29 matches found
EUVD-2018-4522
Malware in sbrugna...
The vulnerability of the MobileStorageMounter component for operating systems such as tvOS, iOS, iPadOS, and watchOS allows attackers to escalate their privileges.
The vulnerability of the MobileStorageMounter component for operating systems such as tvOS, iOS, iPadOS, and watchOS is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...
SUSE CVE-2018-12559
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp mpOk is insufficient. A regular user can consequently mount a CIFS filesystem anywhere e.g., outside of the /home directory tree by passing directory traversal sequenc...
SUSE CVE-2018-12561
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as filemode= by manipulating for example the domain parameter of the samba URL...
SUSE CVE-2018-12562
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards such as in an injected string:/home/../tmp/ string...
SUSE CVE-2018-12560
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring...
Fedora: Security Advisory for gnome-disk-utility (FEDORA-2021-303f6623fa)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2012-3409
ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation...
[SECURITY] Fedora 30 Update: gnome-disk-utility-3.32.1-2.fc30
This package contains the Disks and Disk Image Mounter applications. Disks supports partitioning, file system creation, encryption, fstab/crypttab editing, ATA SMART and other features...
Directory traversal
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp mpOk is insufficient. A regular user can consequently mount a CIFS filesystem anywhere e.g., outside of the /home directory tree by passing directory traversal sequenc...
DEBIAN-CVE-2018-12559
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp mpOk is insufficient. A regular user can consequently mount a CIFS filesystem anywhere e.g., outside of the /home directory tree by passing directory traversal sequenc...
CVE-2018-12561
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as filemode= by manipulating for example the domain parameter of the samba URL...
CVE-2018-12562
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards such as in an injected string:/home/../tmp/ string...
Code injection
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards such as in an injected string:/home/../tmp/ string...
CVE-2018-12559
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp mpOk is insufficient. A regular user can consequently mount a CIFS filesystem anywhere e.g., outside of the /home directory tree by passing directory traversal sequenc...
DEBIAN-CVE-2018-12562
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards such as in an injected string:/home/../tmp/ string...
CVE-2018-12560
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring...
DEBIAN-CVE-2018-12560
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring...
DEBIAN-CVE-2018-12561
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as filemode= by manipulating for example the domain parameter of the samba URL...
CVE-2018-12562
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards such as in an injected string:/home/../tmp/ string...