2832 matches found
CVE-2020-5895
On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault SIGSEGV by writing malformed...
targetcli: world writable /var/run/targetclid.sock allows unprivileged user to execute commands
A flaw was found in Linux, where the socket used by targetclid was world-writable. If a system enables the targetclid socket, a local attacker can use this flaw to modify the iSCSI configuration and escalate their privileges to root...
CVE-2020-8831
Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist this is not uncommon as /var/lock is a tmpfs, it will create the directory, otherwise it will simply continue execution using the existing...
CVE-2020-8831
Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist this is not uncommon as /var/lock is a tmpfs, it will create the directory, otherwise it will simply continue execution using the existing...
Design/Logic Flaw
Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist this is not uncommon as /var/lock is a tmpfs, it will create the directory, otherwise it will simply continue execution using the existing...
CVE-2020-8831 World writable root owned lock file created in user controllable location
Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist this is not uncommon as /var/lock is a tmpfs, it will create the directory, otherwise it will simply continue execution using the existing...
CVE-2020-8831
CVE-2020-8831 : Apport creates a world-writable lock file with root ownership in /var/lock/apport. If the directory is missing (common on tmpfs), Apport creates it; otherwise it uses the existing directory. This enables a symlink attack by placing a link at /var/lock/apport to redirect Apport’s l...
Easy MPEG To DVD Burner 1.7.11 Buffer Overflow
Exploit Title: Easy MPEG to DVD Burner 1.7.11 - Buffer Overflow SEH + DEP Date: 2020-04-15 Exploit Author: Bailey Belisario Tested On: Windows 7 Ultimate x64 Software Link: https://www.exploit-db.com/apps/32dc10d6e60ceb4d6e57052b6de3a0ba-easympegtodvd.exe Version: 1.7.11 Exploit Length: 1015 Byte...
CVE-2020-10699
A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 where the socket used by targetclid was world-writable. If a system enables the targetclid socket, a local attacker can use this flaw to modify the iSCSI configuration and escalate their privileges to root...
UBUNTU-CVE-2020-10699
A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 where the socket used by targetclid was world-writable. If a system enables the targetclid socket, a local attacker can use this flaw to modify the iSCSI configuration and escalate their privileges to root...
CVE-2020-10699
A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 where the socket used by targetclid was world-writable. If a system enables the targetclid socket, a local attacker can use this flaw to modify the iSCSI configuration and escalate their privileges to root...
Privilege Escalation
kernel is vulnerable to privilege escalation. /sys/kernel/debug/acpi/custommethod had world-writable permissions, which could allow a local, unprivileged user to escalate their privileges. Note: The debugfs file system must be mounted locally to exploit this issue. It is not mounted by default...
Privilege Escalation
kernel is vulnerable to privilege escalation. A buffer overflow flaw was found in the ecryptfsuidhash function in the Linux kernel eCryptfs implementation. On systems that have the eCryptfs netlink transport Red Hat Enterprise Linux 5 does or where the "/dev/ecryptfs" file has world writable...
Privilege Escalation
kernel is vulnerable to privilege escalation. The vulnerability exists as permission issues were found in the megaraidsas driver. The "dbglvl" and "pollmodeio" files on the sysfs file system "/sys/" had world-writable permissions. This could allow local, unprivileged users to change the behavior ...
CentOS 7 : bash (RHSA-2020:1113)
The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1113 advisory. - rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASHCMDS, thus allowing the user to execute any command with the permissions of t...
CVE-2020-10699
A flaw was found in Linux, where the socket used by targetclid was world-writable. If a system enables the targetclid socket, a local attacker can use this flaw to modify the iSCSI configuration and escalate their privileges to root. Mitigation - Do not enable targetclid, this would prevent the...
CVE-2020-8831
Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist this is not uncommon as /var/lock is a tmpfs, it will create the directory, otherwise it will simply continue execution using the existing...
UBUNTU-CVE-2020-8831
Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist this is not uncommon as /var/lock is a tmpfs, it will create the directory, otherwise it will simply continue execution using the existing...
Design/Logic Flaw
Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process with the user's privileges to obtain root access by replacing runwithroot...
RHEL 7 : bash (RHSA-2020:1113)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1113 advisory. The bash packages provide Bash Bourne-again shell, which is the default shell for Red Hat Enterprise Linux. Security Fixes: bash: BASHCMD is writable...