Lucene search
K

2832 matches found

NVD
NVD
added 2021/04/21 10:15 p.m.13 views

CVE-2020-27568

Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Several world writable files and directories were found in the controller resource. Note: All Aviatrix appliances are fully encrypted. This is an extra layer of security...

7.5CVSS0.01561EPSS
Exploits0References1
OSV
OSV
added 2021/04/21 10:15 p.m.5 views

CVE-2020-27568

Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Several world writable files and directories were found in the controller resource. Note: All Aviatrix appliances are fully encrypted. This is an extra layer of security...

7.5CVSS5.7AI score0.01561EPSS
Exploits0References1
OSV
OSV
added 2021/04/21 10:15 p.m.14 views

CVE-2020-27569

Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system...

7.5CVSS7AI score
Exploits0References1
OSV
OSV
added 2021/04/21 10:15 p.m.3 views

ALPINE-CVE-2020-27569

Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system...

7.5CVSS7.1AI score0.009EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2021/04/21 9:23 p.m.51 views

CVE-2020-27569

Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system...

7.5CVSS7.9AI score0.009EPSS
Exploits0
Cvelist
Cvelist
added 2021/04/21 9:16 p.m.13 views

CVE-2020-27568

Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Several world writable files and directories were found in the controller resource. Note: All Aviatrix appliances are fully encrypted. This is an extra layer of security...

7.7AI score0.01561EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2021/04/19 10:52 a.m.7 views

mariadb: writable system variables allows a database user with SUPER privilege to execute arbitrary code as the system mysql user

A vulnerability was found in mariadb and in the mysql wsrep patch that allows remote code execution. A user with SUPER privileges could execute arbitrary shell commands in the context of the mariadb server process...

9CVSS8AI score0.38179EPSS
Exploits9References8
OSV
OSV
added 2021/04/19 9:38 a.m.37 views

RLSA-2021:1242 Important: mariadb:10.3 and mariadb-devel:10.3 security update

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb 10.3.28, galera 25.3.32. Security Fixes: mariadb: writable system variables allows a database user with SUPER privilege ...

7.2CVSS7.8AI score0.38179EPSS
Exploits9References2
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.19 views

SUSE: Security Advisory (SUSE-SU-2016:2476-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS6AI score0.00855EPSS
Exploits1References14
Veracode
Veracode
added 2021/04/11 8:34 p.m.22 views

Privilege Escalation

bullseye is vulnerable to privilege escalation.The attack consists in having an unprivileged user spawn a build process, for instance with guix build, that makes its build directory world-writable. The user then creates a hardlink to a root-owned file such as /etc/shadow in that build directory. ...

5.5CVSS1.2AI score0.00334EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2021/03/30 2:17 p.m.129 views

Important: Red Hat Security Advisory: mariadb security update

An update for mariadb is now available for Red Hat OpenStack Platform 13 Queens. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9CVSS7.5AI score0.38179EPSS
Exploits9References2
OSV
OSV
added 2021/03/26 8:15 a.m.3 views

CVE-2021-28249

CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the FtpCollector executable is ru...

8.8CVSS5.8AI score0.00415EPSS
Exploits1References1
OSV
OSV
added 2021/03/26 8:15 a.m.4 views

CVE-2021-28246

CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The code in the library will be...

7.8CVSS7.1AI score0.00393EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2021/03/26 12:0 a.m.4 views

PT-2021-17834 · Ca · Ca Ehealth Performance Manager

Name of the Vulnerable Software and Affected Versions: CA eHealth Performance Manager versions 6.3.2.12 and earlier Description: The issue allows for privilege escalation via a dynamically linked shared object library. To exploit this, the ehealth user must create a malicious library in the...

8.8CVSS7.4AI score0.00415EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2021/03/26 12:0 a.m.7 views

PT-2021-17831 · Ca · Ca Ehealth Performance Manager

Name of the Vulnerable Software and Affected Versions: CA eHealth Performance Manager versions through 6.3.2.12 Description: The issue is related to Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user can create a malicious library in the writable RPATH, which will...

7.8CVSS7AI score0.00393EPSS
Exploits1References5
OSV
OSV
added 2021/03/15 9:31 p.m.2 views

USN-4804-1 puppet vulnerabilities

It was discovered that Puppet installed modules with world writable permissions. An attacker could use this vulnerability to execute arbitrary code or cause a denial of service. CVE-2017-10689 It was discovered that Puppet could be used to force YAML deserialization in an unsafe manner. A remote...

8.2CVSS6.8AI score0.02375EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2021/03/15 12:0 a.m.389 views

Windows Server 2012 SrClient DLL Hijacking

class MetasploitModule 'Windows Server 2012 SrClient DLL hijacking', 'Description' = %q All editions of Windows Server 2012 but not 2012 R2 are vulnerable to DLL hijacking due to the way TiWorker.exe will try to call the non-existent SrClient.dll file when Windows Update checks for updates. This...

0.2AI score
Exploits0
OSV
OSV
added 2021/03/05 11:2 a.m.3 views

OESA-2021-1084 kata-containers security update

This is core component of Kata Container, to make it work, you need a isulad/docker engine. Security Fixes: An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as...

7.1CVSS6.8AI score0.00368EPSS
Exploits0References2
NVD
NVD
added 2021/03/02 1:15 a.m.16 views

CVE-2021-27804

JPEG XL aka jpeg-xl through 0.3.2 allows writable memory corruption...

9.8CVSS0.03989EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/02/03 12:0 a.m.6 views

SolarWinds Serv-U FTP Server Authorization Issues Vulnerability

SolarWinds Serv-U FTP Server is a suite of FTP and MFT file transfer software from the US-based SolarWinds Corporation. A security vulnerability exists in SolarWinds Serv-U before 15.2.2 Hotfix 1, which stems from a directory containing a user configuration file which includes a user's password...

7.1CVSS7.2AI score0.00468EPSS
Exploits1References2
Rows per page
Query Builder