CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

738 matches found

Packet Storm•added 2024/03/28 12:0 a.m.•494 views

util-linux wall Escape Sequence Injection

Wall-Escape CVE-2024-28085 Skyler Ferrante: Escape sequence injection in util-linux wall ================================================================= Summary ================================================================= The util-linux wall command does not filter escape sequences from...

7.4AI score0.10933EPSS

Exploits3

RedhatCVE•added 2024/03/27 7:52 p.m.•150 views

CVE-2024-28085

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked. There may be plausible...

8.4CVSS6.8AI score0.10933EPSS

Exploits3References3

OSV•added 2024/03/27 7:15 p.m.•1 views

DEBIAN-CVE-2024-28085

3.3CVSS6.5AI score0.10933EPSS

Exploits3References1

OSV•added 2024/03/27 7:15 p.m.•3 views

AZL-37146 CVE-2024-28085 affecting package util-linux for versions less than 2.37.4-9

3.3CVSS7.1AI score0.10933EPSS

Exploits3References1

NVD•added 2024/03/27 7:15 p.m.•17 views

CVE-2024-28085

3.3CVSS7.3AI score0.10933EPSS

Exploits3References18

OSV•added 2024/03/27 7:15 p.m.•1 views

ALPINE-CVE-2024-28085

3.3CVSS6.9AI score0.10933EPSS

Exploits3References1

UbuntuCve•added 2024/03/27 12:0 a.m.•367 views

CVE-2024-28085

3.3CVSS6.9AI score0.10933EPSS

Exploits3References5

AlpineLinux•added 2024/03/27 12:0 a.m.•33 views

CVE-2024-28085

3.3CVSS6.5AI score0.10933EPSS

Exploits3References18

OSV•added 2024/03/27 12:0 a.m.•0 views

UBUNTU-CVE-2024-28085

3.3CVSS6.6AI score0.10933EPSS

Exploits3References6

OSV•added 2024/03/18 7:14 p.m.•2 views

CLSA-2024-1710789286 ncurses: Fix of 2 CVEs

CVE-2023-29491.patch: Mitigate vulnerability by building the packages with modified --disable-root-environ option which now limits usage of environment for setuid/setgid programs only - CVE-2021-39537.patch: Add a check for end-of-string in cvtchar to handle a malformed string in infotocap...

8.8CVSS6.9AI score0.0051EPSS

Exploits2References1

OSV•added 2024/03/06 10:55 a.m.•31 views

BIT-GOLANG-2023-29403 Unsafe behavior in setuid/setgid binaries in runtime

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I...

7.8CVSS8.6AI score0.00009EPSS

Exploits0References9

Tenable Nessus•added 2024/01/16 12:0 a.m.•27 views

EulerOS 2.0 SP11 : screen (EulerOS-SA-2023-2667)

According to the versions of the screen package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - socket.c in GNU Screen through 4.9.0, when installed setuid or setgid the default on platforms such as Arch Linux and FreeBSD, allows local users...

6.5CVSS6.4AI score0.00057EPSS

Exploits3References2

Tenable Nessus•added 2024/01/16 12:0 a.m.•34 views

EulerOS 2.0 SP11 : golang (EulerOS-SA-2023-2842)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which...

9.8CVSS7.5AI score0.00354EPSS

Exploits0References5

Tenable Nessus•added 2024/01/16 12:0 a.m.•28 views

EulerOS 2.0 SP10 : golang (EulerOS-SA-2023-2786)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The encoding/xml package in Go all versions does not correctly preserve the semantics of attribute namespace prefixes during tokenization...

9.8CVSS7.5AI score0.00354EPSS

Exploits0References7

Tenable Nessus•added 2024/01/16 12:0 a.m.•31 views

EulerOS 2.0 SP11 : golang (EulerOS-SA-2023-2859)

9.8CVSS7.5AI score0.00354EPSS

Exploits0References5

Tenable Nessus•added 2024/01/16 12:0 a.m.•19 views

EulerOS 2.0 SP10 : golang (EulerOS-SA-2023-2810)

9.8CVSS7.5AI score0.00354EPSS

Exploits0References7

Redos•added 2023/11/09 12:0 a.m.•41 views

ROS-20231109-01

Go programming language vulnerability is related to insecure external control of critical state data state when processing the setuid and setgid attributes. Exploitation of the vulnerability could allow an attacker, acting remotely, escalate their privileges and gain access to read, modify, or...

9.8CVSS8.3AI score0.06308EPSS

Exploits0

Tenable Nessus•added 2023/10/08 12:0 a.m.•17 views

GLSA-202310-08 : man-db: privilege escalation

The remote host is affected by the vulnerability described in GLSA-202310-08 man-db: privilege escalation - man-db before 2.8.5 on Gentoo allows local users with access to the man user account to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. Also, the owne...

7.8CVSS7.4AI score0.00071EPSS

Exploits1References3

OpenVAS•added 2023/09/20 12:0 a.m.•34 views

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-2859)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9AI score0.00354EPSS

Exploits0References2

OpenVAS•added 2023/09/05 12:0 a.m.•19 views

Huawei EulerOS: Security Advisory for screen (EulerOS-SA-2023-2709)

6.5CVSS6.8AI score0.00057EPSS

Exploits3References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by