Lucene search
K

289 matches found

Prion
Prion
added 2020/10/10 9:15 p.m.14 views

Directory traversal

monero-wallet-gui in Monero GUI before 0.17.1.0 includes the . directory in an embedded RPATH with a preference ahead of /usr/lib, which allows local users to gain privileges via a Trojan horse library in the current working directory...

4.6CVSS7.5AI score0.00354EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/10/10 8:5 p.m.20 views

CVE-2020-26947

monero-wallet-gui in Monero GUI before 0.17.1.0 includes the . directory in an embedded RPATH with a preference ahead of /usr/lib, which allows local users to gain privileges via a Trojan horse library in the current working directory...

7.6AI score0.00354EPSS
Exploits0References2
OSV
OSV
added 2020/08/27 2:21 p.m.3 views

OPENSUSE-SU-2020:1270-1 Security update for gettext-runtime

This update for gettext-runtime fixes the following issues: - Fix boo941629-unnessary-rpath-on-standard-path.patch bsc941629 - Added msgfmt-double-free.patch to fix a double free error CVE-2018-18751 bsc1113719 - Add patch msgfmt-reset-msg-length-after-remove.patch which does reset the length of...

9.8CVSS9.5AI score0.04293EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2020/08/25 12:0 a.m.32 views

SUSE SLED15 / SLES15 Security Update : gettext-runtime (SUSE-SU-2020:2296-1)

This update for gettext-runtime fixes the following issues : Fix boo941629-unnessary-rpath-on-standard-path.patch bsc941629 Added msgfmt-double-free.patch to fix a double free error CVE-2018-18751 bsc1113719 Add patch msgfmt-reset-msg-length-after-remove.patch which does reset the length of messa...

9.8CVSS6.7AI score0.04293EPSS
Exploits1References6
0day.today
0day.today
added 2020/05/05 12:0 a.m.52 views

HP Performance Monitoring xglance Privilege Escalation Exploit

This Metasploit module is an exploit that takes advantage of xglance-bin, part of HP's Glance or Performance Monitoring version 11 and subsequent, which was compiled with an insecure RPATH option. The RPATH includes a relative path to -L/lib64/ which can be controlled by a user. Creating librarie...

4.4CVSS6.6AI score0.0708EPSS
Exploits9
Packet Storm
Packet Storm
added 2020/05/04 12:0 a.m.161 views

HP Performance Monitoring xglance Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP Performance Monitoring xglance Priv Esc', 'Description' = %q This exploit takes advantage of xglance-bin, part of HP's Glance or Performance...

4.4CVSS0.5AI score0.0708EPSS
Exploits9
Veracode
Veracode
added 2020/04/10 1:11 a.m.23 views

Arbitrary Code Execution

ibutils is vulnerable to arbitrary code execution. The vulnerability exists as it was found that the ibmssh executable had an insecure relative RPATH runtime library search path set in the ELF Executable and Linking Format header. A local user able to convince another user to run ibmssh in an...

4.4CVSS3.5AI score0.00444EPSS
Exploits0References4Affected Software1
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.36 views

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2019-1371)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS8.3AI score0.02698EPSS
Exploits0References2
Prion
Prion
added 2019/11/21 2:15 p.m.18 views

Code injection

Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permissions on the iodbctest and iodbctestw programs within the libiodbc package, which could allow local users to use RPATH information to execute arbitrary code with root privileges...

7.2CVSS7.7AI score0.0046EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2019/11/21 1:51 p.m.13 views

CVE-2013-7172

Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permissions on the iodbctest and iodbctestw programs within the libiodbc package, which could allow local users to use RPATH information to execute arbitrary code with root privileges...

7.8CVSS7.8AI score0.0046EPSS
Exploits0
NVD
NVD
added 2019/11/07 11:15 p.m.15 views

CVE-2008-3278

frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Linux 5 are built with an insecure RPATH set in the ELF header of multiple binaries in /usr/bin/f e.g. fcore, fcatch, fstack, fstep, ... shipped in the package. A local attacker can exploit this vulnerability by running arbitrary...

7.8CVSS7.7AI score0.0035EPSS
Exploits0References3
Prion
Prion
added 2019/11/07 11:15 p.m.20 views

Design/Logic Flaw

frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Linux 5 are built with an insecure RPATH set in the ELF header of multiple binaries in /usr/bin/f e.g. fcore, fcatch, fstack, fstep, ... shipped in the package. A local attacker can exploit this vulnerability by running arbitrary...

4.6CVSS7.3AI score0.0035EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/11/07 10:43 p.m.20 views

CVE-2008-3278

frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Linux 5 are built with an insecure RPATH set in the ELF header of multiple binaries in /usr/bin/f e.g. fcore, fcatch, fstack, fstep, ... shipped in the package. A local attacker can exploit this vulnerability by running arbitrary...

7.7AI score0.0035EPSS
Exploits0References3
CVE
CVE
added 2019/11/07 10:43 p.m.43 views

CVE-2008-3278

The CVE-2008-3278 entry is confirmed by connected sources: frysk packages shipped in Red Hat Enterprise Linux 5 (through 2008-08-05) are built with an insecure RPATH in the ELF header of multiple /usr/bin/f* binaries (e.g., fcore, fcatch, fstack, fstep). A local attacker can exploit this to run a...

7.8CVSS7.6AI score0.0035EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/08/05 1:40 p.m.19 views

CVE-2019-4473

Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984...

8.4CVSS7.7AI score0.0045EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/07/17 8:17 p.m.18 views

CVE-2019-11771

AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users...

7.9AI score0.00394EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/06/27 12:0 a.m.252 views

EulerOS 2.0 SP5 : glibc (EulerOS-SA-2019-1667)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - elf/dl-load.c in the GNU C Library aka glibc or libc6 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged setuid o...

9.3CVSS8.2AI score0.03954EPSS
Exploits6References6
IBM Security Bulletins
IBM Security Bulletins
added 2019/05/29 3:10 p.m.18 views

Security Bulletin: Vulnerabilities in IBM Java SDK (January 2019) affecting IBM Application Delivery Intelligence for IBM Z V5.1.0, V5.0.5 and V5.0.4

Summary Multiple vulnerabilities are identified in IBM® SDK Java™ Technology Edition Version 1.7 and Version 1.8 that are used by IBM Application Delivery Intelligence for IBM Z V5.1.0, V5.0.5, and V5.0.4 respectively. These issues were disclosed as part of the IBM Java SDK updates in January 201...

9.8CVSS1.2AI score0.04898EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/05/10 12:0 a.m.40 views

EulerOS Virtualization 2.5.4 : glibc (EulerOS-SA-2019-1371)

According to the version of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - elf/dl-load.c in the GNU C Library aka glibc or libc6 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a...

9.3CVSS7.7AI score0.02698EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2019/04/16 5:10 a.m.29 views

Security Bulletin: A security vulnerability has been identified in IBM Java Runtime could affect DB2 Query Management Facility (CVE-2018-12547, CVE-2019-2426, CVE-2018-1890, CVE-2018-12549, CVE-2018-11212)

Summary An unspecified vulnerability has been identified in IBM Java Runtime that could affect Db2 Query Management Facility. Vulnerability Details CVEID: CVE-2018-12547 CVSS Base Score: 9.8 DESCRIPTION: A widely used function in the OpenJ9 JVM is vulnerable to buffer overlows. Multiple Java...

9.8CVSS1AI score0.04898EPSS
Exploits2Affected Software2
Rows per page
Query Builder