1649 matches found
python: tarfile module directory traversal
A flaw was found in the Python tarfile module. Extracting a crafted TAR archive with the tarfile.extract or tarfile.extractall functions could lead to a directory traversal vulnerability, resulting in overwrite of arbitrary files...
SUSE SLED15: eclipse-jgit / jgit / jgit-javadoc / jsch / jsch-demo / etc (SUSE-SU-2024:0057-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0057-1 advisory. Security fix: - CVE-2023-4759: Fixed an arbitrary file overwrite which might have occurred with a special...
SUSE-SU-2024:0057-1 Security update for eclipse-jgit, jsch
This update for eclipse-jgit, jsch fixes the following issues: Security fix: - CVE-2023-4759: Fixed an arbitrary file overwrite which might have occurred with a specially crafted git repository and a case-insensitive filesystem. bsc1215298 Other fixes: jsch was updated to version 0.2.9: - Added...
OESA-2023-1995 jgit security update
A pure Java implementation of the Git version control system and command line interface. Security Fixes: Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file...
PT-2023-32553 · Nessus · Nessus
Name of the Vulnerable Software and Affected Versions: Nessus affected versions not specified Description: An issue exists where an authenticated attacker with privileges on the managing application could alter variables to overwrite arbitrary files on the remote host, potentially leading to a...
Nessus Buffer Error Vulnerability
Tenable Network Security Nessus is an open source system vulnerability scanner from Tenable Network Security, USA. A security vulnerability exists in Nessus 10.6.2 and earlier versions that originated from a vulnerability that allows an attacker with administrator privileges to change Nessus rule...
python: tarfile module directory traversal
A flaw was found in the Python tarfile module. Extracting a crafted TAR archive with the tarfile.extract or tarfile.extractall functions could lead to a directory traversal vulnerability, resulting in overwrite of arbitrary files...
Rocky Linux 8 : nodejs:10 (RLSA-2020:0579)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:0579 advisory. - Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate CVE-2019-15604 - HTTP...
UBUNTU-CVE-2020-28407
In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall...
[SECURITY] [DLA 3643-1] pmix security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3643-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb October 31, 2023 https://wiki.debian.org/LTS -...
Ubuntu 16.04 ESM : fstream vulnerability (USN-4863-1)
The remote Ubuntu 16.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-4863-1 advisory. It was discovered that fstream incorrectly handled certain crafted tarballs. An attacker could use this vulnerability to write arbitrary files to the filesystem...
Directory Traversal
Python is vulnerable to directory traversal attack. The vulnerability is due to the extract and extractall functions in the tarfile module which allows an attacker to overwrite arbitrary files via a dot dot.. sequence. The vulnerability results in an arbitrary file overwrite...
Arbitrary File Overwrite
ansible is vulnerable to Arbitrary File Overwrite. This vulnerability allows remote attackers to inject arbitrary HTML and script code into the response. This could allow attackers to steal cookies, perform phishing attacks, or take control of vulnerable systems...
Arbitrary File Overwrite
github.com/schollz/croc is vulnerable to Arbitrary File Overwrite. The vulnerability is due to the Croc protocol allowing a sender to specify an arbitrary path for the file transfer, which lacks validation to check if the file path will overwrite an existing file on the client side. An attacker c...
CVE-2023-40452
The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to overwrite arbitrary files...
CVE-2023-40452
The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to overwrite arbitrary files...
Arbitrary File Overwrite
org.eclipse.jgit is vulnerable to Arbitrary File Overwrite. The vulnerability is due to a symbolic link present in a specially crafted git repository which can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem...
Arbitrary File Overwrite in Eclipse JGit
Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...
GHSA-3P86-9955-H393 Arbitrary File Overwrite in Eclipse JGit
Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...
GLSA-202309-04 : RAR, UnRAR: Arbitrary File Overwrite
The remote host is affected by the vulnerability described in GLSA-202309-04 RAR, UnRAR: Arbitrary File Overwrite - RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract aka unpack operation, as demonstrated by creating a /.ssh/authorizedkeys...