Lucene search
K

567 matches found

OpenVAS
OpenVAS
added 2025/08/12 12:0 a.m.2 views

Huawei EulerOS: Security Advisory for screen (EulerOS-SA-2025-1942)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6CVSS7.5AI score0.00213EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/08/12 12:0 a.m.2 views

Huawei EulerOS: Security Advisory for screen (EulerOS-SA-2025-1968)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6CVSS7.5AI score0.00213EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/08/12 12:0 a.m.2 views

Huawei EulerOS: Security Advisory for screen (EulerOS-SA-2025-1985)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6CVSS7.5AI score0.00213EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-46804

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not b...

3.3CVSS4.8AI score0.00213EPSS
Exploits0References3
CVE
CVE
added 2025/08/01 8:42 p.m.18 views

CVE-2012-10022

CVE-2012-10022 affects Kloxo 6.1.12 and earlier. It involves two setuid root binaries, lxsuexec and lxrestart; lxsuexec performs a uid check and allows execution of commands as root when the invoking user has uid 48, enabling local privilege escalation from a user with Apache-level access without...

8.5CVSS7.8AI score0.0035EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/08/01 8:42 p.m.14 views

CVE-2012-10022 Kloxo <= 6.1.12 Local Privilege Escalation

Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user matches uid 48. This flaw enables attacker...

8.5CVSS0.0035EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/08/01 12:0 a.m.9 views

PT-2025-31681 · Kloxo · Kloxo

Name of the Vulnerable Software and Affected Versions: Kloxo versions 6.1.12 and earlier Description: Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits...

8.5CVSS7.1AI score0.0035EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2025/06/23 3:35 a.m.4 views

libblockdev: LPE from allow_active to root in libblockdev via udisks

A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allowactive" user on a syst...

7CVSS7.4AI score0.00433EPSS
Exploits18References5
RedHat Linux
RedHat Linux
added 2025/06/23 2:35 a.m.5 views

libblockdev: LPE from allow_active to root in libblockdev via udisks

A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allowactive" user on a syst...

7CVSS7.4AI score0.00433EPSS
Exploits18References5
OSV
OSV
added 2025/05/30 1:49 p.m.2 views

OESA-2025-1579 screen security update

Screen is a full-screen window manager that multiplexes a physical terminal between several processes,typically interactive shells. Security Fixes: For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session.CVE-2025-46802 A minor information lea...

6CVSS6.3AI score0.00213EPSS
Exploits0References4
OSV
OSV
added 2025/05/26 4:15 p.m.5 views

ALPINE-CVE-2025-23395

Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with root ownership, the invoking user's real group ownership and file mode 0644. All data written to the...

7.3CVSS7.1AI score0.00201EPSS
Exploits0References1
NVD
NVD
added 2025/05/26 4:15 p.m.15 views

CVE-2025-23395

Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with root ownership, the invoking user's real group ownership and file mode 0644. All data written to the...

7.8CVSS0.00201EPSS
Exploits0References2
OSV
OSV
added 2025/05/26 4:15 p.m.5 views

CVE-2025-23395

Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with root ownership, the invoking user's real group ownership and file mode 0644. All data written to the...

7.8CVSS7.4AI score0.00201EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/05/26 3:18 p.m.13 views

CVE-2025-23395

Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with root ownership, the invoking user's real group ownership and file mode 0644. All data written to the...

7.8CVSS6.6AI score0.00201EPSS
Exploits0
Cvelist
Cvelist
added 2025/05/26 3:18 p.m.17 views

CVE-2025-23395 Local root exploit via `logfile_reopen()` in screen 5.0.0 with setuid-root bit set

Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with root ownership, the invoking user's real group ownership and file mode 0644. All data written to the...

7.8CVSS0.00201EPSS
Exploits0References2
CVE
CVE
added 2025/05/26 3:18 p.m.139 views

CVE-2025-23395

CVE-2025-23395 affects Screen 5.0.0 when run with setuid-root privileges. The root cause is that logfile_reopen() does not drop privileges while operating on a user-supplied path, allowing an unprivileged user to create files in arbitrary locations with root ownership, the invoking user’s real gr...

7.8CVSS6.1AI score0.00201EPSS
Exploits0References2
OSV
OSV
added 2025/05/26 2:15 p.m.3 views

ALPINE-CVE-2025-46805

Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root...

5.7CVSS6.9AI score0.00167EPSS
Exploits0References1
OSV
OSV
added 2025/05/26 2:15 p.m.1 views

DEBIAN-CVE-2025-46805

Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root...

5.7CVSS5.7AI score0.00167EPSS
Exploits0References1
OSV
OSV
added 2025/05/26 2:15 p.m.5 views

CVE-2025-46805

Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root...

5.7CVSS7AI score0.00167EPSS
Exploits0References2
NVD
NVD
added 2025/05/26 2:15 p.m.11 views

CVE-2025-46804

A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available. Affected are older Screen versions, as well as version 5.0.0...

3.3CVSS0.00213EPSS
Exploits0References2
Rows per page
Query Builder