sssd: shell command injection in sssctl

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest...

sssd: shell command injection in sssctl

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest...

UBUNTU-CVE-2021-3621

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest...

SSSD 操作系统命令注入漏洞

SSSD is a daemon that provides access to local or remote identity and authentication resources. SSSD suffers from an operating system command injection vulnerability that stems from a flaw found in SSSD where the ssssctl command can easily inject shell commands via the log -fetch and cache-expire...

Security Bulletin: Vulnerability in npm affects IBM VM Recovery Manager DR

Summary There is vulnerability in npm which affects IBM VM Recovery Manager DR Vulnerability Details Third Party Entry: 184667 DESCRIPTION: Node.js npm-registry-fetch module could allow a remote attacker to obtain sensitive information, caused by the storing of user credentials in the log file. B...

CVE-2021-29657

arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka CID-a58d9166a756. This occurs because of a TOCTOU race condition associated with a VMCB12 double fetch in...

Race condition

arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka CID-a58d9166a756. This occurs because of a TOCTOU race condition associated with a VMCB12 double fetch in...

PDF2JSON XRef::fetch Denial of Service Vulnerability

PDF2JSON is a conversion library based on XPDF 3.02 that can be used to convert PDF pages page by page to JSON and XML formats. A security vulnerability exists in the XRef::fetch function in PDF2JSON version 0.70. An attacker could exploit this vulnerability to cause a denial of service...

CVE-2020-19464

An issue has been found in function XRef::fetch in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a stack overflow...

CVE-2020-19464

An issue has been found in function XRef::fetch in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a stack overflow...

PT-2021-10349 · Pdf2Json · Pdf2Json

Name of the Vulnerable Software and Affected Versions: PDF2JSON version 0.70 Description: The issue is related to a stack overflow in the XRef::fetch function, allowing attackers to cause a Denial of Service. Recommendations: For PDF2JSON version 0.70, consider disabling the XRef::fetch function ...

PDF2JSON 缓冲区错误漏洞

PDF2JSON is a conversion library based on XPDF 3.02 that can be used to convert PDF pages page by page to JSON and XML formats. A security vulnerability exists in the XRef::fetch function in PDF2JSON version 0.70. An attacker could exploit this vulnerability to cause a denial of service...

PT-2021-3682 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: The issue is related to a lack of protection against SQL injection attacks. This could allow a remote attacker to execute arbitrary code by sending specially crafted SQL queries. The problem...

CVE-2021-32972

Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file specifying a URI that causes the XML parser to access the URI and embed the contents, which may allow the attacker to disclose information that is accessible in the context of the user executing softwa...

PT-2021-7962 · Sssd +10 · Sssd +10

Name of the Vulnerable Software and Affected Versions: SSSD affected versions not specified Description: The issue is related to the sssctl command in the SSSD service, which lacks input sanitization measures. This allows a remote attacker to exploit the vulnerability, potentially gaining access ...

Nextcloud: ApiService#fetch serves content as text/html and inline Content-Disposition

https://github.com/nextcloud/text/blame/0bc7c3300607d57ee512dbf61497daec23961a12/lib/Service/ApiService.phpL109-L120 Impact XSS...

SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2019:14124-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:14124-1 advisory. - A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable...

SUSE: Security Advisory (SUSE-SU-2015:2025-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Repository index file allows for duplicates of the same chart entry in helm

Impact During a security audit of Helm's code base, security researchers at Trail of Bits identified a bug in which the a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs...

JetBrains IntelliJ IDEA Local Code Execution Vulnerability

Jetbrains JetBrains IntelliJ IDEA is a Czech JetBrains integrated development environment for the Java language . A local code execution vulnerability exists in JetBrains IntelliJ IDEA versions prior to 2020.3.3. The vulnerability stems from an insufficient check when the VCS fetches the project...