2839 matches found
CVE-2022-48221
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. Multiple MSI's get executed out of a standard-user writable directory. Through a race condition and OpLock manipulation, these files can be overwritten by a standard user. They then get executed by the elevated installer. This give...
Race condition
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. Multiple MSI's get executed out of a standard-user writable directory. Through a race condition and OpLock manipulation, these files can be overwritten by a standard user. They then get executed by the elevated installer. This give...
PT-2023-15618 · Acuant · Acuant Acufill Sdk
Name of the Vulnerable Software and Affected Versions: Acuant AcuFill SDK versions prior to 10.22.02.03 Description: The issue allows a standard user to elevate privileges to full SYSTEM code execution. This is achieved through a race condition and OpLock manipulation, enabling a standard user to...
Acuant AcuFill SDK 竞争条件问题漏洞
Acuant AcuFill SDK is a data capture technology from the American company Acuant. All major data fields can be extracted from a document. A security vulnerability exists in Acuant AcuFill SDK that originates from multiple MSIs executing from a standard user writable directory. These files can be...
GHSA-M8CG-XC2P-R3FC rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc
Impact It was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup namespace to be unshared e.g.., docker|podman|nerdctl run --cgroupns=host, with Rootless...
rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc
Impact It was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup namespace to be unshared e.g.., docker|podman|nerdctl run --cgroupns=host, with Rootless...
CVE-2023-25809 rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc
runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup...
CVE-2023-25809 rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc
runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup...
Cloudflare cloudflared 后置链接漏洞
Cloudflare cloudflared is a cloud server security management platform from American company Cloudflare. The platform provides firewall analysis, cache control, role-based access, and more. A security vulnerability exists in Cloudflare cloudflared Windows 32-bit version 2023.3.0 and earlier, which...
PT-2023-16886 · Cloudflare · Cloudflared
Name of the Vulnerable Software and Affected Versions: cloudflared versions = 2023.3.0 Description: A vulnerability has been discovered in cloudflared's installer for Windows 32-bits devices that allows a local attacker with no administrative permissions to escalate their privileges on the affect...
CVE-2021-33639
REMAP cmd of SVM driver can be used to remap read only memory as read-write, then cause read only memory/file modified...
PT-2023-19310 · Microsoft · Azure/Setup-Kubectl
Name of the Vulnerable Software and Affected Versions: Azure/setup-kubectl versions prior to 3 Description: The issue arises from an insecure temporary creation of a file, allowing other actors on the Actions runner to replace the Kubectl binary created by this action because it is world writable...
SUSE CVE-2003-0150
MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf...
SUSE CVE-2005-1152
popauth.c in qpopper 4.0.5 and earlier does not properly set the umask, which may cause qpopper to create files with group or world-writable permissions...
SUSE CVE-2005-3321
chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use weaker permissions...
SUSE CVE-2006-4124
The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUGFILE environment variable, which is used to create world-writable files when libXm is run from a setuid program...
SUSE CVE-2007-3100
usr/log.c in iscsid in open-iscsi iscsi-initiator-utils before 2.0-865 uses a semaphore with insecure permissions world-writable/world-readable for managing log messages using shared memory, which allows local users to cause a denial of service hang by grabbing the semaphore...
SUSE CVE-2007-6200
Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, excludefrom, and filter and read or write hidden files via 1 symlink, 2 partial-dir, 3 backup-dir, and unspecified 4 dest options...
SUSE CVE-2007-6199
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy...
SUSE CVE-2009-0115
The Device Mapper multipathing driver aka multipath-tools or device-mapper-multipath 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server SLES, Fedora, and possibly other operating systems, uses world-writable permissions for the socket file aka /var/run/multipathd.sock, which allows loc...