Privilege escalation

A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices...

CVE-2020-35517

A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices...

CVE-2020-35517

A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices...

CVE-2020-35517

A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices...

Cisco Webex Teams Shared File Manipulation Vulnerability (cisco-sa-webex-teams-7ZMcXG99)

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cisco-sa-webex-teams-7ZMcXG99 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's...

CVE-2020-10717

A potential DoS flaw was found in the virtio-fs shared file system daemon virtiofsd implementation of the QEMU version = v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared...

Directory traversal

A potential DoS flaw was found in the virtio-fs shared file system daemon virtiofsd implementation of the QEMU version = v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared...

CVE-2020-10717

A potential DoS flaw was found in the virtio-fs shared file system daemon virtiofsd implementation of the QEMU version = v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared...

CVE-2020-10717

A potential DoS flaw was found in the virtio-fs shared file system daemon virtiofsd implementation of the QEMU version = v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared...

VMware Workstation Virtual Printer Elevation of Privilege Vulnerability

VMware Workstation is a desktop virtual computing software from VMware. A security vulnerability exists in the Virtual Printer module in VMware Workstation that stems from the program not validating a shared file submitted by a user before loading the path. An attacker could exploit the...

CVE-2020-9543

OpenStack Manila =8.0.0 =9.0.0 9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks...

Code injection

OpenStack Manila =8.0.0 =9.0.0 9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks...

CVE-2020-9543

OpenStack Manila =8.0.0 =9.0.0 9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks...

CVE-2020-9543

OpenStack Manila =8.0.0 =9.0.0 9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks...

UBUNTU-CVE-2020-9543

OpenStack Manila =8.0.0 =9.0.0 9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks...

CVE-2019-18384

An issue was discovered on TerraMaster FS-210 4.0.19 devices. An authenticated remote non-administrative user can read unauthorized shared files, as demonstrated by the filename=public%25252FadminOnlyRead.txt substring...

Theory PHP Common Vulnerabilities the second bomb: common contains the vulnerability-vulnerability warning-the black bar safety net

Contains generally divided into LFI, RFI, i.e., local file inclusion and remote file inclusion LFI For LFI while 因为 很 多 都 限制 了 包含 的 后缀 结尾 必须 为 .php Include $a.'. php'such as this. So we want to include our pictures of the horses while 那么 就 需要 截断 后面 的 这 .php 1. 0 0 truncated. Need gpc off &&...

FreeBSD : elasticsearch -- security fix for shared file-system repositories (23232028-1ba4-11e5-b43d-002590263bf5)

Elastic reports : Vulnerability Summary: All Elasticsearch versions from 1.0.0 to 1.5.2 are vulnerable to an attack that uses Elasticsearch to modify files read and executed by certain other applications. Remediation Summary: Users should upgrade to 1.6.0. Alternately, ensure that other...

UBUNTU-CVE-2014-9018

Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors...

CVE-2014-9018

Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors...