91 matches found
RLSA-2023:0099 Moderate: virt:rhel and virt-devel:rhel security and bug fix update
Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting wi...
openSUSE 15 Security Update : firejail (openSUSE-SU-2022:10015-1)
The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2022:10015-1 advisory. - A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the...
Privilege Escalation
firejail is vulnerable to privilege escalation. The vulnerability exists due to a Privilege Context Switching issue allowing an attacker to craft a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target allowing a local attacker can enter an environment in...
CVE-2022-31214
A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user...
CVE-2022-31214
A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user...
CVE-2022-31214
A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user...
Design/Logic Flaw
A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user...
CVE-2022-31214
A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user...
CVE-2022-31214
A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user...
Photon OS 1.0: Docker PHSA-2021-1.0-0439
An update of the docker package has been released. - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where attempting to copy files using docker cp into a specially-crafted container can result in Unix file permission...
Design/Logic Flaw
containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory...
Design/Logic Flaw
D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600DIR-2640 stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users...
CVE-2021-34204
D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600DIR-2640 stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users...
CVE-2020-2016
A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account. This allows an attacker who has escaped the restricted shell as a low privilege administrator, possibly by exploiting anothe...
Race condition
A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account. This allows an attacker who has escaped the restricted shell as a low privilege administrator, possibly by exploiting anothe...
PAN-OS: Temporary file race condition vulnerability in PAN-OS leads to local privilege escalation
A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account. This allows an attacker who has escaped the restricted shell as a low privilege administrator, possibly by exploiting anothe...
EulerOS Virtualization for ARM 64 3.0.2.0 : libmirage (EulerOS-SA-2020-1565)
According to the versions of the libmirage package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - libMirage 3.2.2 in CDemu has a NULL pointer dereference in the NRG parser in parser.c.CVE-2019-15757 -...
CVE-2019-7656
A privilege escalation vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any unprivileged Linux user to escalate privileges to root. The installer sets too relaxed permissions on /usr/local/WowzaStreamingEngine/bin/ core program files. By injecting a payload into one of those files...
Privilege escalation
A privilege escalation vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any unprivileged Linux user to escalate privileges to root. The installer sets too relaxed permissions on /usr/local/WowzaStreamingEngine/bin/ core program files. By injecting a payload into one of those files...
CVE-2019-7656
A privilege escalation vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any unprivileged Linux user to escalate privileges to root. The installer sets too relaxed permissions on /usr/local/WowzaStreamingEngine/bin/ core program files. By injecting a payload into one of those files...