Command injection

An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check...

DEBIAN-CVE-2019-3689

The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If...

Splitting atoms in XNU

Posted by Ian Beer, Google Project Zero TL;DR A locking bug in the XNU virtual memory subsystem allowed violation of the preconditions required for the correctness of an optimized virtual memory operation. This was abused to create shared memory where it wasn't expected, allowing the creation of ...

Samsung SmartThings Hub video-core Database shard.videoHostURL Code Execution Vulnerability

Summary An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core’s HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on th...

Google Android - 'sensord' Local Privilege Escalation

/ Android sensord 0day root exploit by s0m3b0dy tested on LG L7 PL need pentests? s0m3b0dy1atgmail.com some Android devices have sensord deamon, for some ROMs the deamon is running as root processthere we can use this exploit and --------- root@android:/ strace sensord...

Apple iOS Process Modification Vulnerability

Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. Apple iOS has a security vulnerability in the ROOT process using the processorsettasks API that allows a local process to modify other processes without authorization checks...

CVE-2013-7441

The modern style negotiation in Network Block Device nbd-server 2.9.22 through 3.3 allows remote attackers to cause a denial of service root process termination by 1 closing the connection during negotiation or 2 specifying a name for a non-existent export...

CVE-2013-7441

The modern style negotiation in Network Block Device nbd-server 2.9.22 through 3.3 allows remote attackers to cause a denial of service root process termination by 1 closing the connection during negotiation or 2 specifying a name for a non-existent export...

CVE-2013-7441

The modern style negotiation in Network Block Device nbd-server 2.9.22 through 3.3 allows remote attackers to cause a denial of service root process termination by 1 closing the connection during negotiation or 2 specifying a name for a non-existent export...

CVE-2013-7441

The modern style negotiation in Network Block Device nbd-server 2.9.22 through 3.3 allows remote attackers to cause a denial of service root process termination by 1 closing the connection during negotiation or 2 specifying a name for a non-existent export...

FreeBSD : libXfont -- X Font Service Protocol and Font metadata file handling issues (b060ee50-daba-11e3-99f2-bcaec565249c)

Alan Coopersmith reports : Ilja van Sprundel, a security researcher with IOActive, has discovered several issues in the way the libXfont library handles the responses it receives from xfs servers, and has worked with X.Org's security team to analyze, confirm, and fix these issues. Most of these...

libXfont -- X Font Service Protocol and Font metadata file handling issues

Alan Coopersmith reports: Ilja van Sprundel, a security researcher with IOActive, has discovered several issues in the way the libXfont library handles the responses it receives from xfs servers, and has worked with X.Org's security team to analyze, confirm, and fix these issues. Most of these...

Apache 2.2 - Scoreboard Invalid Free On Shutdown

Source: http://www.halfdog.net/Security/2011/ApacheScoreboardInvalidFreeOnShutdown/ Introduction Apache 2.2 webservers may use a shared memory segment to share child process status information scoreboard between the child processes and the parent process running as root. A child running with lowe...

Varnish privilege escalation

There is a process executing commands with root privileges...

Ubuntu Update for linux-source-2.6.15 vulnerabilities USN-578-1

Ubuntu Update for Linux kernel vulnerabilities USN-578-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5781.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for linux-source-2.6.15 vulnerabilities USN-578-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

Issue with core dump owner

The docoredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive informatio...

Security feature bypass

The Application Firewall in Apple Mac OS X 10.5 does not prevent a root process from accepting incoming connections, even when "Block incoming connections" has been set for its associated executable, which might allow remote attackers or local root processes to bypass intended access restrictions...

Ubuntu 6.06 LTS : linux-source-2.6.15 vulnerabilities (USN-508-1)

A buffer overflow was discovered in the Moxa serial driver. Local attackers could execute arbitrary code and gain root privileges. CVE-2005-0504 A flaw was discovered in the IPv6 stack's handling of type 0 route headers. By sending a specially crafted IPv6 packet, a remote attacker could cause a...

USN-509-1: Linux kernel vulnerabilities

A flaw in the sysfsreaddir function allowed a local user to cause a denial of service by dereferencing a NULL pointer. CVE-2007-3104 A buffer overflow was discovered in the random number generator. In environments with granular assignment of root privileges, a local attacker could gain additional...

NetBSD Security Advisory 2006-002: settimeofday() time wrap

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NetBSD Security Advisory 2006-002 ================================= Topic: settimeofday time wrap Version: NetBSD-current: source prior to December 5, 2005 NetBSD 3.0: not affected NetBSD 2.1: affected NetBSD 2.0.3: affected NetBSD 1.6.2: affected...