CVE-2023-4911

Known exploited
Public exploit
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
Max CVSS
7.8
EPSS Score
1.88%
Published
2023-10-03
Updated
2024-02-22
CISA KEV Added
2023-11-21

CVE-2022-0847

Known exploited
Public exploit
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
Max CVSS
7.8
EPSS Score
7.58%
Published
2022-03-10
Updated
2024-01-12
CISA KEV Added
2022-04-25

CVE-2022-0492

Public exploit
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
Max CVSS
7.8
EPSS Score
9.52%
Published
2022-03-03
Updated
2023-12-07

CVE-2021-4034

Known exploited
Public exploit
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Max CVSS
7.8
EPSS Score
0.05%
Published
2022-01-28
Updated
2023-10-18
CISA KEV Added
2022-06-27

CVE-2021-3560

Known exploited
Public exploit
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Max CVSS
7.8
EPSS Score
1.18%
Published
2022-02-16
Updated
2023-06-12
CISA KEV Added
2023-05-12

CVE-2020-6418

Known exploited
Public exploit
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Max CVSS
8.8
EPSS Score
97.15%
Published
2020-02-27
Updated
2022-03-31
CISA KEV Added
2021-11-03

CVE-2019-1003029

Known exploited
Public exploit
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM.
Max CVSS
9.9
EPSS Score
0.94%
Published
2019-03-08
Updated
2023-10-25
CISA KEV Added
2022-04-25

CVE-2019-1003002

Public exploit
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
Max CVSS
8.8
EPSS Score
79.65%
Published
2019-01-22
Updated
2023-10-25

CVE-2019-1003001

Public exploit
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
Max CVSS
8.8
EPSS Score
79.65%
Published
2019-01-22
Updated
2023-10-25

CVE-2019-1003000

Public exploit
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.
Max CVSS
8.8
EPSS Score
83.65%
Published
2019-01-22
Updated
2023-10-25

CVE-2019-13272

Known exploited
Public exploit
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
Max CVSS
7.8
EPSS Score
0.05%
Published
2019-07-17
Updated
2023-01-17
CISA KEV Added
2021-12-10

CVE-2019-9213

Public exploit
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.
Max CVSS
5.5
EPSS Score
0.08%
Published
2019-03-05
Updated
2022-10-12

CVE-2019-7609

Known exploited
Public exploit
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
Max CVSS
10.0
EPSS Score
96.78%
Published
2019-03-25
Updated
2023-09-08
CISA KEV Added
2022-01-10

CVE-2019-5736

Public exploit
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
Max CVSS
9.3
EPSS Score
0.44%
Published
2019-02-11
Updated
2024-02-02

CVE-2019-5418

Public exploit
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
Max CVSS
7.5
EPSS Score
97.43%
Published
2019-03-27
Updated
2020-10-16

CVE-2018-1002105

Public exploit
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.
Max CVSS
9.8
EPSS Score
47.45%
Published
2018-12-05
Updated
2019-06-28

CVE-2018-1000861

Known exploited
Public exploit
A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way.
Max CVSS
10.0
EPSS Score
97.34%
Published
2018-12-10
Updated
2022-06-13
CISA KEV Added
2022-02-10

CVE-2018-1000115

Public exploit
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default.
Max CVSS
7.5
EPSS Score
96.97%
Published
2018-03-05
Updated
2021-08-04

CVE-2018-1000001

Public exploit
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
Max CVSS
7.8
EPSS Score
0.53%
Published
2018-01-31
Updated
2019-10-03

CVE-2018-17463

Known exploited
Public exploit
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Max CVSS
8.8
EPSS Score
97.43%
Published
2018-11-14
Updated
2020-08-24
CISA KEV Added
2022-06-08

CVE-2018-17456

Public exploit
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.
Max CVSS
9.8
EPSS Score
16.06%
Published
2018-10-06
Updated
2020-08-24

CVE-2018-16509

Public exploit
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
Max CVSS
9.3
EPSS Score
97.27%
Published
2018-09-05
Updated
2019-10-03

CVE-2018-15727

Public exploit
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.
Max CVSS
9.8
EPSS Score
2.54%
Published
2018-08-29
Updated
2019-03-05

CVE-2018-15473

Public exploit
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
Max CVSS
5.3
EPSS Score
2.36%
Published
2018-08-17
Updated
2023-02-23

CVE-2018-14665

Public exploit
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
Max CVSS
7.2
EPSS Score
3.21%
Published
2018-10-25
Updated
2019-10-22
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!