Lucene search
K

66 matches found

osv
osv
added 2021/08/03 1:32 a.m.7 views

UVI-2021-1001169 scsi: target: Fix NULL dereference on XCOPY completion

scsi: target: Fix NULL dereference on XCOPY completion This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.13.6 by commit...

7.2AI score
Exploits0
bdu_fstec
bdu_fstec
added 2021/05/19 12:0 a.m.7 views

The vulnerability in the drivers/target/target_core_xcopy.c file of the Linux operating system allows an attacker to gain access to read, modify, add, or delete data.

The vulnerability of the drivers/target/targetcorexcopy.c in the Linux operating system is related to incorrect pathname restrictions for directories with restricted access. Exploiting this vulnerability allows an attacker, acting remotely, to gain access to read, modify, add, or delete data usin...

8.5CVSS6.4AI score0.06563EPSS
Exploits0References50Affected Software6
veracode
veracode
added 2021/05/07 11:56 a.m.33 views

Directory Traversal

tcmu-runner is vulnerable to directory traversal. A remote attacker is able to read or write files to an arbitrary location on the file system in an XCOPY request...

8.1CVSS4.9AI score0.02649EPSS
Exploits0References9Affected Software1
nessus
nessus
added 2021/03/23 12:0 a.m.56 views

Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerability (USN-4753-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4753-1 advisory. It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker wi...

8.1CVSS6.7AI score0.06563EPSS
Exploits0References2
osv
osv
added 2021/03/05 11:2 a.m.9 views

OESA-2021-1087 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In drivers/target/targetcorexcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY reques...

9.8CVSS6.7AI score0.06563EPSS
Exploits5References15
ubuntu
ubuntu
added 2021/02/25 7:1 a.m.162 views

USN-4753-1: Linux kernel (OEM) vulnerability

It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data...

8.1CVSS6.7AI score0.06563EPSS
Exploits0
osv
osv
added 2021/02/10 1:17 a.m.4 views

USN-4713-2 linux, linux-gke-5.0, linux-gke-5.3, linux-hwe, linux-raspi2-5.3 vulnerability

It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data...

8.1CVSS6.7AI score0.06563EPSS
Exploits0References2
ubuntu
ubuntu
added 2021/02/10 1:17 a.m.157 views

USN-4713-2: Linux kernel vulnerability

It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data...

8.1CVSS6.7AI score0.06563EPSS
Exploits0
ubuntu
ubuntu
added 2021/02/05 1:4 a.m.166 views

USN-4711-1: Linux kernel vulnerabilities

It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data...

8.1CVSS6.4AI score0.06563EPSS
Exploits0
osv
osv
added 2021/02/05 1:4 a.m.8 views

USN-4711-1 linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities

It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data...

8.1CVSS6.7AI score0.06563EPSS
Exploits0References3
nessus
nessus
added 2021/02/04 12:0 a.m.32 views

Fedora 33 : tcmu-runner (2021-4a91649cf3)

The remote Fedora 33 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2021-4a91649cf3 advisory. - In drivers/target/targetcorexcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote...

8.1CVSS6.7AI score0.06563EPSS
Exploits0References2
ubuntu
ubuntu
added 2021/02/02 7:23 a.m.306 views

USN-4709-1: Linux kernel vulnerabilities

It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data...

9.3CVSS6.9AI score0.06563EPSS
Exploits3
osv
osv
added 2021/02/02 6:17 a.m.7 views

USN-4713-1 linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke-5.4, linux-gkeop-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerability

It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data...

8.1CVSS6.7AI score0.06563EPSS
Exploits0References2
ubuntu
ubuntu
added 2021/02/02 6:17 a.m.241 views

USN-4713-1: Linux kernel vulnerability

It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data...

8.1CVSS6.7AI score0.06563EPSS
Exploits0
openvas
openvas
added 2021/01/29 12:0 a.m.28 views

Ubuntu: Security Advisory (USN-4709-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS7.4AI score0.06563EPSS
Exploits3References2
openvas
openvas
added 2021/01/29 12:0 a.m.33 views

Ubuntu: Security Advisory (USN-4713-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS8.3AI score0.06563EPSS
Exploits0References2
ubuntu
ubuntu
added 2021/01/28 1:41 p.m.131 views

USN-4707-1: TCMU vulnerability

It was discovered that TCMU lacked a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request...

8.1CVSS7.8AI score0.02649EPSS
Exploits0
nessus
nessus
added 2021/01/28 12:0 a.m.48 views

Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4711-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4711-1 advisory. It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY...

8.1CVSS6.6AI score0.06563EPSS
Exploits0References3
nessus
nessus
added 2021/01/28 12:0 a.m.52 views

Ubuntu 20.04 LTS : TCMU vulnerability (USN-4707-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4707-1 advisory. It was discovered that TCMU lacked a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY...

8.1CVSS7.8AI score0.02649EPSS
Exploits0References2
nessus
nessus
added 2021/01/28 12:0 a.m.69 views

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerability (USN-4713-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4713-1 advisory. It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An...

8.1CVSS6.8AI score0.06563EPSS
Exploits0References2
Rows per page
Query Builder