CVE-2019-11480

The pc-kernel snap build process hardcoded the --allow-insecure-repositories and --allow-unauthenticated apt options when creating the build chroot environment. This could allow an attacker who is able to perform a MITM attack between the build environment and the Ubuntu archive to install a...

Hardcoded credentials

The pc-kernel snap build process hardcoded the --allow-insecure-repositories and --allow-unauthenticated apt options when creating the build chroot environment. This could allow an attacker who is able to perform a MITM attack between the build environment and the Ubuntu archive to install a...

Restriction Bypass

The libcap packages is vulnerable to restrictions bypass. The capsh did not change into the new root when using the "--chroot" option. An application started via the "capsh --chroot" command could use this flaw to escape the chroot restrictions...

container-tools:ol8 security, bug fix, and enhancement update

buildah 1.11.6-4.0.1 - Fixes troubles with oracle registry login Orabug: 29937283 1.11.6-4 - compile in FIPS mode - Related: RHELPLAN-25138 1.11.6-3 - be sure to use golang = 1.12.12-4 - Related: RHELPLAN-25138 1.11.6-2 - fix chroot: unmount with MNTDETACH instead of UnmountMountpoints - bug...

[SECURITY] Fedora 31 Update: pure-ftpd-1.0.49-3.fc31

Pure-FTPd is a fast, production-quality, standard-comformant FTP server, based upon Troll-FTPd. Unlike other popular FTP servers, it has no known security flaw, it is really trivial to set up and it is especially designed for modern Linux and FreeBSD kernels setfsuid, sendfile, capabilities...

Huawei EulerOS: Security Advisory for sssd (EulerOS-SA-2019-1754)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-5221

In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in composeabspath. This has been fixed in versio...

CVE-2020-5221

In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in composeabspath. This has been fixed in versio...

Directory traversal

In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in composeabspath. This has been fixed in versio...

FreeBSD ftpd Remote Root Exploit

needs user account inside a chroot. ''' example reverse shells: [email protected] / uname -a;id; uname -a;id; FreeBSD r00tbox 10.0-RELEASE FreeBSD 10.0-RELEASE 0 r260789: Thu Jan 16 22:34:59 UTC 2014 [email protected]:/usr/obj/usr/src/sys/GENERIC amd64 uid=0root gid=0wheel groups=0wheel...

Dovecot 2.0.x < 2.0.13 Directory Traversal Vulnerability

Dovecot is prone to a directory traversal vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

SAP Business Objects Business Intelligence Platform CVE-2019-0395 Cross Site Scripting Vulnerability

Description SAP BusinessObjects Business Intelligence Platform is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context...

bind security and bug fix update

32:9.11.4-26.P2 - Permit explicit disabling of RSAMD5 in FIPS mode 1737407 32:9.11.4-25.P2 - Fix CVE-2018-5745 - Fix CVE-2019-6465 32:9.11.4-24.P2 - Do not override random numbers provider in DHCP 1668682 32:9.11.4-23.P2 - Report errors on invalid IDN 2008 names 1679307 32:9.11.4-22.P2 - Fix...

CVE-2013-1889

modruid2 before 0.9.8 improperly handles file descriptors which allows remote attackers to bypass security using a CGI script to break out of the chroot...

Design/Logic Flaw

modruid2 before 0.9.8 improperly handles file descriptors which allows remote attackers to bypass security using a CGI script to break out of the chroot...

CVE-2013-1889

modruid2 before 0.9.8 improperly handles file descriptors which allows remote attackers to bypass security using a CGI script to break out of the chroot...

UBUNTU-CVE-2013-1889

modruid2 before 0.9.8 improperly handles file descriptors which allows remote attackers to bypass security using a CGI script to break out of the chroot...

CVE-2013-1889

modruid2 before 0.9.8 improperly handles file descriptors which allows remote attackers to bypass security using a CGI script to break out of the chroot...

CVE-2013-1889

Removed by vendor...

Medium: sssd

Issue Overview: A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.CVE-2018-16838 A vulnerability was found in sss...