CVE-2020-8833 Apport race condition in crash report permissions

Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protectedsymlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash...

EulerOS Virtualization 3.0.2.2 : coreutils (EulerOS-SA-2020-1484)

According to the version of the coreutils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during...

Huawei EulerOS: Security Advisory for coreutils (EulerOS-SA-2020-1484)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-20496

cPanel before 82.0.18 allows attackers to conduct arbitrary chown operations as root during log processing SEC-532...

CVE-2019-20496

cPanel before 82.0.18 allows attackers to conduct arbitrary chown operations as root during log processing SEC-532...

Code injection

cPanel before 82.0.18 allows attackers to conduct arbitrary chown operations as root during log processing SEC-532...

CVE-2019-20496

cPanel before 82.0.18 allows attackers to conduct arbitrary chown operations as root during log processing SEC-532...

EulerOS Virtualization for ARM 64 3.0.2.0 : coreutils (EulerOS-SA-2020-1194)

According to the version of the coreutils package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a...

CVE-2020-7221

mysqlinstalldb in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of authpamtooldir/authpamtool. NOTE: this does not affect the Oracle MySQL product,...

UBUNTU-CVE-2020-7221

mysqlinstalldb in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of authpamtooldir/authpamtool. NOTE: this does not affect the Oracle MySQL product,...

CVE-2020-7221

Removed by vendor...

Linux: /etc/issue chown

/etc/issue is a text file which contains a message or system identification to be printed before the login prompt. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU...

CVE-2012-2087

ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface...

Input validation

ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface...

CVE-2012-2087

ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface...

Huawei EulerOS: Security Advisory for coreutils (EulerOS-SA-2019-2417)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for coreutils (EulerOS-SA-2019-2134)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux: SSH /etc/hosts.deny chown

The access control software consults two files. The search stops at the first match: - Access will be granted when a daemon, client pair matches an entry in the /etc/hosts.allow file. - Otherwise, access will be denied when a daemon, client pair matches an entry in the /etc/hosts.deny file. -...

Linux: SSH /etc/hosts.allow chown

The access control software consults two files. The search stops at the first match: - Access will be granted when a daemon, client pair matches an entry in the /etc/hosts.allow file. - Otherwise, access will be denied when a daemon, client pair matches an entry in the /etc/hosts.deny file. -...

Linux: SSH /etc/ssh/sshd_config chown

The /etc/ssh/sshdconfig file contains configuration specifications for sshd. This should be protected from unauthorized changes by non-privileged users. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or...