Lucene search
+L

36 matches found

OpenVAS
OpenVAS
added 2021/09/29 12:0 a.m.17 views

Zoom Client < 5.3.2 Privilege Escalation Vulnerability (ZSB-21004) - Windows

Zoom Client is prone to a privilege escalation vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

7.8CVSS7.9AI score0.00443EPSS
Exploits0References1
NVD
NVD
added 2021/09/27 2:15 p.m.42 views

CVE-2021-34408

The Zoom Client for Meetings for Windows in all versions before version 5.3.2 writes log files to a user writable directory as a privileged user during the installation or update of the client. This could allow for potential privilege escalation if a link was created between the user writable...

7.8CVSS0.00443EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2021/09/15 12:0 a.m.48 views

seatd-launch -- privilege escalation with SUID

Kenny Levinsen reports: seatd-launch used execlp, which reads the PATH environment variable to search for the requested executable, to execute seatd. This meant that the caller could freely control what executable was loaded by adding a user-writable directory to PATH. If seatd-launch had the SUI...

8.8CVSS2.9AI score0.01063EPSS
Exploits0References1
NVD
NVD
added 2020/07/10 7:15 p.m.31 views

CVE-2020-11081

osquery before version 4.4.0 enables a privilege escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables...

8.2CVSS0.00587EPSS
Exploits1References5
OSV
OSV
added 2020/07/10 7:15 p.m.13 views

CVE-2020-11081

osquery before version 4.4.0 enables a privilege escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables...

8.2CVSS6.8AI score
Exploits0References5
Cvelist
Cvelist
added 2020/07/10 6:45 p.m.35 views

CVE-2020-11081 osquery susceptible to DLL search order hijacking of zlib1.dll

osquery before version 4.4.0 enables a privilege escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables...

5.3CVSS8.1AI score0.00587EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2020/07/10 12:0 a.m.8 views

PT-2020-12538 · Facebook · Osquery

Name of the Vulnerable Software and Affected Versions: osquery versions prior to 4.4.0 Description: The issue allows for a privilege escalation. If a Windows system has a PATH containing a user-writable directory, a local user can create a zlib1.dll DLL that osquery will attempt to load, enabling...

8.2CVSS8.2AI score0.00587EPSS
Exploits1References9
Prion
Prion
added 2020/04/01 10:15 p.m.17 views

Design/Logic Flaw

Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process with the user's privileges to obtain root access by replacing runwithroot...

7.2CVSS7.2AI score0.00418EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2017/11/24 5:29 a.m.21 views

CVE-2017-16933

etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2USER account for creation of a link...

7CVSS7.2AI score0.00305EPSS
Exploits1References1
Prion
Prion
added 2017/11/24 5:29 a.m.22 views

Design/Logic Flaw

etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2USER account for creation of a link...

6.9CVSS7.1AI score0.00305EPSS
Exploits1References1Affected Software1
UbuntuCve
UbuntuCve
added 2017/11/24 5:29 a.m.19 views

CVE-2017-16933

etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2USER account for creation of a link...

7CVSS7.1AI score0.00305EPSS
Exploits1References2
OSV
OSV
added 2017/11/24 5:29 a.m.7 views

DEBIAN-CVE-2017-16933

etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2USER account for creation of a link...

7CVSS7.1AI score0.00305EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2017/11/24 5:0 a.m.46 views

CVE-2017-16933

etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2USER account for creation of a link...

7CVSS7.3AI score0.00305EPSS
Exploits1
Cvelist
Cvelist
added 2017/11/24 5:0 a.m.30 views

CVE-2017-16933

etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2USER account for creation of a link...

7.3AI score0.00305EPSS
Exploits1References1
Gentoo Linux
Gentoo Linux
added 2017/11/10 12:0 a.m.35 views

MariaDB, MySQL: Root privilege escalation

Background MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an enhanced, drop-in replacement for MySQL. Description The Gentoo installation scripts before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging...

7.8CVSS7.9AI score0.00366EPSS
Exploits0
Cvelist
Cvelist
added 2017/10/27 9:0 p.m.88 views

CVE-2017-15945

The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql...

7.7AI score0.00366EPSS
Exploits0References2
Rows per page
Query Builder