.7AI score0.00102EPSS

Exploits0References1Affected Software1

Prion•added 2017/09/13 5:29 p.m.•9 views

Code injection

It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes...

4.9CVSS5.4AI score0.00106EPSS

Exploits0References1

RedhatCVE•added 2017/09/12 3:18 p.m.•16 views

CVE-2017-7560

It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes...

5.5CVSS4.1AI score0.00106EPSS

Exploits0References1

OSV•added 2017/09/01 5:29 a.m.•2 views

CVE-2017-14102

MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command, as...

7.8CVSS6.6AI score

Exploits0References2

Debian CVE•added 2017/07/30 4:0 p.m.•15 views

CVE-2017-11747

main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a...

5.5CVSS5.4AI score0.00034EPSS

Exploits0

CVE•added 2012/10/01 6:0 p.m.•51 views

CVE-2012-4833

CVE-2012-4833 affects IBM AIX 6.1 and 7.1 (and related VIOS) where fuser/ -k is improperly restricted, allowing a local attacker to kill another user’s processes and cause a denial of service. The connected Nessus advisories (e.g., U854841/U854868/U854603 for bos.rte.filesystem and IV28756/IV2874...

2.1CVSS6AI score0.00054EPSS

Exploits0References9Affected Software2

Prion•added 2011/11/26 3:57 a.m.•13 views

Command injection

IBM WebSphere MQ 6.0 on OpenVMS, when the default rights of the MQM group are established, does not properly verify User Authorization File UAF data, which allows local users to kill listener processes and the command server via a control command...

1.9CVSS6.7AI score0.00051EPSS

Exploits0References3Affected Software1

NVD•added 2011/05/20 10:55 p.m.•11 views

CVE-2011-2147

Openswan 2.2.x does not properly restrict permissions for 1 /var/run/starter.pid, related to starter.c in the IPsec starter, and 2 /var/lock/subsys/ipsec, which allows local users to kill arbitrary processes by writing a PID to a file, or possibly bypass disk quotas by writing arbitrary data to a...

3.6CVSS6.5AI score0.00043EPSS

Exploits0References4

CVE•added 2007/02/03 11:0 p.m.•47 views

CVE-2007-0474

Smb4K prior to 0.8.0 contains a design issue in the smb4k_kill utility that, if the user is in the sudoers list, allows local attackers to kill arbitrary processes. This is evidenced by multiple sources referencing CVE-2007-0474 and the related advisories, which describe the privilege-escalation ...

3.3CVSS6.2AI score0.00072EPSS

Exploits0References14Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by