Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders

Impact In Synapse versions before 1.120.1, enabling the dynamicthumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially invoking external tools like Ghostscript for processing. This significantly expands...

USN-6565-1: OpenSSH vulnerabilities

It was discovered that OpenSSH incorrectly handled supplemental groups when running helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand as a different user. An attacker could possibly use this issue to escalate privileges. This issue only affected Ubuntu 20.04 LTS...

A flaw in OpenSSH helper programs could lead to local privilege escalation

A flaw was found in OpenSSH. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. Depending on system configuration, inherite...

USN-5666-1: OpenSSH vulnerability

It was discovered that OpenSSH incorrectly handled certain helper programs. An attacker could possibly use this issue to arbitrary code execution...

USN-5666-1 openssh vulnerability

It was discovered that OpenSSH incorrectly handled certain helper programs. An attacker could possibly use this issue to arbitrary code execution...

Updated openssh packages fix security vulnerability

Updated openssh packages fix security vulnerability: sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and...

openSUSE 15 Security Update : openssh (openSUSE-SU-2021:3950-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:3950-1 advisory. - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental...

OpenSSH 6.2 < 8.8

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with...

Directory traversal

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260GHSA-qm7j-c969-7j4q. The fix for that bug still left the door open for an exploit where some credential is leaked but...

CVE-2020-11008

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260GHSA-qm7j-c969-7j4q. The fix for that bug still left the door open for an exploit where some credential is leaked but...

Ubuntu Update for util-linux vulnerability USN-533-1

Ubuntu Update for Linux kernel vulnerabilities USN-533-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5331.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for util-linux vulnerability USN-533-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

CVE-2005-1335

Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain privileges via 1 chfn, 2 chpass, and 3 chsh, which "use external helper programs in an insecure manner."...