Lucene search
K

2834 matches found

curl security advisories
curl security advisories
added 2021/07/21 8:0 a.m.9 views

CURLOPT_SSLCERT mix-up with Secure Transport

libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the CURLOPTSSLCERT option --cert with the command line tool. When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certifica...

7.5CVSS6.2AI score0.0982EPSS
Exploits1References1Affected Software2
Positive Technologies
Positive Technologies
added 2021/07/21 12:0 a.m.4 views

PT-2021-15278 · Mysql Server +2 · Mysql Server +2

Name of the Vulnerable Software and Affected Versions: libcurl versions prior to 7.77.0 MySQL Server versions 5.7.35 and earlier, 8.0.26 and earlier Description: The issue arises when libcurl-using applications request a specific client certificate for a transfer using the CURLOPT SSLCERT option...

10CVSS7.3AI score0.87816EPSS
Exploits22References439
NVD
NVD
added 2021/06/11 3:15 p.m.10 views

CVE-2021-25415

Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable...

5.5CVSS0.00149EPSS
Exploits0References1
OSV
OSV
added 2021/06/11 3:15 p.m.2 views

CVE-2021-25415

Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable...

5.5CVSS6.1AI score0.00149EPSS
Exploits0References1
OSV
OSV
added 2021/06/09 3:15 p.m.1 views

CVE-2020-27384

The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice. The vulnerability exist due to the improper permissions, with the 'F' flag...

7.8CVSS7.1AI score0.0032EPSS
Exploits1References1
Prion
Prion
added 2021/06/09 3:15 p.m.12 views

Privilege escalation

The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice. The vulnerability exist due to the improper permissions, with the 'F' flag...

4.6CVSS7.5AI score0.0032EPSS
Exploits1References1Affected Software1
PyPA
PyPA
added 2021/06/09 12:15 p.m.5 views

PYSEC-2021-126

A flaw was found in Ansible if an ansible user sets ANSIBLEASYNCDIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async...

6.5AI score
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/06/09 12:0 a.m.7 views

PT-2021-20890 · Red Hat · Ansible Automation Platform +2

Name of the Vulnerable Software and Affected Versions: Ansible Tower version 3.7 Ansible Automation Platform version 1.2 Description: A flaw was found in Ansible related to the setting of the ANSIBLE ASYNC DIR variable to a subdirectory of a world-writable directory, leading to a race condition o...

2.5CVSS7.3AI score
Exploits0References6
OSV
OSV
added 2021/05/13 11:15 p.m.2 views

UBUNTU-CVE-2021-33026

DISPUTED The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage e.g., filesystem, Memcached, Redis, etc., they can construct a crafted payload,...

9.8CVSS7.9AI score0.07288EPSS
Exploits3References3
Github Security Blog
Github Security Blog
added 2021/05/10 2:53 p.m.61 views

Insecure path handling in Bundler

Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could pla...

7.8CVSS7.5AI score0.00529EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2021/05/10 2:53 p.m.27 views

GHSA-G98M-96G9-WFJQ Insecure path handling in Bundler

Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could pla...

7CVSS7.5AI score0.00529EPSS
Exploits0References7
CNNVD
CNNVD
added 2021/05/10 12:0 a.m.3 views

Red Hat Ansible 竞争条件问题漏洞

Red Hat Ansible is a computer system configuration manager from Red Hat, an American company. The product can be used to distribute, manage, and orchestrate computer systems. A competitive conditions issue vulnerability exists in Red Hat Ansible. The vulnerability stems from an Ansible user setti...

7.3AI score
Exploits0References4
OSV
OSV
added 2021/05/01 12:0 a.m.9 views

ASB-A-174259860

In kbasememfromuserbuffer of malikbasememlinux.c, there is a possible remapping of shared read-only memory as write-able due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

9CVSS7.3AI score0.12084EPSS
Exploits2References1
0day.today
0day.today
added 2021/04/30 12:0 a.m.33 views

Microsoft Windows UAC Privilege Escalation Vulnerability

Hi @ll, Microsoft still ships Windows with and lets it create user-writable directories below the "Windows" directory %SystemRoot%\ -- despite that, with exception of %SystemRoot%\Temp, they are all used to store DATA and SHOULD have been placed below %ProgramData% alias %SystemDrive%\ProgramData...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/30 12:0 a.m.733 views

Microsoft Windows UAC Privilege Escalation

Hi @ll, Microsoft still ships Windows with and lets it create user-writable directories below the "Windows" directory %SystemRoot%\ -- despite that, with exception of %SystemRoot%\Temp, they are all used to store DATA and SHOULD have been placed below %ProgramData% alias %SystemDrive%\ProgramData...

0.4AI score
Exploits0
NVD
NVD
added 2021/04/26 4:15 p.m.12 views

CVE-2021-27851

A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with guix build, that makes its build...

5.5CVSS0.00334EPSS
Exploits0References2
OSV
OSV
added 2021/04/26 4:15 p.m.4 views

DEBIAN-CVE-2021-27851

A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with guix build, that makes its build...

5.5CVSS5.5AI score0.00334EPSS
Exploits0References1
OSV
OSV
added 2021/04/26 4:15 p.m.8 views

CVE-2021-27851

A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with guix build, that makes its build...

5.5CVSS6.9AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2021/04/26 4:15 p.m.23 views

CVE-2021-27851

A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with guix build, that makes its build...

5.5CVSS6AI score0.00334EPSS
Exploits0References4
OSV
OSV
added 2021/04/26 4:15 p.m.1 views

UBUNTU-CVE-2021-27851

A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with guix build, that makes its build...

5.5CVSS5.9AI score0.00334EPSS
Exploits0References5
Rows per page
Query Builder