Lucene search
+L

147 matches found

Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.26 views

PT-2026-26067

When a plugin is installed using the Arturia Software Center MacOS, it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the...

8.2CVSS5.9AI score0.00127EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/03/06 7:52 a.m.5 views

CVE-2026-29126

Incorrect permission assignment world-writable file in /etc/udhcpc/default.script in International Data Casting IDC SFX2100 Satellite Receiver allows a local unprivileged attacker to potentially execute arbitrary commands with root privileges local privilege escalation and persistence via...

8.5CVSS6AI score0.00142EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/05 6:30 a.m.7 views

EUVD-2026-9789

IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components e.g., zebra, bgpd, ospfd, and ripd that are owned by root but world-readable. The configuration files e.g., zebra.conf, bgpd.conf, ospfd.conf, ripd.conf contain hardcoded or otherwise...

8.6CVSS6AI score0.00277EPSS
Exploits1References2
NVD
NVD
added 2026/03/05 6:16 a.m.5 views

CVE-2026-29128

IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components e.g., zebra, bgpd, ospfd, and ripd that are owned by root but world-readable. The configuration files e.g., zebra.conf, bgpd.conf, ospfd.conf, ripd.conf contain hardcoded or otherwise...

10CVSS0.00277EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/05 1:51 a.m.16 views

CVE-2026-29126 World-Writable, Root Owned/Run `/etc/udhcpc/default.script` in IDC SFX2100 Satellite Receiver Leads To Potential LPE

Incorrect permission assignment world-writable file in /etc/udhcpc/default.script in International Data Casting IDC SFX2100 Satellite Receiver allows a local unprivileged attacker to potentially execute arbitrary commands with root privileges local privilege escalation and persistence via...

8.5CVSS6.1AI score0.00142EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/05 1:51 a.m.30 views

CVE-2026-29126 World-Writable, Root Owned/Run `/etc/udhcpc/default.script` in IDC SFX2100 Satellite Receiver Leads To Potential LPE

Incorrect permission assignment world-writable file in /etc/udhcpc/default.script in International Data Casting IDC SFX2100 Satellite Receiver allows a local unprivileged attacker to potentially execute arbitrary commands with root privileges local privilege escalation and persistence via...

8.5CVSS0.00142EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.12 views

PT-2026-23100

Name of the Vulnerable Software and Affected Versions International Data Casting IDC SFX2100 affected versions not specified Description A SUID root-owned binary located in /home/xd/terminal/XDTerminal allows a local actor to potentially perform local privilege escalation depending on system...

8.6CVSS5.9AI score0.00127EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.5 views

PT-2026-23134

Name of the Vulnerable Software and Affected Versions IDC SFX2100 Satellite Receiver affected versions not specified Description The IDC SFX2100 Satellite Receiver firmware includes daemon configuration files zebra, bgpd, ospfd, and ripd owned by root but accessible to all users. These files...

8.6CVSS5.8AI score0.00277EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : nano-2.9.8-3.el8_10 (AXSA:2024-8840:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8840:01 advisory. nano: running chmod and chown on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file CVE-2024-5742...

6.7CVSS5.6AI score0.00346EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/10/27 12:0 a.m.3 views

CVE-2025-12200

Last updated 29 October 2025 Notes mdeslaur This issue requires replacing the root-owned configuration file. See https://www.openwall.com/lists/oss-security/2025/10/27/1 This CVE is likely to be rejected. Marking as deferred for now...

4.8CVSS6.5AI score0.00012EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/10/27 12:0 a.m.3 views

CVE-2025-12199

Last updated 29 October 2025 Notes mdeslaur This issue requires replacing the root-owned configuration file. See https://www.openwall.com/lists/oss-security/2025/10/27/1 This CVE is likely to be rejected. Marking as deferred for now...

4.8CVSS4.1AI score0.00012EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/10/27 12:0 a.m.7 views

CVE-2025-12198

Last updated 29 October 2025 Notes mdeslaur This issue requires replacing the root-owned configuration file. See https://www.openwall.com/lists/oss-security/2025/10/27/1 This CVE is likely to be rejected. Marking as deferred for now...

8.5CVSS7.4AI score0.00012EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-27711

Malicious code in bioql PyPI...

7.8CVSS6.5AI score0.00201EPSS
Exploits0References2
Mageia
Mageia
added 2025/09/01 6:20 p.m.7 views

Updated ceph packages fix vulnerability

Security regression CVE-2025-52555 that would have allowed an user to read, write and execute to any directory owned by root as long as they chmod 777 it...

6.5CVSS7.3AI score0.0017EPSS
Exploits0References3
OSV
OSV
added 2025/07/18 2:48 p.m.3 views

OESA-2025-1838 ceph security update

Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. Security Fixes: Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through...

6.5CVSS7.5AI score0.0017EPSS
Exploits0References2
NVD
NVD
added 2025/06/26 9:15 p.m.6 views

CVE-2025-52555

Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access. The result of this is tha...

6.5CVSS0.0017EPSS
Exploits0References3
OSV
OSV
added 2025/05/26 4:15 p.m.5 views

ALPINE-CVE-2025-23395

Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with root ownership, the invoking user's real group ownership and file mode 0644. All data written to the...

7.3CVSS7.1AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:26 p.m.6 views

CVE-2020-28014

Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten...

6.1CVSS6.3AI score0.0094EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/03/19 12:0 a.m.10 views

RockyLinux 9 : nano (RLSA-2024:9430)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:9430 advisory. nano: running chmod and chown on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file CVE-2024-5742...

6.7CVSS7.2AI score0.00346EPSS
Exploits0References3
OSV
OSV
added 2024/11/12 1:15 p.m.5 views

CVE-2024-29119

A vulnerability has been identified in Spectrum Power 7 All versions V24Q3. The affected product contains several root-owned SUID binaries that could allow an authenticated local attacker to escalate privileges...

8.5CVSS5.7AI score0.00141EPSS
Exploits0References1
Rows per page
Query Builder