612 matches found
USN-4761-1: Git vulnerability
Matheus Tavares discovered that Git incorrectly handled delay-capable clean/smudge filters when being used on case-insensitive filesystems. A remote attacker could possibly use this issue to execute arbitrary code...
USN-4761-1 git vulnerability
Matheus Tavares discovered that Git incorrectly handled delay-capable clean/smudge filters when being used on case-insensitive filesystems. A remote attacker could possibly use this issue to execute arbitrary code...
SUSE-SU-2021:0756-1 Security update for git
This update for git fixes the following issues: - On case-insensitive filesystems, with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters such as Git LFS, Git could be fooled into running remote code during a clone. bsc1183026, CVE-2021-21300...
Huawei EulerOS: Security Advisory for policycoreutils (EulerOS-SA-2021-1395)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
kernel: umask not applied on filesystem without ACL support
A vulnerability was found in NFSv4.2 in the Linux kernel, where a server fails to correctly apply umask when creating a new object on filesystem without ACL support for example, ext4 with the "noacl" mount option. This flaw allows a local attacker with a user privilege to cause a kernel informati...
HaXmas Hardware Hacking
Usually, when you read an IoT hacking report or blog post, it ends with something along the lines of, "and that's how I got root," or "and there was a secret backdoor credential," or "and every device in the field uses the same S3 bucket with no authentication." You know, something bad, and the...
A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality integrity as well as system availability.
...
DEBIAN-CVE-2020-14381
A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as...
UBUNTU-CVE-2020-14381
A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as...
Grype - A Vulnerability Scanner For Container Images And Filesystems
A vulnerability scanner for container images and filesystems. Easily install the binary to try it out. Features Scan the contents of a container image or filesystem to find known vulnerabilities. Find vulnerabilities for major operating system packages Alpine BusyBox CentOS / Red Hat Debian Ubunt...
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.
...
Arbitrary Code Execution
gce-compute-image-packages is vulnerable to arbitrary code execution. Using the membership to the "lxd" group, an attacker can attach host devices and filesystems, and to attach the host OS filesystem and modify /etc/sudoers to then gain administrative privileges...
PT-2020-6546 · Unknown +1 · F2Fs-Tools +1
Name of the Vulnerable Software and Affected Versions: F2fs-Tools versions 1.13 Description: The issue is related to incorrect external management of file names or paths, which can be exploited to delete arbitrary files by creating a specially crafted f2fs filesystem. A specially crafted f2fs...
PT-2020-6549 · Unknown +1 · F2Fs-Tools +1
Name of the Vulnerable Software and Affected Versions: F2fs-Tools version 1.13 Description: The issue is related to a heap buffer overflow that can be triggered by a specially crafted f2fs filesystem, potentially allowing an attacker to execute arbitrary code. This can be achieved by providing a...
PT-2020-6550 · Unknown +1 · F2Fs-Tools +1
Name of the Vulnerable Software and Affected Versions: F2fs-Tools F2fs.Fsck version 1.13 Description: An exploitable information disclosure issue exists in the get dnode of data functionality. A specially crafted f2fs filesystem can cause information disclosure. An attacker can provide a maliciou...
Privilege escalation
A vulnerability in Cisco Data Center Network Manager DCNM Software could allow an authenticated, local attacker to obtain confidential information from an affected device. The vulnerability is due to insufficient protection of confidential information on an affected device. An attacker at any...
CVE-2020-3520 Cisco Data Center Network Manager Information Disclosure Vulnerability
A vulnerability in Cisco Data Center Network Manager DCNM Software could allow an authenticated, local attacker to obtain confidential information from an affected device. The vulnerability is due to insufficient protection of confidential information on an affected device. An attacker at any...
DEBIAN-CVE-2020-14311
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow...
CVE-2020-14311
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow...
CVE-2020-14311
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow...