go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients

A path traversal vulnerability was discovered in the go library go-git. This issue may allow an attacker to create and amend files across the filesystem when applications are using the default ChrootOS, potentially allowing remote code execution...

CVE-2022-28657

Apport does not disable python crash handler before entering chroot...

CVE-2022-28657

Apport does not disable python crash handler before entering chroot...

CVE-2022-28657

Apport does not disable python crash handler before entering chroot...

CVE-2022-28657

Apport does not disable python crash handler before entering chroot...

RHEL 7 : coreutils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - coreutils: memory corruption flaw in parsedatetime CVE-2014-9471 - coreutils: Non-privileged session can...

RHEL 6 : coreutils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - coreutils: memory corruption flaw in parsedatetime CVE-2014-9471 - coreutils: Non-privileged session can...

RHEL 7 : coreutils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - coreutils: Non-privileged session can escape to the parent session in chroot CVE-2016-2781 - In GNU...

RHEL 6 : coreutils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - coreutils: Non-privileged session can escape to the parent session in chroot CVE-2016-2781 - In GNU...

An information disclosure flaw was found in Buildah when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials).

...

ROS-20240410-22

Vulnerability of chroot build environment manager for creating RPM packages Mock is related to insufficient validation of the of input data. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

Exploit for Embedded Malicious Code in Tukaani Xz

CVE-2024-3094 SSH Backdoor Container Env This is an environme...

go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients

A path traversal vulnerability was discovered in the go library go-git. This issue may allow an attacker to create and amend files across the filesystem when applications are using the default ChrootOS, potentially allowing remote code execution...

The vulnerability of the chroot environment manager used for creating RPM packages for Mock allows for arbitrary code execution due to insufficient input validation.

The vulnerability of the chroot environment manager used for creating RPM packages for Mock is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

DEBIAN-CVE-2023-49569

A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootO...

PT-2024-13749

Name of the Vulnerable Software and Affected Versions go-git versions prior to v5.11 Description A path traversal vulnerability was discovered in go-git, allowing an attacker to create and amend files across the filesystem. In the worst-case scenario, remote code execution could be achieved...

Rocky Linux 8 : container-tools:2.0 (RLSA-2021:4221)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4221 advisory. - An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds e.g. Dockerfile RUN...

Rocky Linux 8 : container-tools:3.0 (RLSA-2021:4222)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4222 advisory. - An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds e.g. Dockerfile RUN...

SUSE CVE-2015-3315

Automatic Bug Reporting Tool ABRT allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on 1 /var/tmp/abrt//maps, 2 /tmp/jvm-/hserror.log, 3 /proc//exe, 4 /etc/os-release in a chroot, or 5 an unspecified root directory relate...

GLSA-202309-12 : sudo: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202309-12 sudo: Multiple Vulnerabilities - Sudo before 1.9.13p2 has a double free in the per-command chroot feature. CVE-2023-27320 - Sudo before 1.9.13 does not escape control characters in log messages. CVE-2023-28486 - Sudo...