Code injection

The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service libvirtd crash by triggering a failed unlink after creating a volume on a rootsquash NFS pool...

CVE-2009-1072

nfsd in the Linux kernel before 2.6.28.9 does not drop the CAPMKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the rootsquash option...

CVE-2009-1072

nfsd in the Linux kernel before 2.6.28.9 does not drop the CAPMKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the rootsquash option...

CVE-2009-1072

nfsd in the Linux kernel before 2.6.28.9 does not drop the CAPMKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the rootsquash option...

CVE-2009-1072

CVE-2009-1072 affects the Linux kernel prior to 2.6.28.9. nfsd in the kernel does not drop the CAP_MKNOD capability before handling a user request in a thread, enabling local users on an exported filesystem using root_squash to create device nodes. MiracleLinux 3 lists this as fixed in kernel-2.6...

Cross site scripting

The NFS client implementation in the kernel in Red Hat Enterprise Linux RHEL 3, when a filesystem is mounted with the noacl option, checks permissions for the open system call via vfspermission mode bits data rather than an NFS ACCESS call to the server, which allows local client processes to...

CVE-2007-0004

The NFS client implementation in the kernel in Red Hat Enterprise Linux RHEL 3, when a filesystem is mounted with the noacl option, checks permissions for the open system call via vfspermission mode bits data rather than an NFS ACCESS call to the server, which allows local client processes to...