Lucene search
K

2832 matches found

Tenable Nessus
Tenable Nessus
added 2020/09/22 12:0 a.m.26 views

openSUSE Security Update : singularity (openSUSE-2020-1497)

This update for singularity fixes the following issues : New version 3.6.3, addresses the following security issues : - CVE-2020-25039, boo1176705 When a Singularity action command run, shell, exec is run with the fakeroot or user namespace option, Singularity will extract a container image to a...

8.8CVSS8.2AI score0.0204EPSS
Exploits0References4
OSV
OSV
added 2020/09/18 6:15 p.m.3 views

CVE-2020-3979

InstallBuilder for Qt Windows versions prior to 20.7.0 installers look for plugins at a predictable location at initialization time, writable by non-admin users. While those plugins are not required, they are loaded if present, which could allow an attacker to plant a malicious library which coul...

7.8CVSS7.5AI score0.00376EPSS
Exploits0References1
Hacker One
Hacker One
added 2020/09/14 6:26 p.m.41 views

Concrete CMS: Fetching the update json scheme from concrete5 over HTTP leads to remote code execution

Hi, I noticed that concrete5 fetches the update JSON scheme from www.concrete5.org over HTTP. The fetched json defines the download URL, so we can simply tamper with this JSON in order to make the update URL point to a server controlled by us. Combining this with the possibility to set an arbitra...

6.5CVSS7.3AI score0.02011EPSS
Exploits0
Prion
Prion
added 2020/09/04 12:15 p.m.24 views

Code injection

Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could pla...

4.4CVSS7.4AI score0.00529EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/09/01 7:15 p.m.12 views

CVE-2020-24559

A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as roo...

7.8CVSS7.7AI score0.00787EPSS
Exploits0References3
OSV
OSV
added 2020/09/01 7:15 p.m.6 views

CVE-2020-24559

A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as roo...

7.8CVSS6.2AI score0.00787EPSS
Exploits0References3
Mageia
Mageia
added 2020/08/31 11:58 p.m.25 views

Updated hylafax+ packages fix security vulnerabilities

In HylaFAX+ through 7.0.2, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root CVE-2020-15396. HylaFAX+ through 7.0.2 has scripts that execute binaries from directories writable by unprivileged...

7.8CVSS4.2AI score0.00538EPSS
Exploits2References3
Veracode
Veracode
added 2020/08/06 9:34 p.m.23 views

Arbitrary Code Execution

hylafaxplus is vulnerable to arbitrary code execution. The vulnerability exists as HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users e.g., locations under /var/spool/hylafax that are writable by the uucp account. This...

7.8CVSS4.4AI score0.00538EPSS
Exploits1References11Affected Software1
OSV
OSV
added 2020/08/04 5:0 p.m.5 views

UBUNTU-CVE-2020-15708

Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code...

9.3CVSS7.3AI score0.00383EPSS
Exploits0References3
0day.today
0day.today
added 2020/08/01 12:0 a.m.344 views

FreeBSD ip6_setpktopt Use-After-Free Privilege Escalation Exploit

This Metasploit module exploits a race and use-after-free vulnerability in the FreeBSD kernel IPv6 socket handling. A missing synchronization lock in the IPV62292PKTOPTIONS option handling in setsockopt permits racing ip6setpktopt access to a freed ip6pktopts struct. This exploit overwrites the...

8.1CVSS7.9AI score0.32978EPSS
Exploits4
Hacker One
Hacker One
added 2020/07/12 7:45 p.m.14 views

GlassWire: Uncontrolled Search Path Element allows DLL hijacking for priv esc to SYSTEM

GlassWire contains a DLL hijacking vulnerability that could allow an authenticated attacker to execute arbitrary code on the targeted system. The vulnerability exists due to GlassWire loading DLL files from the PATH environment variable without verification. The machine should have at least one...

1.4AI score
Exploits0
NVD
NVD
added 2020/07/10 7:15 p.m.15 views

CVE-2020-11081

osquery before version 4.4.0 enables a privilege escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables...

8.2CVSS0.00587EPSS
Exploits1References5
OSV
OSV
added 2020/07/10 7:15 p.m.12 views

CVE-2020-11081

osquery before version 4.4.0 enables a privilege escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables...

8.2CVSS6.8AI score
Exploits0References5
Cvelist
Cvelist
added 2020/07/10 6:45 p.m.24 views

CVE-2020-11081 osquery susceptible to DLL search order hijacking of zlib1.dll

osquery before version 4.4.0 enables a privilege escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables...

5.3CVSS8.1AI score0.00587EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2020/07/10 12:0 a.m.4 views

PT-2020-12538 · Facebook · Osquery

Name of the Vulnerable Software and Affected Versions: osquery versions prior to 4.4.0 Description: The issue allows for a privilege escalation. If a Windows system has a PATH containing a user-writable directory, a local user can create a zlib1.dll DLL that osquery will attempt to load, enabling...

8.2CVSS8.2AI score0.00587EPSS
Exploits1References9
OSV
OSV
added 2020/06/30 12:15 p.m.2 views

ALPINE-CVE-2020-15397

HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users e.g., locations under /var/spool/hylafax that are writable by the uucp account. This allows these users to execute code in the context of the user calling these binarie...

7.8CVSS7.4AI score0.00538EPSS
Exploits1References1
OSV
OSV
added 2020/06/30 12:15 p.m.3 views

UBUNTU-CVE-2020-15397

HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users e.g., locations under /var/spool/hylafax that are writable by the uucp account. This allows these users to execute code in the context of the user calling these binarie...

7.8CVSS6AI score0.00538EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2020/06/30 12:15 p.m.25 views

CVE-2020-15397

HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users e.g., locations under /var/spool/hylafax that are writable by the uucp account. This allows these users to execute code in the context of the user calling these binarie...

7.8CVSS7.3AI score0.00538EPSS
Exploits1References2
OSV
OSV
added 2020/06/07 9:15 p.m.2 views

CVE-2020-13912

SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users to gain privileges via a Trojan horse .exe file, because everyone can write to a certain .exe file...

7.3CVSS5.8AI score0.01053EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/05/11 12:0 a.m.37 views

Oracle Linux 8 : targetcli (ELSA-2020-1933)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2020-1933 advisory. 2.1.51-4 - Increase the release version 2.1.51-3 - targetclid.sock allows unprivileged user to execute commands 2.1.51-2 - Create the target/pr directory when...

7.8CVSS7.5AI score0.00348EPSS
Exploits0References2
Rows per page
Query Builder