Lucene search
K

132 matches found

UbuntuCve
UbuntuCve
added 2018/07/05 6:29 p.m.19 views

CVE-2018-12021

Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When using the overlay option, a malicious user may access sensitive information by exploiting a few specific Singularity features...

6.8CVSS6.7AI score0.01596EPSS
Exploits0References3
OSV
OSV
added 2018/07/05 6:29 p.m.3 views

UBUNTU-CVE-2018-12021

Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When using the overlay option, a malicious user may access sensitive information by exploiting a few specific Singularity features...

6.5CVSS6.8AI score0.01596EPSS
Exploits0References4
OSV
OSV
added 2018/07/05 6:29 p.m.18 views

CVE-2018-12021

Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When using the overlay option, a malicious user may access sensitive information by exploiting a few specific Singularity features...

6.5CVSS6.3AI score
Exploits0References2
CVE
CVE
added 2018/07/05 6:0 p.m.117 views

CVE-2018-12021

CVE-2018-12021 affects Singularity releases 2.3.0–2.5.1, where an overlay filesystem access-control flaw may let a malicious user access sensitive information. Public references in OSV/GHSA show fixes in later releases (2.6.x), e.g., 2.6.0/2.6.1, addressing the overlay-propagation and access-cont...

6.8CVSS6.2AI score0.01596EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/07/05 6:0 p.m.25 views

CVE-2018-12021

Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When using the overlay option, a malicious user may access sensitive information by exploiting a few specific Singularity features...

6.3AI score0.01596EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2018/07/05 6:0 p.m.21 views

CVE-2018-12021

Removed by vendor...

6.8CVSS6.8AI score0.01596EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2016/09/15 7:39 a.m.5 views

kernel: vfs: missing detection of hardlinks in vfs_rename() on overlayfs

A flaw was found that the vfsrename function did not detect hard links on overlayfs. A local, unprivileged user could use the rename syscall on overlayfs on top of xfs to crash the system...

5.5CVSS7.1AI score0.00619EPSS
Exploits1References4
OSV
OSV
added 2016/08/30 4:47 p.m.4 views

USN-3070-4 linux-lts-xenial vulnerabilities

USN-3070-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. A missing permission check when settings ACLs was discovered in nfsd. A local user cou...

7.8CVSS7.4AI score0.15073EPSS
Exploits3References9
RedHat Linux
RedHat Linux
added 2016/08/02 6:21 p.m.4 views

kernel: Permission bypass on overlayfs during copy_up

The ovlsetattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application...

7.2CVSS6.9AI score0.22374EPSS
Exploits12References4
RedHat Linux
RedHat Linux
added 2016/08/02 6:21 p.m.7 views

kernel: Permission bypass on overlayfs during copy_up

The ovlsetattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application...

7.2CVSS6.9AI score0.22374EPSS
Exploits12References4
OSV
OSV
added 2016/05/02 10:59 a.m.2 views

DEBIAN-CVE-2016-1576

The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program...

7.8CVSS6.7AI score0.01061EPSS
Exploits2References1
OSV
OSV
added 2016/02/22 9:9 p.m.4 views

USN-2909-1 linux-lts-utopic vulnerabilities

halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. CVE-2016-1576 halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security...

7.8CVSS6.9AI score0.01061EPSS
Exploits4References4
Rows per page
Query Builder