Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fs/9p: Fixed the issue of NULL pointer dereferencing when using mkdir. When a 9p tree was mounted with the posixacl option, the parent directory had a default ACL set for its subdirectories. For example: setfacl -m...

Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in Upsert Condition Field

Executive Summary A vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack is a single HTTP POST to /mutate?commitNow=true containing a...

EUVD-2018-17947

Malware in sbrugna...

CVE-2018-6185

In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apache Hadoop KMS: purge and undelete. The KMS ACL values for...

UBUNTU-CVE-2021-47320

In the Linux kernel, the following vulnerability has been resolved: nfs: fix acl memory leak of posixaclcreate When looking into another nfs xfstests report, I found acl and defaultacl in nfs3proccreate and nfs3procmknod error paths are possibly leaked. Fix them in advance...

Oracle Database Server CVE-2020-2510 Remote Security Vulnerability

Description Oracle Database Server is prone to a remote security vulnerability. The vulnerability can be exploited over the 'OracleNet' protocol. The 'Core RDBMS' component is affected. This vulnerability affects the following supported versions: 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c...

Oracle Hospitality OPERA 5 CVE-2020-2677 Remote Security Vulnerability

Description Oracle Hospitality OPERA 5 is prone to a remote security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'Login' component is affected. This vulnerability affects the following supported versions: 5.5, 5.6 Technologies Affected Oracle Hospitality OPERA ...

Design/Logic Flaw

In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apache Hadoop KMS: purge and undelete. The KMS ACL values for...

NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4 Server Operator to Administrator Privilege Escalation: System Key Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/182/info The default ACL over the HKEYLocalMachine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon key System value includes an entry for Server Operators:Special. The Special setting allows Server Ops to Set this...

ZoneAlarm产品多个本地权限提升漏洞

BUGTRAQ ID: 25365 CVECAN ID: CVE-2007-4216,CVE-2005-2932 ZoneAlarm是一款个人电脑防火墙，能保护个人数据和隐私安全。 ZoneAlarm的实现和安装上存在多个安全漏洞，本地攻击者可能利用此漏洞提升自己的权限。 ZoneAlarm产品vsdatant.sys设备驱动的IOCTL处理代码没有验证传送给IOCTL 0x8400000F和IOCTL...

DEBIAN-CVE-2007-2925

The default access control lists ACL in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache...