Lucene search
+L

385 matches found

RedHat Linux
RedHat Linux
added 2016/09/12 7:54 p.m.4 views

libarchive: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite

A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive...

7.5CVSS5.8AI score0.04707EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2016/09/12 7:54 p.m.49 views

Important: Red Hat Security Advisory: libarchive security update

An update for libarchive is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

7.5CVSS6.8AI score0.11992EPSS
Exploits3References8
RedHat Linux
RedHat Linux
added 2016/09/12 5:34 p.m.34 views

Important: Red Hat Security Advisory: Red Hat OpenShift Enterprise 3.1 security update

An update for Red Hat OpenShift Enterprise 3.1 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

7.5CVSS7.1AI score0.04707EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2016/09/12 5:34 p.m.127 views

libarchive: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite

A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive...

7.5CVSS5.8AI score0.04707EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2016/09/12 5:33 p.m.116 views

libarchive: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite

A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive...

7.5CVSS5.8AI score0.04707EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2016/09/12 3:18 p.m.24 views

CVE-2016-5418

A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive...

7.5CVSS1.5AI score0.04707EPSS
Exploits1References2
OSV
OSV
added 2016/08/06 8:59 p.m.5 views

DEBIAN-CVE-2016-6198

The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service system crash via a rename system call, related to fs/namei.c and fs/open.c...

5.5CVSS7AI score0.00613EPSS
Exploits1References1
OSV
OSV
added 2016/08/06 8:59 p.m.3 views

DEBIAN-CVE-2016-6197

fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service system crash via a rename system call that...

5.5CVSS7.7AI score0.00486EPSS
Exploits0References1
OSV
OSV
added 2016/08/06 8:59 p.m.11 views

UBUNTU-CVE-2016-6198

The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service system crash via a rename system call, related to fs/namei.c and fs/open.c...

5.5CVSS6.7AI score0.00613EPSS
Exploits1References4
OSV
OSV
added 2016/08/06 12:0 a.m.6 views

UBUNTU-CVE-2016-6197

fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service system crash via a rename system call that...

5.5CVSS6.7AI score0.00486EPSS
Exploits0References8
Hacker One
Hacker One
added 2016/05/28 2:20 p.m.34 views

GlassWire: Bypass GlassWire's monitoring of Hosts file

Product version: 1.2.64beta OS version: Windows 8.1 Enterprise x86 If a program modifies the Hosts file C:\Windows\System32\drivers\etc\hosts, GlassWire notifies the user that "system file changed" with the path of the hosts file see attachment "screenshothostschanged.png". I discover that a...

2.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.32 views

Fedora 22 : opensmtpd-5.7.3p1-1.fc22 (2015-fd133d52cc)

"Issues fixed in this release since 5.7.2: - fix an mda buffer truncation bug which allows a user to create forward files that pass session checks but fail delivery later down the chain, within the user mda; - fix remote buffer overflow in unprivileged pony process; - reworked offline enqueue to...

9.8CVSS9.1AI score0.04094EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.26 views

Fedora 23 : opensmtpd-5.7.3p1-1.fc23 (2015-ed1c673f09)

"Issues fixed in this release since 5.7.2: - fix an mda buffer truncation bug which allows a user to create forward files that pass session checks but fail delivery later down the chain, within the user mda; - fix remote buffer overflow in unprivileged pony process; - reworked offline enqueue to...

9.8CVSS9.1AI score0.04094EPSS
Exploits1References10
exploitpack
exploitpack
added 2015/12/02 12:0 a.m.33 views

Man-db 2.6.7.1 - Local Privilege Escalation

Man-db 2.6.7.1 - Local Privilege Escalation / EDB Note: man:man - man:root http://www.halfdog.net/Security/2015/SetgidDirectoryPrivilegeEscalation/ man:root - root:root http://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation/ CreateSetgidBinary.c...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2015/10/26 12:0 a.m.57 views

MacOS X 10.11 Hardlink Resource Exhaustion

/ MacOS X 10.11 hardlink bomb cause resource exhaustion Avast PoC Credit: Maksymilian Arciemowicz CXSECURITY Website: http://cxsecurity.com/ http://cert.cx/ Affected software: - Commands such as: zip, tar, find - AntiVirus: Avast, Eset32 Let's back to an old bug, which Apple does not patch until...

7.2CVSS9.6AI score0.0084EPSS
Exploits18
ArchLinux
ArchLinux
added 2015/10/08 12:0 a.m.27 views

opensmtpd: multiple issues

an oversight in the portable version of fgetln that allows attackers to read and write out-of-bounds memory - multiple denial-of-service vulnerabilities that allow local users to kill or hang OpenSMTPD - a stack-based buffer overflow that allows local users to crash OpenSMTPD, or execute...

9.7AI score0.04094EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2015/10/05 12:0 a.m.39 views

FreeBSD : OpenSMTPD -- multiple vulnerabilities (ee7bdf7f-11bb-4eea-b054-c692ab848c20)

OpenSMTPD developers report : an oversight in the portable version of fgetln that allows attackers to read and write out-of-bounds memory multiple denial-of-service vulnerabilities that allow local users to kill or hang OpenSMTPD a stack-based buffer overflow that allows local users to crash...

9.8CVSS9.2AI score0.04094EPSS
Exploits1References3
FreeBSD
FreeBSD
added 2015/10/04 12:0 a.m.15 views

OpenSMTPD -- multiple vulnerabilities

OpenSMTPD developers report: fix an mda buffer truncation bug which allows a user to create forward files that pass session checks but fail delivery later down the chain, within the user mda fix remote buffer overflow in unprivileged pony process reworked offline enqueue to better protect against...

4AI score
Exploits0References2
FreeBSD
FreeBSD
added 2015/10/02 12:0 a.m.28 views

OpenSMTPD -- multiple vulnerabilities

OpenSMTPD developers report: an oversight in the portable version of fgetln that allows attackers to read and write out-of-bounds memory multiple denial-of-service vulnerabilities that allow local users to kill or hang OpenSMTPD a stack-based buffer overflow that allows local users to crash...

9.8CVSS9.8AI score0.04094EPSS
Exploits1References1
seebug.org
seebug.org
added 2015/09/18 12:0 a.m.22 views

Mozilla Maintenance Service Log File Overwrite Elevation of Privilege

Source: https://code.google.com/p/google-security-research/issues/detail?id=427&can=1 Mozilla Maintenance Service: Log File Overwrite Elevation of Privilege Platform: Windows Version: Mozilla Firefox 38.0.5 Class: Elevation of Privilege Summary: The maintenance service creates a log file in a use...

7AI score
Exploits0
Rows per page
Query Builder