OPENSUSE-SU-2021:0348-1 Security update for pcp

This update for pcp fixes the following issues: - Drop unnecessary %pre/%post recursive chown calls bsc1152533 This update was imported from the SUSE:SLE-15-SP1:Update update project...

Security update for pcp (moderate)

openSUSE Security Update: Security update for pcp Announcement ID: openSUSE-SU-2021:0348-1 Rating: moderate References: 1152533 Affected Products: openSUSE Leap 15.2 An update that contains security fixes can now be installed. Description: This update for pcp fixes the following issues:- Drop...

SUSE SLED15 / SLES15 Security Update : pcp (SUSE-SU-2021:0565-1)

This update for pcp fixes the following issues : Drop unnecessary %pre/%post recursive chown calls bsc1152533 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as mu...

SUSE-SU-2021:0565-1 Security update for pcp

This update for pcp fixes the following issues: - Drop unnecessary %pre/%post recursive chown calls bsc1152533...

CVE-2020-12878

Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory...

CVE-2020-12878

Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory...

Directory traversal

Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory...

CVE-2020-12878

CVE-2020-12878 affects Digi ConnectPort X2e devices (pre-3.2.30.6). The issue enables local privilege escalation from the python user to root via a symlink attack involving /WEB/python/.ssh and /etc/init.d/S50dropbear.sh. Exploitation, as described, follows: (1) authenticate as the python user, (...

CVE-2020-12878

Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory...

Digi ConnectPort Backlink Vulnerability

Digi ConnectPort is a server from Digi ConnectPort Digi USA, Inc. It provides wireless communication. A security vulnerability exists in Digi ConnectPort X2e before 3.2.30.6, which allows an attacker to exploit the vulnerability to escalate the privileges of a python user to root via a symbolic...

CVE-2020-28935

NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for...

systemd: chown_one() can dereference symlinks

...

Privilege Escalation

HylaFAX+ is vulnerable to privilege escalation. The faxsetup utility calls performs chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root...

DEBIAN-CVE-2020-15396

In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root...

CVE-2020-15396

In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root...

CVE-2020-15396

In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root...

UBUNTU-CVE-2020-15396

In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root...

CVE-2020-15396

In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root...

kernel: denial of service in in xfs_setattr_nonsize in fs/xfs/xfs_iops.c

A flaw was found in the XFS file system in the Linux kernel. An acquired ILOCK was not freed/unlock when the call to xfsqmvopchownreserve fails and the lock is still held and can lead to denial to access for that device. This is primarily a local denial of service but could result in a remote...

Race condition

Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protectedsymlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash...