Lucene search
K

2832 matches found

Cvelist
Cvelist
added 2019/10/09 9:19 p.m.18 views

CVE-2019-17365

Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable...

7.7AI score0.00433EPSS
Exploits1References3
OSV
OSV
added 2019/10/09 4:15 p.m.2 views

ALPINE-CVE-2019-6465

Controls for zone transfers may not be properly applied to Dynamically Loadable Zones DLZs if the zones are writable Versions affected: BIND 9.9.0 - 9.10.8-P1, 9.11.0 - 9.11.5-P2, 9.12.0 - 9.12.3-P2, and versions 9.9.3-S1 - 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 - 9.13.6 o...

5.3CVSS6.8AI score0.037EPSS
Exploits0References1
OSV
OSV
added 2019/10/09 4:15 p.m.1 views

DEBIAN-CVE-2019-6465

Controls for zone transfers may not be properly applied to Dynamically Loadable Zones DLZs if the zones are writable Versions affected: BIND 9.9.0 - 9.10.8-P1, 9.11.0 - 9.11.5-P2, 9.12.0 - 9.12.3-P2, and versions 9.9.3-S1 - 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 - 9.13.6 o...

5.3CVSS6.5AI score0.037EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/10/09 12:0 a.m.4 views

PT-2019-15106 · Nix · Nix

Name of the Vulnerable Software and Affected Versions: Nix versions prior to 2.3 Description: The issue allows local users to gain access to an arbitrary user's account. This is because the parent directory of the user-profile directories is world writable. Recommendations: For versions prior to...

7.8CVSS7.9AI score0.00433EPSS
Exploits1References5
CNVD
CNVD
added 2019/10/08 12:0 a.m.2 views

Xen Denial of Service Vulnerability (CNVD-2019-34763)

Xen is an open source virtual machine monitor product. Xen suffers from a denial-of-service vulnerability that stems from a page-writable contention condition during the addition of a passed PCI device, which can be exploited by an x86 PV client OS attacker to cause a denial of service or gain...

7.8CVSS8.8AI score0.00259EPSS
Exploits0References1
OSV
OSV
added 2019/09/27 6:15 p.m.1 views

CVE-2019-11753

The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the...

7.8CVSS7.1AI score0.00228EPSS
Exploits0References6
OSV
OSV
added 2019/09/27 6:15 p.m.2 views

UBUNTU-CVE-2019-11753

The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the...

7.8CVSS6.9AI score0.00228EPSS
Exploits0References3
OSV
OSV
added 2019/09/06 10:15 p.m.5 views

CVE-2019-2182

In the Android kernel in the kernel MMU code there is a possible execution path leaving some kernel text and rodata pages writable. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.6AI score
Exploits0References3
OSV
OSV
added 2019/09/06 10:15 p.m.1 views

DEBIAN-CVE-2019-2182

In the Android kernel in the kernel MMU code there is a possible execution path leaving some kernel text and rodata pages writable. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.6AI score0.00217EPSS
Exploits0References1
OSV
OSV
added 2019/09/06 10:15 p.m.1 views

UBUNTU-CVE-2019-2182

In the Android kernel in the kernel MMU code there is a possible execution path leaving some kernel text and rodata pages writable. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.3AI score0.00217EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2019/09/04 1:24 a.m.26 views

CVE-2019-11753

The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the...

7.8CVSS3.3AI score0.00228EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2019/08/26 2:59 p.m.41 views

CVE-2019-1552

OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versio...

3.6CVSS2.7AI score0.00678EPSS
Exploits0References4
Cvelist
Cvelist
added 2019/08/26 11:49 a.m.13 views

CVE-2019-15541

rustls-mio/examples/tlsserver.rs in the rustls crate before 0.16.0 for Rust allows attackers to cause a denial of service loop of connevent and ready by arranging for a client to never be writable...

7.4AI score0.02233EPSS
Exploits1References3
Veracode
Veracode
added 2019/07/31 7:19 a.m.198 views

Insecure Path Defaults

OpenSSL has Insecure Path Defaults. When installed on a Windows machine, the default OPENSSLDIR is C:/usr/local which is world writable. This allows an attacker to modify OpenSSL's default configuration, insert CA certificates, modify or even replace existing engine modules, etc...

3.3CVSS3AI score0.00678EPSS
Exploits0References30Affected Software1
OSV
OSV
added 2019/07/30 7:15 p.m.1 views

UBUNTU-CVE-2018-20871

In Univa Grid Engine before 8.6.3, when configured for Docker jobs and execd spooling on rootsquash, weak file permissions "other" write access occur in certain cases GE-6890...

9.8CVSS7.3AI score0.02169EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2019/07/30 5:15 p.m.23 views

CVE-2019-1552

OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versio...

3.3CVSS6.2AI score0.00678EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2019/07/30 12:0 a.m.5 views

PT-2019-5544 · Ruby +6 · Bundler +6

Name of the Vulnerable Software and Affected Versions: Bundler versions prior to 2.1.0 Description: The issue is related to the use of predictable paths in /tmp/ with insecure permissions as a storage location for gems when locations under the user's home directory are not available. If Bundler i...

8.1CVSS6.8AI score0.06811EPSS
Exploits2References90
0day.today
0day.today
added 2019/07/26 12:0 a.m.31 views

ASAN / SUID - Local Privilege Escalation Exploit

Exploit for multiple platform in category local exploits !/bin/bash unsanitary.sh - ASAN/SUID Local Root Exploit Exploits er, unsanitized env var passing in ASAN which leads to file clobbering as root when executing setuid root binaries compiled with ASAN. Uses an overwrite of /etc/ld.so.preload ...

0.4AI score
Exploits0
OSV
OSV
added 2019/07/11 8:15 p.m.3 views

CVE-2019-12577

A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v82 for macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The macOS binary openvpnlauncher.64 is setuid root. This binary creates /tmp/piaupscript.sh when executed...

7.8CVSS7.3AI score0.00626EPSS
Exploits1References1
OSV
OSV
added 2019/07/09 6:15 p.m.4 views

CVE-2019-13142

The RzSurroundVADStreamingService RzSurroundVADStreamingService.exe in Razer Surround 1.1.63.0 runs as the SYSTEM user using an executable located in %PROGRAMDATA%\Razer\Synapse\Devices\Razer Surround\Driver. The DACL on this folder allows any user to overwrite contents of files in this folder,...

5.5CVSS5.8AI score0.00288EPSS
Exploits0References1
Rows per page
Query Builder