792 matches found
SUSE CVE-2024-48990
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable...
Important: oath-toolkit
Issue Overview: oath-toolkit: Local root exploit in a PAM module CVE-2024-47191 Affected Packages: oath-toolkit Issue Correction: Run dnf update oath-toolkit --releasever 2023.6.20241010 to update your system. New Packages: aarch64: libpskc-debuginfo-2.6.12-1.amzn2023.0.1.aarch64 ...
IntelliNet 2.0 Remote Root Exploit
Zero day remote root exploit for IntelliNet version 2.0. It affects multiple devices of AES Corp and Siemens. The exploit provides a remote shell and escalates your permissions to full root permissions by abusing execsuid. No authentication needed at all, neither any interaction from the victim...
IntelliNet 2.0 Remote Root
!/usr/local/bin/node const execSync = require'childprocess'; const readline = require'readline'; let TARGET = ''; let COMMAND = ''; let SESSION = ''; const ESCALATE = '/usr/aes/bin/execsuid'; console.log ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⢠⣾⡄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⢀⣼⣿⣧⣶⣶⣶⣦⣤⣀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀...
CVE-2024-2746
Incomplete fix for CVE-2024-1929 The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a local root exploit by tricking the daemon into loading a user controlled "plugin". All of this happened before Polkit...
AZL-40340 CVE-2024-1929 affecting package dnf5 for versions less than 5.1.11-3
Local Root Exploit via Configuration Dictionary in dnf5daemon-server before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary. There are issues with the D-Bus interface long before Polkit is invoked. The org.rpm.dnf.v0.SessionManager.opensession...
CVE-2024-2746 Incomplete fix for CVE-2024-1929
Incomplete fix for CVE-2024-1929 The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a local root exploit by tricking the daemon into loading a user controlled "plugin". All of this happened before Polkit...
CVE-2024-1929 Local Root Exploit via Configuration Dictionary
Local Root Exploit via Configuration Dictionary in dnf5daemon-server before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary. There are issues with the D-Bus interface long before Polkit is invoked. The org.rpm.dnf.v0.SessionManager.opensession...
CVE-2024-1929 Local Root Exploit via Configuration Dictionary
Local Root Exploit via Configuration Dictionary in dnf5daemon-server before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary. There are issues with the D-Bus interface long before Polkit is invoked. The org.rpm.dnf.v0.SessionManager.opensession...
CVE-2024-1929
CVE-2024-1929 is a local root vulnerability in dnf5daemon-server prior to 5.1.17. The issue stems from a D-Bus config map (open_session) where an untrusted nested config map under the key
PT-2024-18431 · Unknown +1 · Dnf5Daemon-Server +1
Name of the Vulnerable Software and Affected Versions: dnf5daemon-server versions before 5.1.17 Description: The issue concerns a local root exploit via a configuration dictionary in the dnf5daemon-server. It affects confidentiality and integrity. The org.rpm.dnf.v0.SessionManager.open session...
KernelSU Security Vulnerability
kernelsu is a kernel-based solution for obtaining root privileges on Android devices. A security vulnerability exists in KernelSU 0.7.1 and earlier versions, which stems from the fact that the logic in the KernelSU kernel module for obtaining the path to an apk can be bypassed, resulting in any...
VulnCheck KEV: CVE-2022-34753
A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause remote root exploit when the command is compromised. Affected Products: SpaceLogic C-Bus Home Controller 5200WHC2, formerly known as C-Bus Wiser Homer...
HospitalRun 1.0.0-beta - Local Root Exploit
Exploit Title: HospitalRun 1.0.0-beta - Local Root Exploit for macOS Written by Jean Pereira Date: 2023/03/04 Vendor Homepage: https://hospitalrun.io Software Link: https://github.com/HospitalRun/hospitalrun-frontend/releases/download/1.0.0-beta/HospitalRun.dmg Version: 1.0.0-beta Tested on: macO...
PT-2023-21162 · Xcat · Xcat
Name of the Vulnerable Software and Affected Versions: xCAT versions prior to 2.16.5 Description: xCAT is a toolkit for deployment and administration of computer clusters. If zones are configured as a mechanism to secure clusters in XCAT, it is possible for a local root user from one node to obta...
SUSE CVE-2020-12050
SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new contents that cause loading of an arbitrary library...
Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) Remote Root Exploit
Summary SpaceLogic C-Bus Home Automation System Lighting control and automation solutions for buildings of the future, part of SpaceLogic. SpaceLogic C-Bus is a powerful, fully integrated system that can control and automate lighting and many other electrical systems and products. The SpaceLogic...
CVE-2022-34753
A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause remote root exploit when the command is compromised. Affected Products: SpaceLogic C-Bus Home Controller 5200WHC2, formerly known as C-Bus Wiser Homer Controlle...
CVE-2022-34753
A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause remote root exploit when the command is compromised. Affected Products: SpaceLogic C-Bus Home Controller 5200WHC2, formerly known as C-Bus Wiser Homer Controlle...
CVE-2022-34753
A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause remote root exploit when the command is compromised. Affected Products: SpaceLogic C-Bus Home Controller 5200WHC2, formerly known as C-Bus Wiser Homer Controlle...