6887 matches found
CVE-2020-10691
An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file with...
RHEL 8 : container-tools:rhel8 (RHSA-2020:1932)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1932 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: buildah: Crafted...
buildah: Crafted input tar file may lead to local file overwrite during image build process
A path traversal flaw was found in Buildah. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTPs server and then write files to the user's system anywhere that the user has permissions...
Important: Red Hat Security Advisory: container-tools:rhel8 security update
An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Important: Red Hat Security Advisory: container-tools:2.0 security update
An update for the container-tools:2.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...
buildah: Crafted input tar file may lead to local file overwrite during image build process
A path traversal flaw was found in Buildah. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTPs server and then write files to the user's system anywhere that the user has permissions...
pcp: Local privilege escalation in pcp spec file through migrate_tempdirs
A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise...
Important: container-tools:rhel8 security update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: buildah: Crafted input tar file may lead to local file overwrite during image build process CVE-2020-10696 For more details about the security issues, including the...
RLSA-2020:1932 Important: container-tools:rhel8 security update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: buildah: Crafted input tar file may lead to local file overwrite during image build process CVE-2020-10696 For more details about the security issues, including the...
Important: container-tools:2.0 security update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: buildah: Crafted input tar file may lead to local file overwrite during image build process CVE-2020-10696 For more details about the security issues, including the...
RLSA-2020:1931 Important: container-tools:2.0 security update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: buildah: Crafted input tar file may lead to local file overwrite during image build process CVE-2020-10696 For more details about the security issues, including the...
RLSA-2020:1926 Important: container-tools:1.0 security and bug fix update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: buildah: Crafted input tar file may lead to local file overwrite during image build process CVE-2020-10696 For more details about the security issues, including the...
CVE-2020-6828
A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference value...
Design/Logic Flaw
A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference value...
CVE-2020-6828
A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference value...
CVE-2020-6828
Mode C - Detailed summary: CVE-2020-6828 affects Firefox for Android and is part of a set of fixes in Firefox ESR updates. The vulnerability arises when a malicious Android app crafts an Intent that Firefox for Android processes, potentially enabling a crafted user.js to overwrite preferences in ...
CVE-2020-6828
A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference value...
Acronis: Local Privilege Escalation in anti_ransomware_service.exe via quarantine
antiransomwareservice.exe includes a functionality to quarantine files which will copy the suspected ransomware file from one directory to another using SYSTEM privileges. As any unprivileged user has write permissions in the quarantine folder, it is possible to control this privileged write with...
buildah: Crafted input tar file may lead to local file overwrite during image build process
A path traversal flaw was found in Buildah. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTPs server and then write files to the user's system anywhere that the user has permissions...
Ansible: archive traversal vulnerability in ansible-galaxy collection install
An archive traversal flaw was found in Ansible Engine when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system...