CVE-2019-3902
A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial’s path-checking logic and write files outside a repository.
Source: CVE-2019-3902
CVE-2019-3902
A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial’s path-checking logic and write files outside a repository.
Source: CVE-2019-3902
CVE-2016-1584
In all versions of Unity8 a running but not active application on a large-screen device could talk with Maliit and consume keyboard input.
Source: CVE-2016-1584
CVE-2016-1579
UDM provides support for running commands after a download is completed, this is currently made use of for click package installation. This functionality was not restricted to unconfined applications. Before UDM version 1.2+16.04.20160408-0ubuntu1 any confined application could make use of the UDM C++ API to run arbitrary commands in an unconfined environment as the phablet user.
Source: CVE-2016-1579
CVE-2016-1586
A malicious webview could install long-lived unload handlers that re-use an incognito BrowserContext that is queued for destruction in versions of Oxide before 1.18.3.
Source: CVE-2016-1586
CVE-2016-1585
In all versions of AppArmor mount rules are accidentally widened when compiled.
Source: CVE-2016-1585
CVE-2019-3899
It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only affects heketi as shipped with Openshift Container Platform 3.11.
Source: CVE-2019-3899
CVE-2016-1587
The Snapweb interface before version 0.21.2 was exposing controls to install or remove snap packages without controlling the identity of the user, nor the origin of the connection. An attacker could have used the controls to remotely add a valid, but malicious, snap package, from the Store, potentially using system resources without permission from the legitimate administrator of the system.
Source: CVE-2016-1587
CVE-2019-6155
A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service.
Source: CVE-2019-6155
CVE-2019-11454
Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation.
Source: CVE-2019-11454
CVE-2019-3901
A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8.
Source: CVE-2019-3901