CVE-2024-6760

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-862
View all →

Vulnerability Description

A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs. The bug may be used by an unprivileged user to read the contents of files to which they would not otherwise have access, such as the local password database.

Related Vulnerabilities

CVE-2015-20067

HIGH
CVSS:7.5(High)

The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on ...

CWE-8622015

CVE-2017-1002006

HIGH
CVSS:7.5(High)

Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_contact.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table.

CWE-8622017

CVE-2017-1002007

HIGH
CVSS:7.5(High)

Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_mail.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table.

CWE-8622017

CVE-2017-10846

HIGH
CVSS:7.5(High)

Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors.

CWE-8622017

CVE-2017-11135

HIGH
CVSS:7.5(High)

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The logout mechanism does not check for authorization. Therefore,...

CWE-8622017

CVE-2017-18666

HIGH
CVSS:7.5(High)

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. Applications can send arbitrary premium SMS messages. The Samsung ID is SVE-2017-8701 (June 201...

CWE-8622017