1025 matches found
CVE-2015-6240
CVE-2015-6240 concerns Ansible, where the chroot, jail, and zone connection plugins allow a local attacker to escape a restricted environment via a symlink attack. Affected software is Ansible versions older than 1.9.2, as described in multiple sources (including GHSA and Debian/Ubuntu advisories...
OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0100)
The remote OracleVM system is missing necessary patches to address critical security updates : - Fix DNSKEY that encountered a CNAME 1447869, ISC change 3391 - Fix CVE-2017-3136 ISC change 4575 - Fix CVE-2017-3137 ISC change 4578 - Fix and test caching CNAME before DNAME ISC change 4558 - Fix...
OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066)
The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2017-3136 ISC change 4575 - Fix CVE-2017-3137 ISC change 4578 - Fix and test caching CNAME before DNAME ISC change 4558 - Fix CVE-2016-9147 ISC change 4510 - Fix regression introduced by...
Fedora 25 : proftpd (2017-c6f424c3ff)
Current upstream maintenance release for the 1.3.5 series. Includes fix for CVE-2017-7418, where not all path elements were checked for symlinks when using a chroot, so attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component other than the last one...
CVE-2016-6299
The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file...
Design/Logic Flaw
The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file...
CVE-2016-6299
The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file...
UBUNTU-CVE-2016-6299
The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file...
CVE-2016-6299
Removed by vendor...
CVE-2016-6299
CVE-2016-6299 affects the scm plug-in in mock, where crafted spec files can bypass the chroot protection and grant the attacker root privileges. This is a local-type vulnerability with high impact (C/H/I/A) per CVSS. Fedora advisories indicate a security fix was released for this CVE; other sourc...
CVE-2016-6299
The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file...
CentOS 7 : util-linux (CESA-2017:0907)
An update for util-linux is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
PT-2017-2109 · Mock · Mock
Name of the Vulnerable Software and Affected Versions: mock affected versions not specified Description: The issue is related to the scm plug-in in mock, which may allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file. This is due to...
DEBIAN-CVE-2016-10123
Firejail allows --chroot when seccomp is not supported, which might allow local users to gain privileges...
CVE-2016-10123
Firejail allows --chroot when seccomp is not supported, which might allow local users to gain privileges...
CVE-2016-10118
Firejail allows local users to truncate /etc/resolv.conf via a chroot command to /...
UBUNTU-CVE-2016-10118
Firejail allows local users to truncate /etc/resolv.conf via a chroot command to /...
CVE-2016-10118
Firejail allows local users to truncate /etc/resolv.conf via a chroot command to /...
CVE-2016-10123
Firejail allows --chroot when seccomp is not supported, which might allow local users to gain privileges...
CVE-2016-10118
Firejail exposes a local-privilege issue: in CVE-2016-10118, a local user can truncate /etc/resolv.conf by performing a chroot to /. The NVD entry confirms LOCAL access with LOW/LOW remote? to integrity and confidentiality impact as stated, with impact limited to integrity (PARTIAL) and no confid...