4208 matches found
CVE-2018-6552
Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The issamens function...
CVE-2018-6552
CVE-2018-6552 affects the Ubuntu Apport component. The vulnerability arises when Apport handles crashes originating from a PID namespace; if /proc// is missing, the code may forward the crash using the container’s pid in the global namespace. This can allow a local attacker to cause a denial of s...
CVE-2018-6552
Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The issamens function...
UBUNTU-CVE-2018-6552
Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The issamens function...
CVE-2018-5256
CoreOS Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-tectonic.3 mounts a direct proxy to the kubernetes cluster at /api/kubernetes/ which is accessible without authentication to Tectonic and allows an attacker to directly connect to the kubernetes API server. Unauthenticated users...
Virtuozzo 7 : readykernel-patch (VZA-2018-026)
According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - It was discovered that nfnlcthelperlist structure was accessible to any user with CAPNETADMIN capability in a networ...
Virtuozzo 7 : readykernel-patch (VZA-2018-024)
According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - It was discovered that nfnlcthelperlist structure was accessible to any user with CAPNETADMIN capability in a networ...
Kernel security update: Virtuozzo ReadyKernel patch 49.0 for Virtuozzo 7.0.7 and 7.0.7 HF2
The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to Virtuozzo 7.0 kernels 3.10.0-693.17.1.vz7.43.10 7.0.7 and 3.10.0-693.21.1.vz7.46.7 7.0.7 HF2. Vulnerability id: CVE-2017-17448 It was discovered that nfnlcthelperlist structure was...
Microsoft Windows 10: Create permanent shared objects
This user right determines which accounts can be used by processes to create a directory object by using the object manager. Directory objects include Active Directory objects, files and folders, printers, registry keys, processes, and threads. Users who have this capability can create permanent...
Important: Red Hat Security Advisory: kernel security and bug fix update
An update for kernel is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity
The netlinkdelivertapskb function in net/netlink/afnetlink.c in the Linux kernel, through 4.14.4, does not restrict observations of Netlink messages to a single net namespace, when CONFIGNLMON is enabled. This allows local users to obtain sensitive information by leveraging the CAPNETADMIN...
kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity
The netlinkdelivertapskb function in net/netlink/afnetlink.c in the Linux kernel, through 4.14.4, does not restrict observations of Netlink messages to a single net namespace, when CONFIGNLMON is enabled. This allows local users to obtain sensitive information by leveraging the CAPNETADMIN...
kernel: Missing capabilities check in net/netfilter/nfnetlink_cthelper.c allows for unprivileged access to systemwide nfnl_cthelper_list structure
The net/netfilter/nfnetlinkcthelper.c function in the Linux kernel through 4.14.4 does not require the CAPNETADMIN capability for new, get, and del operations. This allows local users to bypass intended access restrictions because the nfnlcthelperlist data structure is shared across all net...
kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity
The netlinkdelivertapskb function in net/netlink/afnetlink.c in the Linux kernel, through 4.14.4, does not restrict observations of Netlink messages to a single net namespace, when CONFIGNLMON is enabled. This allows local users to obtain sensitive information by leveraging the CAPNETADMIN...
kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity
The netlinkdelivertapskb function in net/netlink/afnetlink.c in the Linux kernel, through 4.14.4, does not restrict observations of Netlink messages to a single net namespace, when CONFIGNLMON is enabled. This allows local users to obtain sensitive information by leveraging the CAPNETADMIN...
kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity
The netlinkdelivertapskb function in net/netlink/afnetlink.c in the Linux kernel, through 4.14.4, does not restrict observations of Netlink messages to a single net namespace, when CONFIGNLMON is enabled. This allows local users to obtain sensitive information by leveraging the CAPNETADMIN...
Important: Red Hat Security Advisory: kernel-alt security, bug fix, and enhancement update
An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
GitLab Authorization Bypass Vulnerability
GitLab is a set of open source applications developed using Ruby on Rails to implement a self-hosted Git version control system project repository , which has features similar to Github , you can access the project's file content , commit history , bug lists , etc. GitLab Community Edition CE is...
CVE-2017-0920
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance...
Authorization
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance...