USN-5279-1 util-linux vulnerabilities

It was discovered that util-linux incorrectly handled unmounting FUSE filesystems. A local attacker could possibly use this issue to unmount FUSE filesystems belonging to other users...

USN-5279-1: util-linux vulnerabilities

It was discovered that util-linux incorrectly handled unmounting FUSE filesystems. A local attacker could possibly use this issue to unmount FUSE filesystems belonging to other users...

[SECURITY] Fedora 35 Update: stratisd-3.0.2-2.fc35

Daemon that manages block devices to create filesystems...

[SECURITY] Fedora 34 Update: stratisd-2.4.4-2.fc34

Daemon that manages block devices to create filesystems...

Fedora: Security Advisory for stratisd (FEDORA-2022-448c3fe785)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for stratisd (FEDORA-2022-51067372d7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite

A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain both a directory and a symlink with the same name, where the symlink and directory names in the archive entry used backslashes as a path separator, made it possible to bypass node-tar symlink checks on...

Debian DSA-5055-1 : util-linux - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5055 advisory. The Qualys Research Labs discovered two vulnerabilities in util-linux's libmount. These flaws allow an unprivileged user to unmount other users' filesystems that...

Mageia: Security Advisory (MGASA-2021-0032)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-3995

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of...

[SECURITY] [DSA 5055-1] util-linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5055-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 24, 2022 https://www.debian.org/security/faq -...

Design/Logic Flaw

An issue was discovered in SquaredUp for SCOM 5.2.1.6654. The Download Log feature in System / Maintenance was susceptible to a local file inclusion vulnerability when processing remote input in the log files downloaded by an authenticated administrator user, leading to the ability to read...

NewStart CGSL CORE 5.05 / MAIN 5.05 : grub2 Multiple Vulnerabilities (NS-SA-2021-0139)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has grub2 packages installed that are affected by multiple vulnerabilities: - A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw...

[SECURITY] [DSA 4987-1] squashfs-tools security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4987-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 15, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4987-1] squashfs-tools security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4987-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 15, 2021 https://www.debian.org/security/faq -...

Path Traversal in bookstackapp/bookstack

Description A path traversal vulnerability in BookStacks export function allows for the exposure of sensitive files in local or localsecure Laravel filesystems. Proof of Concept 1: Write the following in a new page: 2: Export in contained HTML to find the .htaccess file base64 encoded 3: If the...

[SECURITY] Fedora 34 Update: squashfs-tools-4.5-3.20210913gite048580.fc34

Squashfs is a highly compressed read-only filesystem for Linux. This package contains the utilities for manipulating squashfs filesystems...

[SECURITY] [DSA 4967-1] squashfs-tools security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4967-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 04, 2021 https://www.debian.org/security/faq -...

Debian: Security Advisory (DLA-2752-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-37701

The npm package "tar" aka node-tar before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieve...