Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
logrotate vulnerabilities and exploits
(subscribe to this query)
6.9
CVSSv2
CVE-2019-10143
It exists freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory norm...
Freeradius Freeradius
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Redhat Enterprise Linux 8.0
4.6
CVSSv2
CVE-2006-2451
The suid_dumpable support in Linux kernel 2.6.13 up to versions prior to 2.6.17.4, and 2.6.16 prior to 2.6.16.24, allows a local user to cause a denial of service (disk consumption) and possibly gain privileges via the PR_SET_DUMPABLE argument of the prctl function and a program ...
Linux Linux Kernel 2.6.17
Linux Linux Kernel 2.6.16.16
Linux Linux Kernel 2.6.16.9
Linux Linux Kernel 2.6.14
Linux Linux Kernel 2.6.15.3
Linux Linux Kernel 2.6.16.6
Linux Linux Kernel 2.6.16.8
Linux Linux Kernel 2.6.16
Linux Linux Kernel 2.6.14.7
Linux Linux Kernel 2.6.13
Linux Linux Kernel 2.6.17.2
Linux Linux Kernel 2.6.15
Linux Linux Kernel 2.6.13.3
Linux Linux Kernel 2.6.14.4
Linux Linux Kernel 2.6.16.18
Linux Linux Kernel 2.6.14.3
Linux Linux Kernel 2.6.16.13
Linux Linux Kernel 2.6.16.4
Linux Linux Kernel 2.6.17.3
Linux Linux Kernel 2.6.16.15
Linux Linux Kernel 2.6.15.6
Linux Linux Kernel 2.6.15.1
5 EDB exploits
10
CVSSv2
CVE-2000-0747
The logrotate script for OpenLDAP prior to 1.2.11 in Conectiva Linux sends an improper signal to the kernel log daemon (klogd) and kills it.
Conectiva Linux 5.0
Conectiva Linux 4.1
Conectiva Linux 4.2
6.9
CVSSv2
CVE-2020-9475
The S. Siedle & Soehne SG 150-0 Smart Gateway prior to 1.2.4 allows local privilege escalation via a race condition in logrotate. By using an exploit chain, an attacker with access to the network can get root access on the gateway.
Siedle Sg 150-0 Firmware
2.9
CVSSv2
CVE-2019-13456
In FreeRADIUS 3.0 up to and including 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user...
Freeradius Freeradius
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Opensuse Leap 15.1
5
CVSSv2
CVE-2019-17185
In FreeRADIUS 3.0.x prior to 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused ...
Freeradius Freeradius
Opensuse Leap 15.1
7.2
CVSSv2
CVE-2019-0211
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent ...
Apache Http Server
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Debian Debian Linux 9.0
Opensuse Leap 42.3
Opensuse Leap 15.0
1 EDB exploit
7 Github repositories
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
client side
CVE-2023-31889
template injection
CVE-2024-4304
CVE-2006-4304
CVE-2024-33272
type confusion
CVE-2024-21345
CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2