CVE-2025-3364 HGiga PowerStation - Chroot Escape

The SSH service of PowerStation from HGiga has a Chroot Escape vulnerability, allowing attackers with root privileges to bypass chroot restrictions and access the entire file system...

CVE-2025-3364

CVE-2025-3364 concerns HGiga PowerStation: the SSH service exposes a Chroot Escape vulnerability that, if exploited by a user with root privileges, bypasses chroot restrictions and grants access to the entire filesystem. Multiple sources (NVD, Red Hat, CVE records) describe the issue, but none pr...

PT-2025-15325 · Unknown · Powerstation

Name of the Vulnerable Software and Affected Versions: PowerStation affected versions not specified Description: The issue concerns a Chroot Escape vulnerability in the SSH service, allowing attackers with root privileges to bypass chroot restrictions and access the entire file system. This enabl...

HGiga PowerStation 安全漏洞

HGiga PowerStation is a network load balancing system from China Henderson HGiga. A security vulnerability exists in HGiga PowerStation, which stems from a chroot restriction bypass that could lead to privileged users accessing the entire file system...

sudo -- privilege escalation vulnerability through host and chroot options

Todd C. Miller reports, crediting Rich Mirch from Stratascale Cyber Research Unit CRU: Sudo 1.9.17p1: Fixed CVE-2025-32462. Sudo's -h --host option could be specified when running a command or editing a file. This could enable a local privilege escalation attack if the sudoers file allows the use...

PT-2024-19169 · Rancher +1 · Rancher +1

Name of the Vulnerable Software and Affected Versions: Rancher versions prior to 2.7.16 Rancher versions prior to 2.8.9 Rancher versions prior to 2.9.3 Description: A vulnerability has been identified in Rancher where a cluster or node driver can be used to escape the chroot jail and gain root...

USN-7046-1: Flatpak and Bubblewrap vulnerability

It was discovered that Flatpak incorrectly handled certain persisted directories. An attacker could possibly use this issue to read and write files in locations it would not normally have access to. A patch was also needed to Bubblewrap in order to avoid race conditions caused by this fix...

SUSE-SU-2024:3151-1 Security update for buildah

This update for buildah fixes the following issues: Update to version 1.35.4: Bump to Buildah v1.35.4 CVE-2024-3727 updates bsc1224117 integration test: handle new labels in 'bud and test --unsetlabel' Bump go-jose CVE-2024-28180 Bump ocicrypt and go-jose CVE-2024-28180 Update to version 1.35.3:...

[SECURITY] Fedora 40 Update: darkhttpd-1.16-1.fc40

darkhttpd is a secure, lightweight, fast and single-threaded HTTP/1.1 server. Features: Simple to set up: Single binary, no other files. Standalone, doesn't need inetd or ucspi-tcp. No messing around with config files. Written in C - efficient and portable. Small memory footprint. Event loop,...

CBL Mariner 2.0 Security Update: coreutils (CVE-2016-2781)

The version of coreutils installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2016-2781 advisory. - chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via...

go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients

A path traversal vulnerability was discovered in the go library go-git. This issue may allow an attacker to create and amend files across the filesystem when applications are using the default ChrootOS, potentially allowing remote code execution...

go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients

A path traversal vulnerability was discovered in the go library go-git. This issue may allow an attacker to create and amend files across the filesystem when applications are using the default ChrootOS, potentially allowing remote code execution...

CVE-2022-28657

Apport does not disable python crash handler before entering chroot...

CVE-2022-28657

Apport does not disable python crash handler before entering chroot...

CVE-2022-28657

Apport does not disable python crash handler before entering chroot...

CVE-2022-28657

Apport does not disable python crash handler before entering chroot...

RHEL 6 : coreutils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - coreutils: memory corruption flaw in parsedatetime CVE-2014-9471 - coreutils: Non-privileged session can...

RHEL 7 : coreutils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - coreutils: memory corruption flaw in parsedatetime CVE-2014-9471 - coreutils: Non-privileged session can...

RHEL 7 : coreutils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - coreutils: Non-privileged session can escape to the parent session in chroot CVE-2016-2781 - In GNU...

RHEL 6 : coreutils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - coreutils: Non-privileged session can escape to the parent session in chroot CVE-2016-2781 - In GNU...