Lucene search
K

6 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Qemu

A flaw was discovered in the implementation of the QEMU virtio-fs shared file system daemon virtiofsd. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in directories shared by virtio-fs, with unintended group ownership. This occurs in a scenario where a...

7.8CVSS7.1AI score0.00332EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2024/08/05 7:0 a.m.7 views

A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.

...

7.8CVSS8.4AI score0.0101EPSS
Exploits2
SUSE CVE
SUSE CVE
added 2023/02/15 6:7 a.m.5 views

SUSE CVE-2008-4210

fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable...

4.6CVSS6.8AI score0.02141EPSS
Exploits2References8
RedHat Linux
RedHat Linux
added 2022/05/10 1:43 p.m.9 views

kernel: security regression for CVE-2018-13405

A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belon...

7.8CVSS6.8AI score0.0101EPSS
Exploits2References6
OpenVAS
OpenVAS
added 2009/03/23 12:0 a.m.21 views

Ubuntu: Security Advisory (USN-679-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS5.7AI score0.0368EPSS
Exploits7References2
Ubuntu
Ubuntu
added 2008/11/27 5:43 p.m.78 views

USN-679-1: Linux kernel vulnerabilities

It was discovered that the Xen hypervisor block driver did not correctly validate requests. A user with root privileges in a guest OS could make a malicious IO request with a large number of blocks that would crash the host OS, leading to a denial of service. This only affected Ubuntu 7.10...

7.8CVSS7.1AI score0.0368EPSS
Exploits7
Rows per page
Query Builder