Lucene search
K

125 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 3:36 a.m.5 views

SUSE CVE-2021-43816

containerd is an open source container runtime. On installations using SELinux, such as EL8 CentOS, RHEL, Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface CRI, an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any...

9.1CVSS7.1AI score0.0169EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:28 a.m.4 views

SUSE CVE-2022-23132

During Zabbix installation from RPM, DACOVERRIDE SELinux capability is in use to access PID files in /var/run/zabbix folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level...

7.5CVSS6.4AI score0.00796EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.4 views

Carlo Gavazzi UWP SQL注入漏洞

Carlo Gavazzi UWP is a monitoring and control Universal Web Platform from Carlo Gavazzi. for applications such as building automation, energy efficiency performance management and parking lot guidance. Carlo Gavazzi UWP 3.0 suffers from a SQL injection vulnerability that can be exploited by a...

9.4CVSS8.6AI score0.00928EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.5 views

Carlo Gavazzi UWP 信任管理问题漏洞

Carlo Gavazzi UWP is a monitoring and control Universal Web Platform from Carlo Gavazzi. for applications such as building automation, energy efficiency performance management and parking lot guidance. A trust management issue vulnerability exists in Carlo Gavazzi UWP 3.0, which can be exploited ...

9.8CVSS8.4AI score0.00872EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.4 views

Carlo Gavazzi UWP 路径遍历漏洞

Carlo Gavazzi UWP is a monitoring and control Universal Web Platform from Carlo Gavazzi. It is used for applications such as building automation, energy efficiency performance management and parking lot guidance. A path traversal vulnerability exists in Carlo Gavazzi UWP 3.0, which can be exploit...

9.8CVSS8.6AI score0.01096EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.4 views

Carlo Gavazzi UWP 跨站脚本漏洞

Carlo Gavazzi UWP is a monitoring and control Universal Web Platform from Carlo Gavazzi. It is used for applications such as building automation, energy efficiency performance management and parking lot guidance. A cross-site scripting vulnerability exists in Carlo Gavazzi UWP 3.0, which can be...

6.1CVSS6.1AI score0.00363EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.5 views

Carlo Gavazzi UWP SQL注入漏洞

Carlo Gavazzi UWP is a monitoring and control Universal Web Platform from Carlo Gavazzi. It is used for applications such as building automation, energy efficiency performance management and parking lot guidance. A SQL injection vulnerability exists in Carlo Gavazzi UWP 3.0, which can be exploite...

7.5CVSS7.7AI score0.00853EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/08/11 12:0 a.m.4 views

PT-2022-14566 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue concerns a missing permission check in the SELinux policy, which could allow local information disclosure about the websites being opened in the browser. This can be exploited without...

3.3CVSS3.7AI score0.00094EPSS
Exploits0References2
Prion
Prion
added 2022/05/31 8:15 p.m.16 views

Authentication flaw

TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing HTAP workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access...

4.6CVSS7.8AI score0.00311EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/05/31 7:30 p.m.6 views

CVE-2022-31011 TiDB authentication bypass vulnerability

TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing HTAP workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access...

7.8CVSS7.9AI score0.00311EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/05/31 7:30 p.m.35 views

CVE-2022-31011 TiDB authentication bypass vulnerability

TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing HTAP workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access...

7.8CVSS8.1AI score0.00311EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/11/16 12:0 a.m.25 views

Fedora: Security Advisory for libsepol (FEDORA-2021-67efe88c29)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

3.3CVSS4.5AI score0.00592EPSS
Exploits4References2
Microsoft CVE
Microsoft CVE
added 2021/11/08 8:0 a.m.1 views

An issue was discovered in the Linux kernel before 5.14.8. A use-after-free in selinux_ptrace_traceme (aka the SELinux handler for PTRACE_TRACEME) could be used by local attackers to cause memory corruption and escalate privileges aka CID-a3727a8bac0a. This occurs because of an attempt to access the subjective credentials of another task.

...

7.8CVSS8.8AI score0.00475EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2021/10/22 12:0 a.m.19 views

The vulnerability of the Synergia operating system, related to errors in access control policies of SELinux, allows a perpetrator to gain read access to system files.

The vulnerability of the Synergia operating system is related to errors in access control policies of SELinux. Exploiting this vulnerability can allow an attacker to gain read access to system files...

5.1CVSS5.5AI score
Exploits0
OSV
OSV
added 2021/10/06 3:15 p.m.5 views

CVE-2021-0691

In the SELinux policy configured in systemapp.te, there is a possible way for systemapp to gain code execution in other processes due to an overly-permissive SELinux policy. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed fo...

6.7CVSS6.2AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/07/20 12:0 a.m.7 views

The vulnerability of the cil_reset_classpermission() function in the SELinux access control system allows a perpetrator to trigger a service failure.

The vulnerability of the cilresetclasspermission function in the SELinux access control system is related to the use of memory after it is freed. Exploiting this vulnerability could allow a attacker to cause a service failure...

5.5CVSS6.4AI score0.00592EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/07/20 12:0 a.m.6 views

The vulnerability of the __cil_verify_classperms() function in the SELinux access control system allows a perpetrator to trigger a service failure.

The vulnerability of the cilverifyclassperms function in the SELinux access control system is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to trigger a service failure...

5.5CVSS6.4AI score0.00481EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2021/07/01 3:15 a.m.4 views

UBUNTU-CVE-2021-36087

The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmapmatchany called indirectly from cilcheckneverallow. This occurs because there is sometimes a lack of checks for invalid statements in an optional block...

3.3CVSS6.9AI score0.00453EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/07/01 12:0 a.m.5 views

SELinux 资源管理错误漏洞

SELinux is a Linux subsystem from the National Security Agency that uses a secure architecture that allows administrators to better control who has access to the system. A security vulnerability exists in SELinux version 3.2, which stems from a use-after-free in the SELinux CIL compiler in the...

3.3CVSS5.6AI score0.00592EPSS
Exploits1References30
CNNVD
CNNVD
added 2021/07/01 12:0 a.m.3 views

SELinux 缓冲区错误漏洞

SELinux is a Linux subsystem from the National Security Agency that uses a secure architecture that allows administrators to better control who has access to the system. A security vulnerability exists in SELinux version 3.2, which stems from a heap-based buffer overflow in the CIL compiler in...

3.3CVSS5.9AI score0.00453EPSS
Exploits1References32
Rows per page
Query Builder