Lucene search
K

2838 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:19 a.m.4 views

SUSE CVE-2015-3248

openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory, which allows local users, when quotas are not properly setup, to fill the filesystem hosting /var/lib and cause a denial of service disk consumption...

4.7CVSS6.5AI score0.00452EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:15 a.m.5 views

SUSE CVE-2015-6565

sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service terminal disruption or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence...

7.2CVSS8.4AI score0.02605EPSS
Exploits4References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:8 a.m.5 views

SUSE CVE-2016-1233

An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an...

7.8CVSS7.1AI score0.00369EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:8 a.m.5 views

SUSE CVE-2016-1575

The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory...

7.8CVSS8.6AI score0.00923EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:5 a.m.6 views

SUSE CVE-2016-2854

The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory...

7.8CVSS6.8AI score0.0095EPSS
Exploits3References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:54 a.m.2 views

SUSE CVE-2016-10156

A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229...

7.8CVSS6.7AI score0.01213EPSS
Exploits4References24
SUSE CVE
SUSE CVE
added 2023/02/15 4:53 a.m.5 views

SUSE CVE-2017-1085

In FreeBSD before 11.2-RELEASE, an application which calls setrlimit to increase RLIMITSTACK may turn a read-only memory region below the stack into a read-write region. A specially crafted executable could be exploited to execute arbitrary code in the user context...

7.8CVSS7.7AI score0.0185EPSS
Exploits4References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:50 a.m.4 views

SUSE CVE-2017-5397

The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to replace files used by Firefox with their own...

10CVSS8.5AI score0.03246EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:47 a.m.4 views

SUSE CVE-2017-7494

Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it...

8.8CVSS10AI score0.99448EPSS
Exploits24References14
SUSE CVE
SUSE CVE
added 2023/02/15 4:47 a.m.2 views

SUSE CVE-2017-7560

It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes...

5.5CVSS6.7AI score0.00252EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:47 a.m.1 views

SUSE CVE-2017-7761

The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users. When this is combined with creation of a junction a form of symbolic link, protected files in the target directory of the junction can be deleted by the Mozilla Maintenance...

5.5CVSS6AI score0.00311EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 4:44 a.m.4 views

SUSE CVE-2017-9780

In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the...

7.8CVSS6.6AI score0.00355EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:43 a.m.4 views

SUSE CVE-2017-10689

In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability...

5CVSS8.9AI score0.00363EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:37 a.m.4 views

SUSE CVE-2017-16933

etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2USER account for creation of a link...

7CVSS7AI score0.00305EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:24 a.m.3 views

SUSE CVE-2018-16588

Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 SLE-12 and through 4.5-5.39 for SUSE Linux Enterprise 15 SLE-15. Non-existing intermediate directories are created with mode 0777 durin...

6.6CVSS7AI score0.00301EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:23 a.m.2 views

SUSE CVE-2018-17183

Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code...

8.1CVSS7AI score0.01829EPSS
Exploits0References21
SUSE CVE
SUSE CVE
added 2023/02/15 4:19 a.m.2 views

SUSE CVE-2019-1552

OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versio...

3.3CVSS6.1AI score0.00678EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:19 a.m.4 views

SUSE CVE-2019-2182

In the Android kernel in the kernel MMU code there is a possible execution path leaving some kernel text and rodata pages writable. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.8AI score0.00217EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:17 a.m.3 views

SUSE CVE-2019-3870

A vulnerability was found in Samba from version including 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner root only access. However in some...

6.1CVSS9.1AI score0.00552EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:16 a.m.3 views

SUSE CVE-2019-6465

Controls for zone transfers may not be properly applied to Dynamically Loadable Zones DLZs if the zones are writable Versions affected: BIND 9.9.0 - 9.10.8-P1, 9.11.0 - 9.11.5-P2, 9.12.0 - 9.12.3-P2, and versions 9.9.3-S1 - 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 - 9.13.6 o...

5.3CVSS7.7AI score0.037EPSS
Exploits0References12
Rows per page
Query Builder