4208 matches found
CVE-2017-0920
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance...
CVE-2017-0920
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance...
MGASA-2018-0177 Updated shadow-utils packages fix security vulnerability
Privilege escalation in newgidmap, which allowed an unprivileged user to be placed in a user namespace where setgroups2 is allowed CVE-2018-7169...
Updated shadow-utils packages fix security vulnerability
Privilege escalation in newgidmap, which allowed an unprivileged user to be placed in a user namespace where setgroups2 is allowed CVE-2018-7169...
SUSE-SU-2018:0662-1 Security update for shadow
This update for shadow fixes the following issues: - CVE-2018-7169: Fixed an privilege escalation in newgidmap, which allowed an unprivileged user to be placed in a user namespace where setgroups2 is allowed. bsc1081294...
Microsoft Windows - Global Reparse Point Security Feature BypassElevation of Privilege
Microsoft Windows - Global Reparse Point Security Feature BypassElevation of Privilege Windows: Global Reparse Point Security Feature Bypass/Elevation of Privilege Platform: Windows 10 1709 functionality not present prior to this version Class: Security Feature Bypass/Elevation of Privilege...
CVE-2018-7169
An issue was discovered in newgidmap, in shadow-utils, that allows an unprivileged user to be placed in a user namespace where setgroups is permitted. An attacker could use this flaw to remove himself from a supplementary group, which may allow access to certain filesystem paths, if the...
CVE-2018-7169
An issue was discovered in shadow 4.5. newgidmap in shadow-utils is setuid and allows an unprivileged user to be placed in a user namespace where setgroups2 is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if...
Privilege escalation
An issue was discovered in shadow 4.5. newgidmap in shadow-utils is setuid and allows an unprivileged user to be placed in a user namespace where setgroups2 is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if...
CVE-2018-7169
An issue was discovered in shadow 4.5. newgidmap in shadow-utils is setuid and allows an unprivileged user to be placed in a user namespace where setgroups2 is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if...
UBUNTU-CVE-2018-7169
An issue was discovered in shadow 4.5. newgidmap in shadow-utils is setuid and allows an unprivileged user to be placed in a user namespace where setgroups2 is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if...
DEBIAN-CVE-2018-7169
An issue was discovered in shadow 4.5. newgidmap in shadow-utils is setuid and allows an unprivileged user to be placed in a user namespace where setgroups2 is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if...
CVE-2018-7169
An issue was discovered in shadow 4.5. newgidmap in shadow-utils is setuid and allows an unprivileged user to be placed in a user namespace where setgroups2 is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if...
Apport / ABRT chroot Privilege Escalation Exploit
This Metasploit module attempts to gain root privileges on Linux systems by invoking the default coredump handler inside a namespace "container". Apport versions 2.13 through 2.17.x before 2.17.1 on Ubuntu are vulnerable, due to a feature which allows forwarding reports to a container's Apport by...
CVE-2017-14180
Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability tha...
CVE-2017-14180
Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability tha...
Code injection
Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers...
CVE-2017-14179
Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers...
CVE-2017-14179
Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers...
Code injection
Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability tha...