1647 matches found
SUSE CVE-2021-32803
The npm package "tar" aka node-tar before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in...
EulerOS Virtualization 2.10.1 : rsync (EulerOS-SA-2022-2942)
According to the versions of the rsync package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories ...
PT-2022-27794 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server version 3.7.0 Description: An improper limitation of a pathname to a restricted directory was identified, enabling remote code execution. A check was added within Pages to ensure the working directory is clean before...
Adobe Creative Cloud Security Update (APSB21-18) - Mac OS X
Adobe Creative cloud is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:creativecloud";...
Adobe Creative Cloud Security Update (APSB21-18) - Windows
Adobe Creative cloud is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:creativecloud";...
CVE-2022-44749 Opening workflows from untrusted resources may override arbitrary file system contents
A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Analytics Platform 3.2.0 and above can result in arbitrary files being overwritten on the user's system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME workflow that, when being...
Liferay Portal和Liferay DXP 路径遍历漏洞
Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...
OESA-2022-2084 nodejs-fstream security update
Provides advanced file system stream objects for Node.js. These objects are like FS streams, but with stat on them, and support directories and symbolic links, as well as normal files. Also, you can use them to set the stats on a file, even if you don't change its contents, or to create a symlink...
The vulnerability of the command-line interface (CLI) of microprogramming software for Cisco TelePresence Collaboration Endpoint conference call control devices and Cisco RoomOS operating systems allows a hacker to overwrite arbitrary files.
The vulnerability of the command-line interface CLI of microprogramming software for Cisco TelePresence Collaboration Endpoint conference call controllers and Cisco RoomOS operating systems is related to access control deficiencies. Exploiting this vulnerability could allow a attacker to re-recor...
CVE-2022-20930
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands...
CVE-2022-32807
This issue was addressed with improved file handling. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to overwrite arbitrary files...
Archive_Tar: improper filename sanitization leads to file overwrites
A flaw was found in the ArchiveTar package. PEAR ArchiveTar could allow a local authenticated attacker to bypass security restrictions caused by a stream-wrapper attack. An attacker can overwrite arbitrary files on the system using a specially-crafted tar archive...
CVE-2022-36850
Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 Release 1 allows attacker to overwrite arbitrary file with phone uid...
Path traversal
Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 Release 1 allows attacker to overwrite arbitrary file with phone uid...
Apple macOS Big Sur 输入验证错误漏洞
Apple macOS Big Sur is the 17th major release of Apple's macOS for MAC operating system from Apple USA. Apple macOS Big Sur suffers from an input validation error vulnerability that stems from an application that may be able to overwrite arbitrary files...
nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite
A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain both a directory and a symlink with the same name, where the symlink and directory names in the archive entry used backslashes as a path separator, made it possible to bypass node-tar symlink checks on...
nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite
A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain two directories and a symlink with names containing Unicode values that normalize to the same value on Windows systems made it possible to bypass node-tar symlink checks on directories. This allows an...
nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite
A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain two directories and a symlink with names containing Unicode values that normalize to the same value on Windows systems made it possible to bypass node-tar symlink checks on directories. This allows an...
CVE-2022-29094
Dell SupportAssist Client Consumer versions 3.10.4 and versions prior and Dell SupportAssist Client Commercial versions 3.1.1 and versions prior contain an arbitrary file deletion/overwrite vulnerability. Authenticated non-admin user could exploit the issue and delete or overwrite arbitrary files...
CVE-2022-29094
Dell SupportAssist Client (Consumer 3.10.4 and earlier; Commercial 3.1.1 and earlier) contains an arbitrary file deletion/overwrite vulnerability. An authenticated non‑admin user can delete or overwrite arbitrary files on the system. The issue is documented as CVE-2022-29094; CVSS data in the pro...