incron 0.5.5 does not initialize supplementary groups when running a process from a user's incrontabs, which causes the process to be run with the incrond supplementary groups and allows local users to gain privileges via an incrontab table.
CVSS Score
4.6
EPSS Score
0.001
Published
2009-10-08
Unspecified vulnerability in inotify before 0.3.5 has unknown impact and attack vectors, related to "access rights to watched files."
CVSS Score
2.1
EPSS Score
0.001
Published
2007-01-31