Client-Side Enforcement of Server-Side Security

Overview jupyterlab is a JupyterLab computational environment. Affected versions of this package are vulnerable to Client-Side Enforcement of Server-Side Security via improper enforcement of the allowedextensionsuris. An attacker can gain unauthorized access to install unapproved extensions by...

MiracleLinux 7 : openssh-7.4p1-16.el7 (AXSA:2018-2845:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-2845:01 advisory. openssh: Improper write operations in readonly mode allow for zero-length file creation CVE-2017-15906 Tenable has extracted the preceding description block...

TencentOS Server 2: openssh (TSSA-2023:0327)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0327 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

EUVD-2017-7325

Malware in sbrugna...

CVE-2024-47690 f2fs: get rid of online repaire on corrupted directory

In the Linux kernel, the following vulnerability has been resolved: f2fs: get rid of online repaire on corrupted directory syzbot reports a f2fs bug as below: kernel BUG at fs/f2fs/inode.c:896! RIP: 0010:f2fsevictinode+0x1598/0x15c0 fs/f2fs/inode.c:896 Call Trace: evict+0x532/0x950 fs/inode.c:704...

SUSE CVE-2017-15906

The processopen function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files...

libvirt: virsh domhostname command discloses guest hostname in readonly mode

An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block...

SUSE-SU-2019:1285-1 Security update for libvirt

This update for libvirt fixes the following issues: Security issue fixed: - CVE-2019-3886: Fixed an information leak which allowed to retrieve the guest hostname under readonly mode bsc1131595...

EulerOS 2.0 SP2 : openssh (EulerOS-SA-2018-1141)

According to the version of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The processopen function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attacker...

openssh: Improper write operations in readonly mode allow for zero-length file creation

The processopen function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files...

BSA-2018-538

Security Advisory ID : BSA-2018-538 Component : OpenSSH Revision : 2.0: Final The processopen function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. Affected Products Security updates have be...

Updated openssh packages fix security vulnerability

It was found that the boundary checks in the code implementing support for pre-authentication compression could have been optimized out by certain compilers. An attacker able to compromise the privilege-separated process could possibly use this flaw for further attacks against the privileged...

CVE-2017-15906

The processopen function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files...

DEBIAN-CVE-2017-15906

The processopen function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files...

ALPINE-CVE-2017-15906

The processopen function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files...

CVE-2017-15906

The processopen function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files...

CVE-2017-15906

OpenSSH OpenSSH sftp-server.c contains a write-blocking flaw in readonly mode that can let an attacker create zero-length files. Specifically, the process_open function in sftp-server.c mishandles write operations when in read-only mode, affecting OpenSSH versions prior to 7.6. The vulnerability ...

CVE-2017-15906

The processopen function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files...

CVE-2017-15906

The processopen function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files...

UBUNTU-CVE-2017-15906

The processopen function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files...