Lucene search
K

279 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:22 a.m.6 views

SUSE CVE-2018-18398

Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input method for file searches within File Manager, leading to an out-of-bounds read and SEGV. This could potentially be exploited by an arbitrary local user who creates files in /tmp before the victim uses this input method...

4.7CVSS4.8AI score0.00322EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:4 a.m.3 views

SUSE CVE-2020-1733

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask...

5CVSS9.1AI score0.004EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 3:41 a.m.3 views

SUSE CVE-2021-31154

pleaseedit in please before 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local attacker to gain full root privileges by staging a symlink attack...

7.8CVSS7.5AI score0.00468EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:39 a.m.5 views

SUSE CVE-2021-36983

replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to gain root privileges via a symlink attack on /tmp/replay-sorcery or /tmp/replay-sorcery/device.sock...

7.8CVSS7.7AI score0.00482EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:26 a.m.4 views

SUSE CVE-2022-29187

Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when...

7.3CVSS9.6AI score0.00441EPSS
Exploits0References22
Prion
Prion
added 2023/01/26 9:18 p.m.17 views

Command injection

An issue in ASKEY router RTF3505VW-N1 BRSVg000R3505VMN1001s327 allows attackers to escalate privileges via running the tcpdump command after placing a crafted file in the /tmp directory and sending crafted packets through port 80...

4.3CVSS7.8AI score0.00345EPSS
Exploits2References1Affected Software1
0day.today
0day.today
added 2023/01/22 12:0 a.m.424 views

ASKEY RTF3505VW-N1 Privilege Escalation Vulnerability

Exploit Title: ASKEY RTF3505VW-N1 - Privilege escalation Exploit Author: Leonardo Nicolas Servalli Vendor Homepage: www.askey.com Platform: ASKEY router devices RTF3505VW-N1 Tested on: Firmware BRSVg000R3505VMN1001s327 Vulnerability analysis:...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/01/10 12:0 a.m.5 views

PT-2023-7452 · Zyxel · Zyxel Vpn +1

Name of the Vulnerable Software and Affected Versions: Zyxel USG FLEX series firmware versions 4.50 through 5.35 Zyxel VPN series firmware versions 4.30 through 5.35 Description: A path traversal vulnerability in the account print.cgi CGI program could allow a remote authenticated attacker with...

7.9CVSS7AI score0.01033EPSS
Exploits0References7
Snyk
Snyk
added 2022/11/27 2:28 p.m.3 views

Creation of Temporary File With Insecure Permissions

Overview Affected versions of this package are vulnerable to Creation of Temporary File With Insecure Permissions. A knowledgeable local user can locate temporary files created when a scheduled file is read. While they are in use, the user will be able to read the schedule being processed by MPXJ...

3.3CVSS6.6AI score0.00208EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/11/02 12:0 a.m.25 views

EulerOS 2.0 SP10 : git (EulerOS-SA-2022-2680)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerab...

7.8CVSS7.4AI score0.00782EPSS
Exploits0References2
OSV
OSV
added 2022/07/12 9:15 p.m.3 views

DEBIAN-CVE-2022-29187

Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when...

7.8CVSS7.6AI score0.00441EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2022/06/30 12:0 a.m.8 views

The vulnerability in the LDAP Account Manager web application exists due to the lack of measures taken to neutralize special elements. This allows attackers to execute arbitrary code on the host by writing the web interface to the /lam/tmp/ directory.

The vulnerability of the LDAP Account Manager web application exists due to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the host by writing it into the web interface’s directory at /lam/tmp/...

8.8CVSS7.7AI score0.00435EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2022/06/27 9:15 p.m.24 views

CVE-2022-31087

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the tmp directory, which is accessible by /lam/tmp/, allows interpretation of .php and .php5/.php4/.phpt/etc files. An attacker capable of writing...

7.8CVSS0.00435EPSS
Exploits0References3
OSV
OSV
added 2022/06/27 8:50 p.m.19 views

CVE-2022-31087 Incorrect Default Permissions in ldap-account-manager

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the tmp directory, which is accessible by /lam/tmp/, allows interpretation of .php and .php5/.php4/.phpt/etc files. An attacker capable of writing...

7.8CVSS7.9AI score0.00435EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/06/16 12:0 a.m.5 views

PT-2022-3281 · Unknown · Ldap Account Manager

Name of the Vulnerable Software and Affected Versions: LDAP Account Manager versions prior to 8.0 Description: The issue allows an attacker to gain code execution on the host by writing a web-shell into the tmp directory, accessible via /lam/tmp/. This directory allows interpretation of .php file...

9CVSS6.7AI score0.02346EPSS
Exploits2References29
Github Security Blog
Github Security Blog
added 2022/05/05 2:48 a.m.37 views

Incorrect Default Permissions in Apache Commons FileUpload

The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack...

3.3CVSS5.4AI score0.0068EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2022/05/05 12:29 a.m.12 views

GHSA-42GQ-H7XJ-33R4 Features file injection vulnerability

File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory...

5.4CVSS5.5AI score0.0081EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/05/05 12:29 a.m.44 views

Features file injection vulnerability

File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory...

5.4CVSS3.9AI score0.0081EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/05/01 2:0 a.m.27 views

GHSA-VXF2-7RC3-PXMX Cheetah Path Search Order Hijacking

Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules before using the paths in the PYTHONPATH variable, which allows local users to execute arbitrary code via a malicious module in /tmp/...

7.2CVSS7AI score0.00433EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/01 2:0 a.m.20 views

Cheetah Path Search Order Hijacking

Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules before using the paths in the PYTHONPATH variable, which allows local users to execute arbitrary code via a malicious module in /tmp/...

7.2CVSS7.5AI score0.00433EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder