Lucene search
K

2838 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:12 a.m.3 views

SUSE CVE-2019-11244

In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir defaulting to $HOME/.kube/http-cache, written with world-writeable permissions rw-rw-rw-. If --cache-dir is specified and pointed at a different location accessible to other users/groups, the...

5CVSS4.7AI score0.00483EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:12 a.m.2 views

SUSE CVE-2019-11485

Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling...

5.3CVSS6.7AI score0.0026EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:12 a.m.3 views

SUSE CVE-2019-11753

The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the...

7CVSS8.2AI score0.00228EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2023/02/15 4:11 a.m.4 views

SUSE CVE-2019-12589

In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker...

8.8CVSS8.6AI score0.0051EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:7 a.m.2 views

SUSE CVE-2019-17365

Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable...

7.8CVSS7.6AI score0.00433EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:7 a.m.1 views

SUSE CVE-2019-18192

GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365...

7.8CVSS7.6AI score0.00344EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:56 a.m.3 views

SUSE CVE-2020-15663

If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to ...

8.8CVSS8.8AI score0.02716EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2023/02/15 3:56 a.m.3 views

SUSE CVE-2020-15708

Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code...

7.8CVSS9AI score0.00383EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2023/02/15 3:49 a.m.5 views

SUSE CVE-2021-3501

A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and...

7.8CVSS6.1AI score0.00374EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:48 a.m.3 views

SUSE CVE-2021-3701

A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private information or forcing ansible-runner to write files as the legitimate use...

6.6CVSS6.4AI score0.00264EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:48 a.m.1 views

SUSE CVE-2021-3996

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves like /tmp or mounted in a...

5.5CVSS8.2AI score0.00634EPSS
Exploits3References39
SUSE CVE
SUSE CVE
added 2023/02/15 3:47 a.m.10 views

SUSE CVE-2021-4104

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in...

6.4CVSS8.6AI score0.81147EPSS
Exploits9References24
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.6 views

SUSE CVE-2021-22926

libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the CURLOPTSSLCERT option --cert with the command line tool.When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificat...

7.5CVSS6.3AI score0.0982EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:40 a.m.4 views

SUSE CVE-2021-33026

The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage e.g., filesystem, Memcached, Redis, etc., they can construct a crafted payload, poison the...

9.8CVSS8.9AI score0.07288EPSS
Exploits3References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:38 a.m.2 views

SUSE CVE-2021-39802

In changepterange of mprotect.c , there is a possible way to make a shared mmap writable due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

7.8CVSS6.8AI score0.00145EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:36 a.m.1 views

SUSE CVE-2021-44225

In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable writable property...

8.4CVSS6.9AI score0.01159EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 3:34 a.m.3 views

SUSE CVE-2022-0959

A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write...

7.4CVSS7AI score0.00931EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:28 a.m.2 views

SUSE CVE-2022-22736

If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not world-writable by default.This bug only affects Firefox for Windows in a non-default installation...

7CVSS8.4AI score0.00244EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:27 a.m.3 views

SUSE CVE-2022-25326

fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt 0.3.3 or above and adjusting the permissions on existing fscrypt metadata directories where applicable...

5.5CVSS5.4AI score0.00129EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:27 a.m.2 views

SUSE CVE-2022-26362

x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by...

7.4CVSS6.4AI score0.00379EPSS
Exploits0References33
Rows per page
Query Builder