Lucene search
K

8 matches found

OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.18 views

Mageia: Security Advisory (MGASA-2018-0314)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.6AI score0.02068EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.16 views

Fedora 28 : cantata (2018-d1f6c8957f)

Latest upstream release, omits some mounting code found to be insecure and not well tested. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possib...

9.8CVSS7.1AI score0.02068EPSS
Exploits0References5
Mageia
Mageia
added 2018/07/13 7:1 p.m.53 views

Updated cantata packages fix security vulnerability

The mount target path check in mounter.cpp 'mpOk' is insufficient. A regular user can this way mount a CIFS filesystem anywhere, and not just beneath /home by passing relative path components CVE-2018-12559. Arbitrary unmounts can be performed by regular users the same way CVE-2018-12560. A regul...

9.8CVSS1.6AI score0.02068EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/07/09 12:0 a.m.21 views

Fedora 27 : cantata (2018-9296823b6c)

Latest upstream release, omits some mounting code found to be insecure and not well tested. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possib...

9.8CVSS7.1AI score0.02068EPSS
Exploits0References5
ArchLinux
ArchLinux
added 2018/06/20 12:0 a.m.27 views

[ASA-201806-12] cantata: multiple issues

Arch Linux Security Advisory ASA-201806-12 ========================================== Severity: High Date : 2018-06-20 CVE-ID : CVE-2018-12559 CVE-2018-12560 CVE-2018-12561 CVE-2018-12562 Package : cantata Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-721 Summary...

9.8CVSS1.1AI score0.02068EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2018/06/19 5:29 a.m.24 views

CVE-2018-12562

An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards such as in an injected string:/home/../tmp/ string...

9.8CVSS7.2AI score0.01661EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/06/19 5:0 a.m.28 views

CVE-2018-12562

An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards such as in an injected string:/home/../tmp/ string...

9.4AI score0.01661EPSS
Exploits0References2
CVE
CVE
added 2018/06/19 5:0 a.m.50 views

CVE-2018-12562

Cantata (Cantata mounter D-Bus service) up to version 2.3.1 is affected by CVE-2018-12562 due to the wrapper script mount.cifs.wrapper using the shell to forward arguments to mount.cifs, allowing wildcard expansion and potential argument manipulation. The Mageia advisory notes this alongside CVEs...

9.8CVSS9.2AI score0.01661EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder