6886 matches found
kubernetes: Mishandling of symlinks allows for arbitrary file write via `kubectl cp`
A flaw was found in Kubernetes via the mishandling of symlinks when copying files from a running container. An attacker could exploit this by convincing a user to use kubectl cp or oc cp with a malicious container, allowing for arbitrary files to be overwritten on the host machine...
Arbitrary File Overwrite
Overview Versions of tar prior to 4.4.2 for 4.x and 2.2.2 for 2.x are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink will overwrite the system's file with the contents of the...
CVE-2019-1002101
A flaw was found in Kubernetes via the mishandling of symlinks when copying files from a running container. An attacker could exploit this by convincing a user to use kubectl cp or oc cp with a malicious container, allowing for arbitrary files to be overwritten on the host machine...
Unspecified Vulnerability in Apple iOS and Apple macOS Mojave Feedback Assistant
Apple iOS and Apple macOS Mojave are both products of Apple Inc. Apple iOS is an operating system for mobile devices. apple macOS Mojave is a specialized operating system for Mac computers. feedback Assistant is one of the Feedback Assistant is one of the system error feedback components. An...
Apache Karaf Arbitrary File Overwrite Vulnerability
Apache Karaf is the United States Apache Apache Foundation for the deployment of applications and components of a lightweight OSGi Java Dynamic Modular System container. An arbitrary file overwrite vulnerability exists in Apache Karaf versions prior to 4.2.3, which can be exploited by a remote...
OPENSUSE-SU-2019:0307-1 Security update for openssh
This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers bsc1121816 -...
OPENSUSE-SU-2019:0293-1 Security update for supportutils
This update for supportutils fixes the following issues: Security issues fixed: - CVE-2018-19640: Fixed an issue where users could kill arbitrary processes bsc1118463. - CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files bsc1118460. - CVE-2018-19639: Fixed a code...
CVE-2018-17955 Static tempfile name allows overwriting of arbitrary files
In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection...
CVE-2018-17955
CVE-2018-17955 affects yast2-multipath prior to version 4.1.1. The vulnerability arises from a static temporary filename that allows local attackers to overwrite files on systems without symlink protection. Impact is described as local complete/partial integrity on affected files with potential a...
SUSE-SU-2019:13976-1 Security update for supportutils
This update for supportutils fixes the following issues: Security vulnerabilities fixed: - CVE-2018-19636: Local root exploit via inclusion of attacker controlled shell script bsc1117751 - CVE-2018-19640: Users can kill arbitrary processes bsc1118463 - CVE-2018-19638: User can overwrite arbitrary...
CVE-2018-19637
Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supplog, allowing local attackers to overwrite files on systems without symlink protection...
CVE-2018-19638
In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files...
CVE-2018-19638
CVE-2018-19638 affects supportutils prior to 3.1-5.7.1: an unprivileged user could overwrite arbitrary files in the log-collection directory when pacemaker is installed. OpenSUSE/SUSE advisories (openSUSE-2019-1351) fix this by upgrading supportutils to 3.1.17-2.2 (and related updates for hostinf...
Security Bulletin: Vulnerabiliies in libmspack affect PowerKVM
Summary PowerKVM is affected by vulnerabilities in libmspack. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2018-14682 DESCRIPTION: libmspack is vulnerable to a denial of service, caused by an off-by-one in mspack/chmd.c in the TOLOWER macro for CHM decompression. ...
SUSE-SU-2019:0496-1 Security update for openssh
This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers bsc1121816 -...
SUSE-SU-2019:0480-1 Security update for supportutils
This update for supportutils fixes the following issues: Security issues fixed: - CVE-2018-19640: Fixed an issue where users could kill arbitrary processes bsc1118463. - CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files bsc1118460. - CVE-2018-19639: Fixed a code...
Memu Play 6.0.7 Privilege Escalation
Exploit Title: Memu Play 6.0.7 - Privilege Escalation PoC Date: 20/02/2019 Author: Alejandra SA!nchez Vendor Homepage: https://www.memuplay.com/ Software Link: https://www.memuplay.com/download-en.php?filename=Memu-Setup&from=officialrelease Version: 6.0.7 Tested on: Windows 10 / Windows 7...
NetKit Input Validation Vulnerability
NetKit is a network environment simulation system. A security vulnerability exists in NetKit 0.17 and earlier versions, which stems from the fact that the server selects the file/directory to be sent to the client, but the rcp client only loosely validates the name of the returned object. An...
MGASA-2019-0063 Updated cinnamon packages fix security vulnerability
A flaw was found in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of for example other users' icon files in onfacebrowsemenuitemactivated and onfacemenuitemactivated. These icon files are written to the respective user's $HOME/.face locatio...
CVE-2019-7283
An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server or Man-in-The-Middle attacker can overwrite...