Lucene search
K

1649 matches found

RedHat Linux
RedHat Linux
added 2024/01/30 1:32 p.m.5 views

python: tarfile module directory traversal

A flaw was found in the Python tarfile module. Extracting a crafted TAR archive with the tarfile.extract or tarfile.extractall functions could lead to a directory traversal vulnerability, resulting in overwrite of arbitrary files...

9.8CVSS6.7AI score0.27095EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2024/01/09 12:0 a.m.36 views

SUSE SLED15: eclipse-jgit / jgit / jgit-javadoc / jsch / jsch-demo / etc (SUSE-SU-2024:0057-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0057-1 advisory. Security fix: - CVE-2023-4759: Fixed an arbitrary file overwrite which might have occurred with a special...

8.8CVSS7.4AI score0.01884EPSS
Exploits0References6
OSV
OSV
added 2024/01/08 8:36 a.m.7 views

SUSE-SU-2024:0057-1 Security update for eclipse-jgit, jsch

This update for eclipse-jgit, jsch fixes the following issues: Security fix: - CVE-2023-4759: Fixed an arbitrary file overwrite which might have occurred with a specially crafted git repository and a case-insensitive filesystem. bsc1215298 Other fixes: jsch was updated to version 0.2.9: - Added...

8.8CVSS8.7AI score0.01884EPSS
Exploits0References5
OSV
OSV
added 2023/12/29 11:6 a.m.3 views

OESA-2023-1995 jgit security update

A pure Java implementation of the Git version control system and command line interface. Security Fixes: Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file...

8.8CVSS9.7AI score0.01884EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/11/20 12:0 a.m.4 views

PT-2023-32553 · Nessus · Nessus

Name of the Vulnerable Software and Affected Versions: Nessus affected versions not specified Description: An issue exists where an authenticated attacker with privileges on the managing application could alter variables to overwrite arbitrary files on the remote host, potentially leading to a...

6.8CVSS6.5AI score0.00826EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/11/17 12:0 a.m.4 views

Nessus Buffer Error Vulnerability

Tenable Network Security Nessus is an open source system vulnerability scanner from Tenable Network Security, USA. A security vulnerability exists in Nessus 10.6.2 and earlier versions that originated from a vulnerability that allows an attacker with administrator privileges to change Nessus rule...

6.8CVSS6.7AI score0.01034EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/11/07 8:43 a.m.9 views

python: tarfile module directory traversal

A flaw was found in the Python tarfile module. Extracting a crafted TAR archive with the tarfile.extract or tarfile.extractall functions could lead to a directory traversal vulnerability, resulting in overwrite of arbitrary files...

9.8CVSS6.7AI score0.27095EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2023/11/06 12:0 a.m.32 views

Rocky Linux 8 : nodejs:10 (RLSA-2020:0579)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:0579 advisory. - Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate CVE-2019-15604 - HTTP...

9.8CVSS7.4AI score0.57132EPSS
Exploits2References13
OSV
OSV
added 2023/11/03 4:15 a.m.3 views

UBUNTU-CVE-2020-28407

In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall...

7.1CVSS7.2AI score0.00279EPSS
Exploits0References2
Debian
Debian
added 2023/10/31 8:45 p.m.18 views

[SECURITY] [DLA 3643-1] pmix security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3643-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb October 31, 2023 https://wiki.debian.org/LTS -...

8.1CVSS8.2AI score0.01121EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/10/20 12:0 a.m.12 views

Ubuntu 16.04 ESM : fstream vulnerability (USN-4863-1)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-4863-1 advisory. It was discovered that fstream incorrectly handled certain crafted tarballs. An attacker could use this vulnerability to write arbitrary files to the filesystem...

7.5CVSS8.3AI score0.02416EPSS
Exploits0References2
Veracode
Veracode
added 2023/10/19 7:55 a.m.643 views

Directory Traversal

Python is vulnerable to directory traversal attack. The vulnerability is due to the extract and extractall functions in the tarfile module which allows an attacker to overwrite arbitrary files via a dot dot.. sequence. The vulnerability results in an arbitrary file overwrite...

9.8CVSS7.1AI score0.27095EPSS
Exploits3References14Affected Software1
Veracode
Veracode
added 2023/10/09 1:55 p.m.23 views

Arbitrary File Overwrite

ansible is vulnerable to Arbitrary File Overwrite. This vulnerability allows remote attackers to inject arbitrary HTML and script code into the response. This could allow attackers to steal cookies, perform phishing attacks, or take control of vulnerable systems...

6.3CVSS7.1AI score0.00859EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2023/09/29 8:48 a.m.16 views

Arbitrary File Overwrite

github.com/schollz/croc is vulnerable to Arbitrary File Overwrite. The vulnerability is due to the Croc protocol allowing a sender to specify an arbitrary path for the file transfer, which lacks validation to check if the file path will overwrite an existing file on the client side. An attacker c...

5.5CVSS6.9AI score0.00368EPSS
Exploits1References5Affected Software2
Vulnrichment
Vulnrichment
added 2023/09/26 8:14 p.m.10 views

CVE-2023-40452

The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to overwrite arbitrary files...

5.8AI score0.00366EPSS
Exploits0References12
Cvelist
Cvelist
added 2023/09/26 8:14 p.m.23 views

CVE-2023-40452

The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to overwrite arbitrary files...

6.8AI score0.00366EPSS
Exploits0References12
Veracode
Veracode
added 2023/09/21 11:12 a.m.66 views

Arbitrary File Overwrite

org.eclipse.jgit is vulnerable to Arbitrary File Overwrite. The vulnerability is due to a symbolic link present in a specially crafted git repository which can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem...

8.8CVSS6.8AI score0.01884EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/18 3:30 p.m.39 views

Arbitrary File Overwrite in Eclipse JGit

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

8.8CVSS8.8AI score0.01884EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2023/09/18 3:30 p.m.41 views

GHSA-3P86-9955-H393 Arbitrary File Overwrite in Eclipse JGit

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

8.8CVSS8.8AI score0.01884EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2023/09/17 12:0 a.m.41 views

GLSA-202309-04 : RAR, UnRAR: Arbitrary File Overwrite

The remote host is affected by the vulnerability described in GLSA-202309-04 RAR, UnRAR: Arbitrary File Overwrite - RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract aka unpack operation, as demonstrated by creating a /.ssh/authorizedkeys...

7.8CVSS8.5AI score0.98975EPSS
Exploits13References6
Rows per page
Query Builder