Cross-site Scripting (XSS) - Stored in octobercms/library

✍️ Description OctoberCMS uses october/rain library to handle file uploads. Previously it was possible to upload malicious files with HTML content to the CMS via its Media upload feature. This security issue marked as CVE-2020-15249 was fixed in 1.0.469. But it is still possible to upload XML...

GHSA-52P9-V744-MWJJ Remote code execution in Kramdown

Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated...

UBUNTU-CVE-2021-28834

Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated...

Thomas Leitner kramdown 安全漏洞

Thomas Leitner kramdown is Thomas Leitner an open source application . Provides a fast pure Ruby Markdown superset converter , using a strict syntax definition and support for several common extensions . Kramdown before 2.3.1 A security vulnerability exists because Kramdown does not restrict the...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9085)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9085 advisory. - xen-blkback: fix error handling in xenblkbkmap Jan Beulich Orabug: 32492109 CVE-2021-26930 - xen-scsiback: dont 'handle' error by BUG Jan Beulich...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9086)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9086 advisory. - xen-blkback: fix error handling in xenblkbkmap Jan Beulich Orabug: 32492109 CVE-2021-26930 - xen-scsiback: dont 'handle' error by BUG Jan Beulich...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2021-1480)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

atomic-openshift: cross-namespace owner references can trigger deletions of valid children

A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects...

PT-2021-7676 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.10.161 Description: A vulnerability in the io uring subsystem can leak kernel memory information to the user process. The timens install function calls current is single threaded to determine if the current...

Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (important)

openSUSE Security Update: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork Announcement ID: openSUSE-SU-2021:0278-1 Rating: important References: 1174075 1176708 1178801 1178969 1180243 1180401 1181730 1181732 Cross-References: CVE-2020-15257 CVE-2021-21284...

CVE-2020-16120

Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a...

AZL-6522 CVE-2020-16120 affecting package kernel for versions less than 5.10.78.1-1

Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a...

CVE-2020-16120

Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a...

Design/Logic Flaw

Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a...

CVE-2020-16120

The CVE-2020-16120 issue concerns Overlayfs in the Linux kernel where permission checks during copy-up were inadequate when used inside a user namespace. It was introduced in kernel 4.19 (ovl: stack file ops) and fixed in kernel 5.8 by patches that verify permissions in ovl_path_open(), switch to...

CVE-2020-16120 Unprivileged overlay + shiftfs read access

Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a...

Privilege Escalation

docker is vulnerable to privilege escalation. The --userns-remap option allows the root user in the remapped namespace, who has access to the host filesystem, to modify files under /var/lib/docker/ and write files with extended privileges...

Vulnerabilities fixed in Docker

Vulnerabilities have been fixed in Docker. A local malicious person can, by exploiting the vulnerability with attribute CVE-2021-21284, gain root privileges from the container on the vulnerable system. To exploit this vulnerability, the Docker daemon must be configured with the --userns-remap...

[ASA-202102-12] docker: multiple issues

Arch Linux Security Advisory ASA-202102-12 ========================================== Severity: Medium Date : 2021-02-06 CVE-ID : CVE-2021-21284 CVE-2021-21285 Package : docker Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-1528 Summary ======= The package docker...

EulerOS 2.0 SP9 : kata-containers (EulerOS-SA-2021-1245)

According to the version of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3....