CVE-2023-30840 On a compromised node, the fluid-csi service account can be used to modify node specs

Fluid is an open source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. Starting in version 0.7.0 and prior to version 0.8.6, if a malicious user gains control of a Kubernetes node running fluid csi pod controlled by the csi-nodeplugin-fluid...

UBUNTU-CVE-2022-25275

In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However,...

Fedora: Security Advisory for glusterfs (FEDORA-2023-5a54eea360)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Vulnerability in PyPI cryptography and Python may affect IBM Spectrum Protect Plus File Systems Agent (CVE-2023-23931, CVE-2023-0286, CVE-2023-24329)

Summary IBM Spectrum Protect Plus File Systems Agent can be affected by vulnerability in PyPI cryptography and Python. Vulnerabilities could allow a remote attacker to bypass security restrictions or do a denial of service attack, as described by the CVEs in the "Vulnerability Details" section...

OS Command Injection

github.com/gogs/gogs is vulnerable to OS Command Injection. The vulnerability exists because the isRepositoryGitPath function of repoeditor.go does not properly check the git path on case-insensitive file systems, which allows an attacker to upload malicious file configs into the system...

GHSA-PFVH-P8QP-9WW9 Gogs OS Command Injection vulnerability

Impact The malicious user is able to update a crafted config file into repository's .git directory in combination with crafted file deletion to gain SSH access to the server on case-insensitive file systems. All installations with repository upload enabled default on case-insensitive file systems...

SUSE CVE-2005-3623

nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAYSATTR privilege before setting access controls ACL on files on exported NFS filesystems, which allows remote attackers to bypass ACLs for readonly mounted NFS filesystems...

SUSE CVE-2012-5619

The Sleuth Kit TSK 4.0.1 does not properly handle "." dotfile file system entries in FAT file systems and other file systems for which . is not a reserved name, which allows local users to hide activities it more difficult to conduct forensics activities, as demonstrated by Flame...

Security Bulletin: CVE-2022-3676 may affect Eclipse Openj9 used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint

Summary CVE-2022-3676 vulnerability in Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by improper runtime type check by the interface calls. Vulnerability Details CVEID:CVE-2022-3676 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass security...

Security Bulletin: CVE-2022-21624 may affect IBM® SDK, Java™ Technology Edition for Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint

Summary CVE-2022-21624 was disclosed in the Oracle October 2022 Critical Patch Update. Vulnerability Details CVEID:CVE-2022-21624 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to update, insert or delete data resulti...

Path Traversal

vertx-web is vulnerable to Path Traversal. The vulnerability exists in the pathOffset function of Utils.java When running vertx web applications that serve files using the StaticHandler on Windows Operating Systems and Windows File Systems. If the mount point is a wildcard , then an attacker can...

StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route

Summary When running vertx web applications that serve files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard then an attacker can exfiltrate any class path resource. Details When computing the relative path to locate the resource, in cas...

Input validation

Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard then an attacker can exfiltrate a...

CVE-2023-24815 Disclosure of classpath resources on Windows when mounted on a wildcard route in vertx-web

Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard then an attacker can exfiltrate a...

Security Bulletin: Vulnerabilities in Certifi, Setuptools and Python may affect IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore (CVE-2022-23491, CVE-2022-40897, CVE-2022-45061)

Summary IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in Certifi, Setuptools and Python. Vulnerabilities include error with TurstCor's owenership of certificates and denial of service attacks, as described by the CVEs in the "Vulnerability...

Moderate: Red Hat Security Advisory: grub2 security and bug fix update

An update for grub2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

Moderate: grub2 security update

The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fixes: grub2: Buffer...

[SECURITY] Fedora 37 Update: ntfs-3g-2022.10.3-1.fc37

NTFS-3G is a stable, open source, GPL licensed, POSIX, read/write NTFS driver for Linux and many other operating systems. It provides safe handling of the Windows XP, Windows Server 2003, Windows 2000, Windows Vista, Windows Server 2008 and Windows 7 NTFS file systems. NTFS-3G can create, remove,...

Security Bulletin: Vulnerability in Python Cryptographic Authority cryptography affects IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore

Summary IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore may be affected by a Python Cryptographic Authority cryptography buffer overflow vulnerability has been addressed. Vulnerability Details IBM X-Force ID: 239927 DESCRIPTION: Python Cryptographic Authority cryptography is...

[SECURITY] Fedora 35 Update: ntfs-3g-2022.10.3-1.fc35

NTFS-3G is a stable, open source, GPL licensed, POSIX, read/write NTFS driver for Linux and many other operating systems. It provides safe handling of the Windows XP, Windows Server 2003, Windows 2000, Windows Vista, Windows Server 2008 and Windows 7 NTFS file systems. NTFS-3G can create, remove,...