Shinyzenith - Security Researcher - Exploit Intelligence Platform

CVE-2022-27815 WRITEUP HIGH WRITEUP

Waycrate Swhkd < 1.2.0 - Symlink Following

SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There can be an information leak or denial of service.

CVSS 7.8

View Code

CVE-2022-27816 WRITEUP HIGH WRITEUP

Waycrate Swhkd < 1.2.0 - Symlink Following

SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service.

CVSS 7.1

View Code

CVE-2022-27818 WRITEUP CRITICAL WRITEUP

Waycrate Swhkd < 1.2.0 - Exposure to Wrong Actor

SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service.

CVSS 9.1

View Code

CVE-2022-27819 WRITEUP MEDIUM WRITEUP

Waycrate Swhkd < 1.2.0 - Resource Allocation Without Limits

SWHKD 1.1.5 allows unsafe parsing via the -c option. An information leak might occur but there is a simple denial of service (memory exhaustion) upon an attempt to parse a large or infinite file (such as a block or character device).

CVSS 5.3

View Code