Lucene search
K

110 matches found

RedHat Linux
RedHat Linux
added 2020/06/23 7:44 p.m.4 views

docker: Ambient capability usage in containers

The runc version as used in docker 1.12.2 was incorrectly setting ambient capabilities for all processes executed inside containers. This caused processes of non-root users to run with unexpected privileges, allowing them to escalate their privileges to root...

7.5CVSS7.1AI score0.02731EPSS
Exploits0References5
Virtuozzo
Virtuozzo
added 2020/06/22 12:0 a.m.14 views

Virtuozzo Hybrid Server 7.5 Update 1 Hotfix 3 (7.5.1-737)

The Hotfix 3 for Virtuozzo Hybrid Server 7.5 Update 1 provides a stability and usability bug fix. Vulnerability id: PSBM-130586 VM disk resize functionality could stop working for non-root users after upgrading to version 7.5.1...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/04/29 12:0 a.m.33 views

SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2020:1133-1)

This update for samba fixes the following issues : Security issue fixed : CVE-2020-10704: Fixed a stack overflow in the AD DC CLDAP server bsc1169851. Non-security issues fixed : Fixed spnego fallback from kerberos to ntlmssp in smbd server bsc1169473. Fixed warning messages for non root users...

7.5CVSS7.9AI score0.03455EPSS
Exploits0References6
Cvelist
Cvelist
added 2020/04/03 7:5 a.m.27 views

CVE-2018-17954 crowbar provision leaks admin password to all nodes in cleartext

An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE...

9.3CVSS9.2AI score0.00318EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.13 views

Huawei EulerOS: Security Advisory for fuse (EulerOS-SA-2019-1382)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.9AI score0.01414EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.17 views

Huawei EulerOS: Security Advisory for fuse (EulerOS-SA-2019-1186)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.9AI score0.01414EPSS
Exploits3References2
OSV
OSV
added 2019/10/16 7:15 p.m.4 views

CVE-2019-17436

A Local Privilege Escalation vulnerability exists in GlobalProtect Agent for Linux and Mac OS X version 5.0.4 and earlier and version 4.1.12 and earlier, that can allow non-root users to overwrite root files on the file system...

7.1CVSS7.1AI score0.0031EPSS
Exploits0References1
NVD
NVD
added 2019/10/16 7:15 p.m.32 views

CVE-2019-17436

A Local Privilege Escalation vulnerability exists in GlobalProtect Agent for Linux and Mac OS X version 5.0.4 and earlier and version 4.1.12 and earlier, that can allow non-root users to overwrite root files on the file system...

7.1CVSS6.9AI score0.0031EPSS
Exploits0References1
Prion
Prion
added 2019/10/16 7:15 p.m.18 views

Privilege escalation

A Local Privilege Escalation vulnerability exists in GlobalProtect Agent for Linux and Mac OS X version 5.0.4 and earlier and version 4.1.12 and earlier, that can allow non-root users to overwrite root files on the file system...

6.6CVSS6.8AI score0.0031EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/10/16 6:6 p.m.33 views

CVE-2019-17436

A Local Privilege Escalation vulnerability exists in GlobalProtect Agent for Linux and Mac OS X version 5.0.4 and earlier and version 4.1.12 and earlier, that can allow non-root users to overwrite root files on the file system...

6.9AI score0.0031EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.17 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : fuse Vulnerability (NS-SA-2019-0073)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has fuse packages installed that are affected by a vulnerability: - A vulnerability was discovered in fuse. When SELinux is active, fusermount is vulnerable to a restriction bypass. This allows non-root users to mount a FUSE fi...

7.8CVSS6.7AI score0.01414EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2019/07/22 4:15 p.m.2 views

CVE-2019-13100

The Send Anywhere application 9.4.18 for Android stores confidential information insecurely on the system i.e., in cleartext, which allows a non-root user to find out the username/password of a valid user via /data/data/com.estmob.android.sendanywhere/sharedprefs/sendanywheredevice.xml...

6.5CVSS5.5AI score0.00754EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2019/05/14 12:0 a.m.105 views

EulerOS Virtualization for ARM 64 3.0.1.0 : fuse (EulerOS-SA-2019-1382)

According to the version of the fuse packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A vulnerability was discovered in fuse. When SELinux is active, fusermount 1is vulnerable to a restriction bypass. This...

7.8CVSS6.6AI score0.01414EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2019/04/22 12:0 a.m.19 views

Amazon Linux AMI : fuse (ALAS-2018-1123)

A vulnerability was discovered in fuse. When SELinux is active, fusermount is vulnerable to a restriction bypass. This allows non-root users to mount a FUSE file system with the 'allowother' mount option regardless of whether 'userallowother' is set in the fuse configuration. An attacker may use...

7.8CVSS6.6AI score0.01414EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2019/03/27 12:0 a.m.30 views

openSUSE Security Update : fuse (openSUSE-2019-823)

This update for fuse fixes the following issues : - CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the 'allowother' mount option regardless of whether 'userallowother' is set in the fuse...

7.8CVSS6.7AI score0.01414EPSS
Exploits3References2
Veracode
Veracode
added 2019/01/15 9:24 a.m.19 views

Privilege Escalation

github.com/projectatomic/libpod is vulnerable to privilege escalation attack. The vulnerability exists because it does not limit the capabilities of containers executed by non-root users in the default setting, resulting in the container running with higher privileges than required...

8.8CVSS8.6AI score0.00878EPSS
Exploits0References4Affected Software1
Talos
Talos
added 2019/01/02 12:0 a.m.25 views

Clean My Mac X securelyRemoveItemAtPath privilege escalation vulnerability

Summary An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product...

7.1CVSS5.9AI score0.00309EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/12/28 12:0 a.m.29 views

EulerOS Virtualization 2.5.2 : fuse (EulerOS-SA-2018-1409)

According to the version of the fuse packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allo...

7.8CVSS6.9AI score0.01414EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2018/12/10 12:0 a.m.22 views

Amazon Linux 2 : fuse (ALAS-2018-1123)

A vulnerability was discovered in fuse. When SELinux is active, fusermount is vulnerable to a restriction bypass. This allows non-root users to mount a FUSE file system with the 'allowother' mount option regardless of whether 'userallowother' is set in the fuse configuration. An attacker may use...

7.8CVSS6.6AI score0.01414EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2018/11/02 12:0 a.m.26 views

F5 Networks BIG-IP : vCMP vulnerability (K03165684)

Malicious root users with access to a vCMP guest can disrupt service on adjacent vCMP guests running on the same host. Exploiting this vulnerability causes the vcmpd process on the adjacent vCMP guest to restart and produce a core file. This issue is only exploitable on a vCMP guest which is...

5.4CVSS5.7AI score0.00427EPSS
Exploits0References2
Rows per page
Query Builder