CVE-2023-4759 Improper handling of case insensitive filesystems in Eclipse JGit allows arbitrary file write

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

SUSE CVE-2023-4782

Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7...

Microsoft Exchange DumpDataReader Deserialization of Untrusted Data Arbitrary File Write Vulnerability

This vulnerability allows remote attackers to create arbitrary files on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the lack of protection against deserialization of the DumpDataReader class. The issue...

Terraform allows arbitrary file write during the `init` operation

Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7...

CVE-2023-4782

Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7...

CVE-2023-4782

Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7...

CVE-2023-4782

Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7...

AZL-29705 CVE-2023-4782 affecting package terraform for versions less than 1.3.2-19

Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7...

Code injection

Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7...

CVE-2023-4782 Terraform Allows Arbitrary File Write During Init Operation

Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7...

CVE-2023-4782 Terraform Allows Arbitrary File Write During Init Operation

Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7...

CVE-2023-4782

CVE-2023-4782 affects Terraform 1.0.8–1.5.6, enabling arbitrary file write during the init operation when running a maliciously crafted configuration. The root cause is within Terraform’s init phase, allowing local file writes with high impact (confidentiality, integrity, availability). The vulne...

PT-2023-6893 · Hashicorp · Terraform

Name of the Vulnerable Software and Affected Versions: Terraform versions 1.0.8 through 1.5.6 Description: The issue is related to arbitrary file write during the init operation when run on maliciously crafted Terraform configuration. This is due to incorrect restriction of the directory path nam...

CVE-2023-30723

Improper input validation vulnerability in Samsung Health prior to version 6.24.2.011 allows attackers to write arbitrary file with Samsung Health privilege...

CVE-2023-30723

Improper input validation vulnerability in Samsung Health prior to version 6.24.2.011 allows attackers to write arbitrary file with Samsung Health privilege...

CVE-2023-4480

Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the system accessible within the privileges of the running process. Additionally, they may write fil...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20230302.207)

The version of AHV installed on the remote host is prior to 20230302.102005. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20230302.207 advisory. - In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c...

PoC Exploit Released for Critical VMware Aria's SSH Auth Bypass Vulnerability

Proof-of-concept PoC exploit code has been made available for a recently disclosed and patched critical flaw impacting VMware Aria Operations for Networks formerly vRealize Network Insight. The flaw, tracked as CVE-2023-34039, is rated 9.8 out of a maximum of 10 for severity and has been describe...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip due to improper input sanitization in the unzipFile function which allows an attacker to exploit this vulnerability by using a crafted zip file. Details It is exploited using a...

Directory Traversal

Overview weichsel/ZIPFoundation is an Effortless ZIP Handling in Swift. Affected versions of this package are vulnerable to Directory Traversal via extracting a crafted zip file, allowing attackers to write files outside the extraction directory. Details A Directory Traversal attack also known as...