Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
unprivileged vulnerabilities and exploits
(subscribe to this query)
803
VMScore
CVE-2018-19788
A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.
Polkit Project Polkit 0.115
Debian Debian Linux 9.0
Debian Debian Linux 8.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
5 Github repositories
320
VMScore
CVE-2020-27171
An issue exists in the Linux kernel prior to 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive ...
Linux Linux Kernel
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 20.04
1 Github repository
1 Article
320
VMScore
CVE-2019-15718
In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by e...
Systemd Project Systemd 240
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Redhat Enterprise Linux 8.0
Redhat Openshift Container Platform 4.1
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Update Services For Sap Solutions 8.2
Redhat Enterprise Linux Server Update Services For Sap Solutions 8.4
Redhat Enterprise Linux Server Update Services For Sap Solutions 8.1
Redhat Enterprise Linux For Power Little Endian Eus 8.2
Redhat Enterprise Linux For Ibm Z Systems Eus 8.2
Redhat Enterprise Linux For Ibm Z Systems Eus 8.1
Redhat Enterprise Linux For Power Little Endian Eus 8.1
Redhat Enterprise Linux For Power Little Endian 8.0
Redhat Enterprise Linux For Ibm Z Systems Eus 8.4
642
VMScore
CVE-2005-4890
There is a possible tty hijacking in shadow 4.x prior to 4.1.5 and sudo 1.x prior to 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next proces...
Debian Shadow
Sudo Project Sudo
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Enterprise Linux 5
Redhat Enterprise Linux 4
Redhat Enterprise Linux 6.0
2 Github repositories
668
VMScore
CVE-2017-12582
Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601. Unprivileged user cannot login at front end but with that unprivileged user SID, all function can access at Surveillance Station.
Qnap Ts-212p Firmware 4.2.1
756
VMScore
CVE-2020-5291
Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root pe...
Projectatomic Bubblewrap
Debian Debian Linux 10.0
Archlinux Arch Linux -
Centos Centos 7.0
641
VMScore
CVE-2017-16834
PNP4Nagios up to and including 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an unprivileged account but root code execution depends on these files, which allows local users to gain privileges by leveraging access to this unprivileged account.
Pnp4nagios Pnp4nagios
465
VMScore
CVE-2001-0316
Linux kernel 2.4 and 2.2 allows local users to read kernel memory and possibly gain privileges via a negative argument to the sysctl call.
Linux Linux Kernel 2.4.0
Linux Linux Kernel 2.2.0
1 EDB exploit
641
VMScore
CVE-2018-10361
An issue exists in KTextEditor 5.34.0 up to and including 5.45.0. Insecure handling of temporary files in the KTextEditor's kauth_ktexteditor_helper service (as utilized in the Kate text editor) can allow other unprivileged users on the local system to gain root privileges. ...
Kde Ktexteditor
383
VMScore
CVE-2019-10127
A vulnerability was found in postgresql versions 11.x before 11.3. The Windows installer for BigSQL-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, an a...
Postgresql Postgresql
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924
CVE-2024-3400
overflow
CVE-2024-23528
CVE-2024-21338
CVE-2024-3818
CVE-2024-23535
NULL pointer dereference
elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »