sssd: shell command injection in sssctl

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest...

sssd: shell command injection in sssctl

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest...

sssd: shell command injection in sssctl

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest...

SSSD 操作系统命令注入漏洞

SSSD is a daemon that provides access to local or remote identity and authentication resources. SSSD suffers from an operating system command injection vulnerability that stems from a flaw found in SSSD where the ssssctl command can easily inject shell commands via the log -fetch and cache-expire...

UBUNTU-CVE-2021-3621

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest...

Security Bulletin: Vulnerability in npm affects IBM VM Recovery Manager DR

Summary There is vulnerability in npm which affects IBM VM Recovery Manager DR Vulnerability Details Third Party Entry: 184667 DESCRIPTION: Node.js npm-registry-fetch module could allow a remote attacker to obtain sensitive information, caused by the storing of user credentials in the log file. B...

CVE-2021-29657

arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka CID-a58d9166a756. This occurs because of a TOCTOU race condition associated with a VMCB12 double fetch in...

Race condition

arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka CID-a58d9166a756. This occurs because of a TOCTOU race condition associated with a VMCB12 double fetch in...

PDF2JSON XRef::fetch Denial of Service Vulnerability

PDF2JSON is a conversion library based on XPDF 3.02 that can be used to convert PDF pages page by page to JSON and XML formats. A security vulnerability exists in the XRef::fetch function in PDF2JSON version 0.70. An attacker could exploit this vulnerability to cause a denial of service...

CVE-2020-19464

An issue has been found in function XRef::fetch in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a stack overflow...

CVE-2020-19464

An issue has been found in function XRef::fetch in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a stack overflow...

PDF2JSON 缓冲区错误漏洞

PDF2JSON is a conversion library based on XPDF 3.02 that can be used to convert PDF pages page by page to JSON and XML formats. A security vulnerability exists in the XRef::fetch function in PDF2JSON version 0.70. An attacker could exploit this vulnerability to cause a denial of service...

PT-2021-10349 · Pdf2Json · Pdf2Json

Name of the Vulnerable Software and Affected Versions: PDF2JSON version 0.70 Description: The issue is related to a stack overflow in the XRef::fetch function, allowing attackers to cause a Denial of Service. Recommendations: For PDF2JSON version 0.70, consider disabling the XRef::fetch function ...

PT-2021-3682 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: The issue is related to a lack of protection against SQL injection attacks. This could allow a remote attacker to execute arbitrary code by sending specially crafted SQL queries. The problem...

The vulnerability of the fetch_interval_quantifier function in the Oniguruma library, related to reading data beyond the allowable buffer size, allows a hacker to trigger a service failure.

The vulnerability of the fetchintervalquantifier function in the Oniguruma library relates to reading data beyond the allowable buffer size. Exploiting this vulnerability could allow a malicious actor to cause service failures...

CVE-2021-32972

Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file specifying a URI that causes the XML parser to access the URI and embed the contents, which may allow the attacker to disclose information that is accessible in the context of the user executing softwa...

PT-2021-7962 · Sssd +10 · Sssd +10

Name of the Vulnerable Software and Affected Versions: SSSD affected versions not specified Description: The issue is related to the sssctl command in the SSSD service, which lacks input sanitization measures. This allows a remote attacker to exploit the vulnerability, potentially gaining access ...

Nextcloud: ApiService#fetch serves content as text/html and inline Content-Disposition

https://github.com/nextcloud/text/blame/0bc7c3300607d57ee512dbf61497daec23961a12/lib/Service/ApiService.phpL109-L120 Impact XSS...

SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2019:14124-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:14124-1 advisory. - A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable...

SUSE: Security Advisory (SUSE-SU-2015:2025-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...