CVE-2021-37701

A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain both a directory and a symlink with the same name, where the symlink and directory names in the archive entry used backslashes as a path separator, made it possible to bypass node-tar symlink checks on...

USN-5057-1: Squashfs-Tools vulnerability

Etienne Stalmans discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem...

CVE-2021-37701

The npm package "tar" aka node-tar before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieve...

CVE-2021-36123

An issue was discovered in Echo ShareCare 8.15.5. The TextReader feature in General/TextReader/TextReader.cfm is susceptible to a local file inclusion vulnerability when processing remote input in the textFile parameter from an authenticated user, leading to the ability to read arbitrary files on...

CVE-2020-36394

pamsetquota.c in the pamsetquota module before 2020-05-29 for Linux-PAM allows local attackers to set their quota on an arbitrary filesystem, in certain situations where the attacker's home directory is a FUSE filesystem mounted under /home...

Linux-PAM 安全漏洞

Linux-pam is a pluggable-supported system authentication software for Linux from the Linux-pam team. A security vulnerability exists in Linux-PAM that allows a local attacker to exploit the vulnerability to set quotas on arbitrary filesystems, in some cases the home directory of the attacker to...

July 13, 2021 Public preview security update (KB5004243)

July 13, 2021 Public preview security update KB5004243 Improvements and fixes This public preview security update includes quality improvements. Key changes include: Removes support for the PerformTicketSignature setting and permanently enables Enforcement mode for CVE-2020-17049. For more...

Security update for syncthing (moderate)

openSUSE Security Update: Security update for syncthing Announcement ID: openSUSE-SU-2021:0713-1 Rating: moderate References: 1184428 Cross-References: CVE-2021-21404 CVSS scores: CVE-2021-21404 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP...

June 8, 2021 Public preview security update (KB5003645)

June 8, 2021 Public preview security update KB5003645 Improvements and fixes This public preview security update includes quality improvements. Key changes include: Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domai...

SUSE: Security Advisory (SUSE-SU-2021:0757-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for git (openSUSE-SU-2021:0405-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

UBUNTU-CVE-2021-3493

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow...

CVE-2021-28927

The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platformwin32.c via the accessibilityspeakwindows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection...

SUSE-SU-2021:0853-1 Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP1)

This update for the Linux Kernel 4.12.14-19734 fixes several issues. The following security issues were fixed: - CVE-2020-29368: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check bsc1179664. - Fixed ...

openSUSE Security Update : git (openSUSE-2021-405)

This update for git fixes the following issues : - On case-insensitive filesystems, with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters such as Git LFS, Git could be fooled into running remote code during a clone. bsc1183026, CVE-2021-21300...

OPENSUSE-SU-2021:0405-1 Security update for git

This update for git fixes the following issues: - On case-insensitive filesystems, with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters such as Git LFS, Git could be fooled into running remote code during a clone. bsc1183026, CVE-2021-21300 Th...

SUSE SLES12 Security Update : git (SUSE-SU-2021:0756-1)

This update for git fixes the following issues : On case-insensitive filesystems, with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters such as Git LFS, Git could be fooled into running remote code during a clone. bsc1183026, CVE-2021-21300 Not...

SUSE SLED15 / SLES15 Security Update : git (SUSE-SU-2021:0757-1)

This update for git fixes the following issues : On case-insensitive filesystems, with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters such as Git LFS, Git could be fooled into running remote code during a clone. bsc1183026, CVE-2021-21300 Not...

EulerOS Virtualization for ARM 64 3.0.2.0 : policycoreutils (EulerOS-SA-2021-1395)

According to the version of the policycoreutils packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged maliciou...

SUSE-SU-2021:0757-1 Security update for git

This update for git fixes the following issues: - On case-insensitive filesystems, with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters such as Git LFS, Git could be fooled into running remote code during a clone. bsc1183026, CVE-2021-21300...