Lucene search
K

2839 matches found

OSV
OSV
added 2023/04/04 3:15 p.m.4 views

CVE-2022-48221

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. Multiple MSI's get executed out of a standard-user writable directory. Through a race condition and OpLock manipulation, these files can be overwritten by a standard user. They then get executed by the elevated installer. This give...

7.5CVSS6.1AI score0.00507EPSS
Exploits0References2
Prion
Prion
added 2023/04/04 3:15 p.m.18 views

Race condition

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. Multiple MSI's get executed out of a standard-user writable directory. Through a race condition and OpLock manipulation, these files can be overwritten by a standard user. They then get executed by the elevated installer. This give...

4.6CVSS7.8AI score0.00507EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/04 12:0 a.m.4 views

PT-2023-15618 · Acuant · Acuant Acufill Sdk

Name of the Vulnerable Software and Affected Versions: Acuant AcuFill SDK versions prior to 10.22.02.03 Description: The issue allows a standard user to elevate privileges to full SYSTEM code execution. This is achieved through a race condition and OpLock manipulation, enabling a standard user to...

7.5CVSS7.7AI score0.00507EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/04/04 12:0 a.m.3 views

Acuant AcuFill SDK 竞争条件问题漏洞

Acuant AcuFill SDK is a data capture technology from the American company Acuant. All major data fields can be extracted from a document. A security vulnerability exists in Acuant AcuFill SDK that originates from multiple MSIs executing from a standard user writable directory. These files can be...

7.5CVSS7.3AI score0.00507EPSS
Exploits0References3
OSV
OSV
added 2023/03/30 8:17 p.m.41 views

GHSA-M8CG-XC2P-R3FC rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc

Impact It was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup namespace to be unshared e.g.., docker|podman|nerdctl run --cgroupns=host, with Rootless...

2.5CVSS6.5AI score0.00327EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2023/03/30 8:17 p.m.86 views

rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc

Impact It was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup namespace to be unshared e.g.., docker|podman|nerdctl run --cgroupns=host, with Rootless...

6.3CVSS6.5AI score0.00327EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2023/03/29 6:22 p.m.34 views

CVE-2023-25809 rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc

runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup...

5CVSS7.2AI score0.00327EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/03/29 6:22 p.m.3 views

CVE-2023-25809 rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc

runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup...

5CVSS7AI score0.00327EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/03/21 12:0 a.m.21 views

Cloudflare cloudflared 后置链接漏洞

Cloudflare cloudflared is a cloud server security management platform from American company Cloudflare. The platform provides firewall analysis, cache control, role-based access, and more. A security vulnerability exists in Cloudflare cloudflared Windows 32-bit version 2023.3.0 and earlier, which...

7.8CVSS7.3AI score0.00259EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/03/21 12:0 a.m.11 views

PT-2023-16886 · Cloudflare · Cloudflared

Name of the Vulnerable Software and Affected Versions: cloudflared versions = 2023.3.0 Description: A vulnerability has been discovered in cloudflared's installer for Windows 32-bits devices that allows a local attacker with no administrative permissions to escalate their privileges on the affect...

7.8CVSS7.3AI score0.00259EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2023/03/08 12:0 a.m.6 views

CVE-2021-33639

REMAP cmd of SVM driver can be used to remap read only memory as read-write, then cause read only memory/file modified...

7.5AI score0.00486EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/03/06 12:0 a.m.7 views

PT-2023-19310 · Microsoft · Azure/Setup-Kubectl

Name of the Vulnerable Software and Affected Versions: Azure/setup-kubectl versions prior to 3 Description: The issue arises from an insecure temporary creation of a file, allowing other actors on the Actions runner to replace the Kubectl binary created by this action because it is world writable...

7CVSS7AI score0.00362EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.4 views

SUSE CVE-2003-0150

MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf...

9CVSS7AI score0.44831EPSS
Exploits4References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:18 a.m.4 views

SUSE CVE-2005-1152

popauth.c in qpopper 4.0.5 and earlier does not properly set the umask, which may cause qpopper to create files with group or world-writable permissions...

2.1CVSS6.9AI score0.00367EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:17 a.m.3 views

SUSE CVE-2005-3321

chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use weaker permissions...

4.6CVSS6.5AI score0.00401EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:14 a.m.4 views

SUSE CVE-2006-4124

The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUGFILE environment variable, which is used to create world-writable files when libXm is run from a setuid program...

4.6CVSS7AI score0.00449EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:11 a.m.4 views

SUSE CVE-2007-3100

usr/log.c in iscsid in open-iscsi iscsi-initiator-utils before 2.0-865 uses a semaphore with insecure permissions world-writable/world-readable for managing log messages using shared memory, which allows local users to cause a denial of service hang by grabbing the semaphore...

2.1CVSS6.4AI score0.00384EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:10 a.m.3 views

SUSE CVE-2007-6200

Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, excludefrom, and filter and read or write hidden files via 1 symlink, 2 partial-dir, 3 backup-dir, and unspecified 4 dest options...

10CVSS7AI score0.05442EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:10 a.m.4 views

SUSE CVE-2007-6199

rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy...

9.3CVSS7AI score0.04136EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:5 a.m.4 views

SUSE CVE-2009-0115

The Device Mapper multipathing driver aka multipath-tools or device-mapper-multipath 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server SLES, Fedora, and possibly other operating systems, uses world-writable permissions for the socket file aka /var/run/multipathd.sock, which allows loc...

7.8CVSS7AI score0.00494EPSS
Exploits1References5
Rows per page
Query Builder