3209 matches found
Code injection
An attacker can pre-create the /Applications/Google\ Drive.app/Contents/MacOS directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is run for the first time, it will place a binary in that directory with execute permissions and set i...
Google Drive for desktop 安全漏洞
Google Drive for desktop is a desktop synchronization client from Google USA. It allows you to easily manage and share content across all your devices and in the cloud. A security vulnerability exists in Google Drive for desktop versions prior to 64.0, which stems from the fact that an attacker c...
PT-2022-22080 · Google · Google Drive For Desktop
Name of the Vulnerable Software and Affected Versions: Google Drive for Desktop versions prior to 64.0 Description: An attacker can pre-create the "/Applications/Google Drive.app/Contents/MacOS" directory, which is expected to be owned by root, to be owned by a non-root user. When the Drive for...
CVE-2022-3421 Privilege escalation in Google Drive for Desktop on MacOS
An attacker can pre-create the /Applications/Google\ Drive.app/Contents/MacOS directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is run for the first time, it will place a binary in that directory with execute permissions and set i...
CVE-2022-3421
CVE-2022-3421 (Google Drive for Desktop on macOS) is a privilege-escalation vulnerability affecting versions prior to 64.0. An attacker can pre-create the directory /Applications/Google Drive.app/Contents/MacOS, which should be root-owned. On first install, the installer places a binary in that d...
EulerOS Virtualization 3.0.6.6 : iproute (EulerOS-SA-2022-2507)
According to the versions of the iproute package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - iproute2 before 5.1.0 has a use-after-free in getnetnsidfromname in ip/ipnetns.c. NOTE: security relevance may be limited to...
Debian DSA-5233-1 : e17 - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5233 advisory. - enlightenmentsys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames tha...
PT-2022-4899 · Unknown · Enlightenment
Name of the Vulnerable Software and Affected Versions: Enlightenment versions prior to 0.25.4 Description: The issue is related to the Enlightenment window manager's system file, specifically with the enlightenment sys component. It is setuid root and mishandles pathnames that begin with a /dev/...
CVE-2021-3020
An issue was discovered in ClusterLabs Hawk aka HA Web Konsole through 2.3.0-15. It ships the binary hawkinvoke built from tools/hawkinvoke.c, intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root with an attempt to limit this to safe...
Ubuntu: Security Advisory (USN-72-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-94-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-3020
An issue was discovered in ClusterLabs Hawk aka HA Web Konsole through 2.3.0-15. It ships the binary hawkinvoke built from tools/hawkinvoke.c, intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root with an attempt to limit this to safe...
CVE-2021-3020
Removed by vendor...
CVE-2021-3999
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd in a setuid program could use this flaw to potentially execute...
CVE-2021-3999
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd in a setuid program could use this flaw to potentially execute...
Buffer overflow
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd in a setuid program could use this flaw to potentially execute...
CVE-2021-3999
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd in a setuid program could use this flaw to potentially execute...
CVE-2021-3999
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd in a setuid program could use this flaw to potentially execute...
CVE-2021-3999
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd in a setuid program could use this flaw to potentially execute...
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-2218)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...