Lucene search
K

6887 matches found

Debian CVE
Debian CVE
added 2020/04/30 4:23 p.m.20 views

CVE-2020-10691

An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file with...

5.2CVSS7AI score0.00358EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/04/29 12:0 a.m.40 views

RHEL 8 : container-tools:rhel8 (RHSA-2020:1932)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1932 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: buildah: Crafted...

9.3CVSS6.9AI score0.02603EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/04/28 9:3 p.m.1 views

buildah: Crafted input tar file may lead to local file overwrite during image build process

A path traversal flaw was found in Buildah. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTPs server and then write files to the user's system anywhere that the user has permissions...

9.3CVSS7.3AI score0.02603EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/04/28 9:3 p.m.65 views

Important: Red Hat Security Advisory: container-tools:rhel8 security update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

9.3CVSS6.7AI score0.02603EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2020/04/28 9:2 p.m.49 views

Important: Red Hat Security Advisory: container-tools:2.0 security update

An update for the container-tools:2.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

9.3CVSS6.7AI score0.02603EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2020/04/28 8:59 p.m.3 views

buildah: Crafted input tar file may lead to local file overwrite during image build process

A path traversal flaw was found in Buildah. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTPs server and then write files to the user's system anywhere that the user has permissions...

9.3CVSS7.3AI score0.02603EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/04/28 4:8 p.m.2 views

pcp: Local privilege escalation in pcp spec file through migrate_tempdirs

A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise...

8.4CVSS7.2AI score0.00458EPSS
Exploits1References4
AlmaLinux
AlmaLinux
added 2020/04/28 4:7 p.m.45 views

Important: container-tools:rhel8 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: buildah: Crafted input tar file may lead to local file overwrite during image build process CVE-2020-10696 For more details about the security issues, including the...

9.3CVSS8.4AI score0.02603EPSS
Exploits1References2
OSV
OSV
added 2020/04/28 4:7 p.m.30 views

RLSA-2020:1932 Important: container-tools:rhel8 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: buildah: Crafted input tar file may lead to local file overwrite during image build process CVE-2020-10696 For more details about the security issues, including the...

8.8CVSS8.7AI score0.02603EPSS
Exploits1References2
AlmaLinux
AlmaLinux
added 2020/04/28 4:7 p.m.26 views

Important: container-tools:2.0 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: buildah: Crafted input tar file may lead to local file overwrite during image build process CVE-2020-10696 For more details about the security issues, including the...

9.3CVSS8.4AI score0.02603EPSS
Exploits1References2
OSV
OSV
added 2020/04/28 4:7 p.m.27 views

RLSA-2020:1931 Important: container-tools:2.0 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: buildah: Crafted input tar file may lead to local file overwrite during image build process CVE-2020-10696 For more details about the security issues, including the...

8.8CVSS8.7AI score0.02603EPSS
Exploits1References2
OSV
OSV
added 2020/04/28 4:6 p.m.30 views

RLSA-2020:1926 Important: container-tools:1.0 security and bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: buildah: Crafted input tar file may lead to local file overwrite during image build process CVE-2020-10696 For more details about the security issues, including the...

8.8CVSS8.7AI score0.02603EPSS
Exploits1References5
NVD
NVD
added 2020/04/24 4:15 p.m.14 views

CVE-2020-6828

A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference value...

7.5CVSS8.3AI score0.01471EPSS
Exploits0References2
Prion
Prion
added 2020/04/24 4:15 p.m.16 views

Design/Logic Flaw

A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference value...

6.4CVSS7.6AI score0.01471EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/04/24 3:48 p.m.30 views

CVE-2020-6828

A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference value...

8.2AI score0.01471EPSS
Exploits0References2
CVE
CVE
added 2020/04/24 3:48 p.m.215 views

CVE-2020-6828

Mode C - Detailed summary: CVE-2020-6828 affects Firefox for Android and is part of a set of fixes in Firefox ESR updates. The vulnerability arises when a malicious Android app crafts an Intent that Firefox for Android processes, potentially enabling a crafted user.js to overwrite preferences in ...

7.5CVSS8AI score0.01471EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2020/04/24 3:48 p.m.31 views

CVE-2020-6828

A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference value...

7.5CVSS7.8AI score0.01471EPSS
Exploits0
Hacker One
Hacker One
added 2020/04/24 11:18 a.m.19 views

Acronis: Local Privilege Escalation in anti_ransomware_service.exe via quarantine

antiransomwareservice.exe includes a functionality to quarantine files which will copy the suspected ransomware file from one directory to another using SYSTEM privileges. As any unprivileged user has write permissions in the quarantine folder, it is possible to control this privileged write with...

0.5AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/04/22 3:42 p.m.1 views

buildah: Crafted input tar file may lead to local file overwrite during image build process

A path traversal flaw was found in Buildah. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTPs server and then write files to the user's system anywhere that the user has permissions...

9.3CVSS7.3AI score0.02603EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/04/22 2:10 p.m.6 views

Ansible: archive traversal vulnerability in ansible-galaxy collection install

An archive traversal flaw was found in Ansible Engine when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system...

5.2CVSS7.1AI score0.00358EPSS
Exploits0References4
Rows per page
Query Builder