Linux Distros Unpatched Vulnerability : CVE-2020-27216

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's...

PT-2025-23640

Name of the Vulnerable Software and Affected Versions Jupyter Core versions prior to 5.8.0 Description The issue affects Jupyter Core on Windows, where the shared %PROGRAMDATA% directory is searched for configuration files, potentially allowing users to create files that impact other users. This ...

A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.

...

USN-6899-1: GTK vulnerability

It was discovered that GTK would attempt to load modules from the current directory, contrary to expectations. If users started GTK applications from shared directories, a local attacker could use this issue to execute arbitrary code, and possibly escalate privileges...

AZL-10763 CVE-2022-0358 affecting package qemu for versions less than 6.2.0-5

A flaw was found in the QEMU virtio-fs shared file system daemon virtiofsd implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certa...

CVE-2022-0358

A flaw was found in the QEMU virtio-fs shared file system daemon virtiofsd implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certa...

workflow-cps: OS command execution through crafted SCM contents

A flaw was found in Jenkins. The Pipeline: Groovy Plugin uses the same checkout directories for distinct SCMs when reading the script file typically Jenkinsfile for Pipelines. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through craft...

QEMU: virtiofsd: potential privilege escalation via CVE-2018-13405

A flaw was found in the QEMU virtio-fs shared file system daemon virtiofsd implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certa...

QEMU: virtiofsd: potential privilege escalation via CVE-2018-13405

A flaw was found in the QEMU virtio-fs shared file system daemon virtiofsd implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certa...

Windows 7 may insecurely load Dynamic Link Libraries

Overview In standard DLL files provided by Windows 7, there are some DLL files read from the same directory where the program resides when executing the program CWE-427. Microsoft states that the root cause of this vulnerability is "Application Directory App Dir DLL planting", thus there is no pl...

Ubuntu 14.04 LTS : python-dbusmock vulnerability (USN-2618-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2618-1 advisory. It was discovered that python-dbusmock incorrectly handled template loading from shared directories. A local attacker could possibly use this issue to execute...

USN-2618-1 python-dbusmock vulnerability

It was discovered that python-dbusmock incorrectly handled template loading from shared directories. A local attacker could possibly use this issue to execute arbitrary code...

USN-2618-1: python-dbusmock vulnerability

It was discovered that python-dbusmock incorrectly handled template loading from shared directories. A local attacker could possibly use this issue to execute arbitrary code...

0A29-14-1 : NCCGroup EasyDA privilege escalation & credential disclosure vulnerability [0day]

...................................... / / | | / / / / / | |/ / / / / / / ^ / / / // | / / / / || / ...................................... 0A29-14-1 : NCCGroup EasyDA privilege escalation & credential disclosure vulnerability 0day Author: 0a29406d9794e4f9b30b3c5d6702c708 twitter.com/0a29 -...

FreeBSD : globus -- Multiple tmpfile races (5039ae61-2c9f-11db-8401-000ae42e9b93)

The Globus Alliance reports : The proxy generation tool grid-proxy-init creates the file, secures the file to provide access only to owner and writes proxy to the file. A race condition exists between the opening of the proxy credentials file, and making sure it is safe file to write to. The chec...