19 matches found
GO-2025-4100 containerd affected by a local privilege escalation via wide permissions on CRI directory in github.com/containerd/containerd
containerd affected by a local privilege escalation via wide permissions on CRI directory in github.com/containerd/containerd...
CVE-2024-25621 containerd affected by a local privilege escalation via wide permissions on CRI directory
containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths /var/lib/containerd,...
EUVD-2014-0096
Malware in sbrugna...
Rakuraku PC Cloud Agent 安全漏洞
Rakuraku PC Cloud Agent is a cloud environment client. A security vulnerability exists in SS1 Ver.13.0.0.40 and earlier versions, Rakuraku PC Cloud Agent Ver.2.1.8 and earlier versions, which stems from incorrect access control. An attacker could use this vulnerability to bypass access restrictio...
SUSE CVE-2019-12439
bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories in /tmp as a mount point. In some particular configurations related to XDGRUNTIMEDIR, a local attacker may abuse this flaw to prevent other users from executing bubblewrap or potentially execute code...
Cisco Webex Teams Windows Client DLL Hijacking Vulnerability
Cisco Webex Teams is a comprehensive communications application designed to provide you with all the necessary tools and the right environment to enhance team collaboration. A DLL hijacking vulnerability exists in the loading mechanism of specific DLLs in Cisco Webex Teams Windows clients...
OPENSUSE-SU-2020:1564-1 Security update for libqt5-qtbase
This update for libqt5-qtbase fixes the following issues: - CVE-2020-17507: Fixed a buffer overflow in XBM parser bsc1176315 - Fixed various issues discovered by fuzzing: - Made handling of XDGRUNTIMEDIR more secure bsc1172515: This update was imported from the SUSE:SLE-15-SP2:Update update proje...
SUSE-SU-2020:2751-1 Security update for libqt5-qtbase
This update for libqt5-qtbase fixes the following issues: - CVE-2020-17507: Fixed a buffer overflow in XBM parser bsc1176315 - Made handling of XDGRUNTIMEDIR more secure bsc1172515...
bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories in /tmp as a mount point. In some particular configurations (related to XDG_RUNTIME_DIR) a local attacker may abuse this flaw to prevent other users from executing bubblewrap or potentially execute code.
...
bubblewrap: temporary directory misuse as mount point
bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories in /tmp as a mount point. In some particular configurations related to XDGRUNTIMEDIR, a local attacker may abuse this flaw to prevent other users from executing bubblewrap or potentially execute code...
DEBIAN-CVE-2019-12439
bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories in /tmp as a mount point. In some particular configurations related to XDGRUNTIMEDIR, a local attacker may abuse this flaw to prevent other users from executing bubblewrap or potentially execute code...
UBUNTU-CVE-2019-12439
bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories in /tmp as a mount point. In some particular configurations related to XDGRUNTIMEDIR, a local attacker may abuse this flaw to prevent other users from executing bubblewrap or potentially execute code...
UBUNTU-CVE-2018-14659
The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GFXATTRIOSTATSDUMPKEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr2' to trigger a state dump and create...
Directory traversal
The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GFXATTRIOSTATSDUMPKEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr2' to trigger a state dump and create...
CVE-2018-14659
The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GFXATTRIOSTATSDUMPKEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr2' to trigger a state dump and create...
CVE-2018-14659
The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GFXATTRIOSTATSDUMPKEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr2' to trigger a state dump and create...
DEBIAN-CVE-2018-14659
The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GFXATTRIOSTATSDUMPKEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr2' to trigger a state dump and create...
CVE-2018-14659
The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GFXATTRIOSTATSDUMPKEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr2' to trigger a state dump and create...
PYSEC-2014-95
Race condition in the xdg.BaseDirectory.getruntimedir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once th...