2832 matches found
CVE-2020-27568
Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Several world writable files and directories were found in the controller resource. Note: All Aviatrix appliances are fully encrypted. This is an extra layer of security...
CVE-2020-27568
Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Several world writable files and directories were found in the controller resource. Note: All Aviatrix appliances are fully encrypted. This is an extra layer of security...
CVE-2020-27569
Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system...
ALPINE-CVE-2020-27569
Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system...
CVE-2020-27569
Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system...
CVE-2020-27568
Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Several world writable files and directories were found in the controller resource. Note: All Aviatrix appliances are fully encrypted. This is an extra layer of security...
mariadb: writable system variables allows a database user with SUPER privilege to execute arbitrary code as the system mysql user
A vulnerability was found in mariadb and in the mysql wsrep patch that allows remote code execution. A user with SUPER privileges could execute arbitrary shell commands in the context of the mariadb server process...
RLSA-2021:1242 Important: mariadb:10.3 and mariadb-devel:10.3 security update
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb 10.3.28, galera 25.3.32. Security Fixes: mariadb: writable system variables allows a database user with SUPER privilege ...
SUSE: Security Advisory (SUSE-SU-2016:2476-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Privilege Escalation
bullseye is vulnerable to privilege escalation.The attack consists in having an unprivileged user spawn a build process, for instance with guix build, that makes its build directory world-writable. The user then creates a hardlink to a root-owned file such as /etc/shadow in that build directory. ...
Important: Red Hat Security Advisory: mariadb security update
An update for mariadb is now available for Red Hat OpenStack Platform 13 Queens. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2021-28249
CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the FtpCollector executable is ru...
CVE-2021-28246
CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The code in the library will be...
PT-2021-17834 · Ca · Ca Ehealth Performance Manager
Name of the Vulnerable Software and Affected Versions: CA eHealth Performance Manager versions 6.3.2.12 and earlier Description: The issue allows for privilege escalation via a dynamically linked shared object library. To exploit this, the ehealth user must create a malicious library in the...
PT-2021-17831 · Ca · Ca Ehealth Performance Manager
Name of the Vulnerable Software and Affected Versions: CA eHealth Performance Manager versions through 6.3.2.12 Description: The issue is related to Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user can create a malicious library in the writable RPATH, which will...
USN-4804-1 puppet vulnerabilities
It was discovered that Puppet installed modules with world writable permissions. An attacker could use this vulnerability to execute arbitrary code or cause a denial of service. CVE-2017-10689 It was discovered that Puppet could be used to force YAML deserialization in an unsafe manner. A remote...
Windows Server 2012 SrClient DLL Hijacking
class MetasploitModule 'Windows Server 2012 SrClient DLL hijacking', 'Description' = %q All editions of Windows Server 2012 but not 2012 R2 are vulnerable to DLL hijacking due to the way TiWorker.exe will try to call the non-existent SrClient.dll file when Windows Update checks for updates. This...
OESA-2021-1084 kata-containers security update
This is core component of Kata Container, to make it work, you need a isulad/docker engine. Security Fixes: An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as...
CVE-2021-27804
JPEG XL aka jpeg-xl through 0.3.2 allows writable memory corruption...
SolarWinds Serv-U FTP Server Authorization Issues Vulnerability
SolarWinds Serv-U FTP Server is a suite of FTP and MFT file transfer software from the US-based SolarWinds Corporation. A security vulnerability exists in SolarWinds Serv-U before 15.2.2 Hotfix 1, which stems from a directory containing a user configuration file which includes a user's password...