Filtered by vendor Magnicomp
Subscribe
Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-9310 | 2 Linux, Magnicomp | 2 Linux Kernel, Sysinfo | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
An issue was discovered in MagniComp SysInfo before 10-H82 if setuid root (the default). This vulnerability allows any local user on a Linux/UNIX system to run SysInfo and obtain a root shell, which can be used to compromise the local system. | |||||
CVE-2018-7268 | 3 Apple, Linux, Magnicomp | 3 Mac Os X, Linux Kernel, Sysinfo | 2024-02-04 | 4.9 MEDIUM | 5.5 MEDIUM |
MagniComp SysInfo before 10-H81, as shipped with BMC BladeLogic Automation and other products, contains an information exposure vulnerability in which a local unprivileged user is able to read any root (uid 0) owned file on the system, regardless of the file permissions. Confidential information such as password hashes (/etc/shadow) or other secrets (such as log files or private keys) can be leaked to the attacker. The vulnerability has a confidentiality impact, but has no direct impact on system integrity or availability. | |||||
CVE-2017-6516 | 1 Magnicomp | 1 Sysinfo | 2024-02-04 | 7.2 HIGH | 6.7 MEDIUM |
A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo before 10-H64 for Linux and UNIX platforms could allow a local attacker to gain elevated privileges. Parts of SysInfo require setuid-to-root access in order to access restricted system files and make restricted kernel calls. This access could be exploited by a local attacker to gain a root shell prompt using the right combination of environment variables and command line arguments. |