https://security-tracker.debian.org/tracker/DSA-5726-1
In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the target directory on the client side. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.
Принтер да Сканер нет Копир да Факс опционально Тип печати монохромная лазерная Формат A3 Двусторонняя печать да Автоподатчик опционально Емкость лотка подачи бумаги 1100 листов Скорость печати (А4, ч/б) 26 стр/мин Интерфейс… Sharp AR-5726 Принтер да Сканер нет Копир да Факс…
Multiple cross-site scripting (XSS) vulnerabilities in Cloudera Manager 5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Template Name field when renaming a template; (2) KDC Server host, (3) Kerberos Security Realm, (4) Kerberos Encryption Types, (5) Advanced Configuration Snippet (Safety Vavle) for [libdefaults] section of krb5.conf, (6) Advanced Configuration Snippet (Safety Vavle) for the Default Realm in krb5.conf, (7) Advanced Configuration Snippet (Safety…