CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5211 matches found

RedHat Linux•added 2023/01/06 8:12 a.m.•7 views

jenkins-plugin: Arbitrary file write vulnerability in Pipeline Input Step Plugin

A flaw was found in the Pipeline Input Step Plugin. This issue affects the code of the component Archive File Handler. The manipulation of the argument file with a malicious input leads to a directory traversal vulnerability...

7.5CVSS6.2AI score0.01456EPSS

Exploits0References5

OSV•added 2023/01/03 9:15 p.m.•11 views

CVE-2022-36943

SSZipArchive versions 2.5.3 and older contain an arbitrary file write vulnerability due to lack of sanitization on paths which are symlinks. SSZipArchive will overwrite files on the filesystem when opening a malicious ZIP containing a symlink as the first item...

8.1CVSS7AI score

Exploits0References1

Vulnrichment•added 2023/01/03 12:0 a.m.•9 views

CVE-2022-36943

6.9AI score0.00805EPSS

Exploits1References1

Cvelist•added 2023/01/03 12:0 a.m.•16 views

CVE-2022-36943

8.3AI score0.00805EPSS

Exploits1References1

CVE•added 2023/01/03 12:0 a.m.•69 views

CVE-2022-36943

CVE-2022-36943 : SSZipArchive (versions 2.5.3 and older) has an arbitrary file write vulnerability due to lack of sanitization for symlink paths. Opening a malicious ZIP that contains a symlink as the first item can cause SSZipArchive to overwrite arbitrary files on the filesystem. The available ...

8.1CVSS8AI score0.00805EPSS

Exploits1References1Affected Software1

Veracode•added 2022/12/20 3:39 a.m.•15 views

Arbitrary File Write

GuardDog is vulnerable to arbitrary file write. The vulnerability exists due to the unsafe extracting using the shutil.unpackarchive functionality in the downloadcompressed function of packagescanner.py, allowing an attacker to write arbitrary files outside the destination directory through a...

6.5CVSS6.3AI score0.00704EPSS

Exploits1References5Affected Software1

PyPA•added 2022/12/17 12:15 a.m.•6 views

PYSEC-2022-42994

GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine...

7.8CVSS6.8AI score0.0059EPSS

Exploits0References4Affected Software1

Cvelist•added 2022/12/16 11:41 p.m.•36 views

CVE-2022-23531 Arbitrary file write when scanning a specially-crafted local PyPI package

5.8CVSS7.7AI score0.0059EPSS

Exploits0References3

Vulnrichment•added 2022/12/16 11:41 p.m.•7 views

CVE-2022-23531 Arbitrary file write when scanning a specially-crafted local PyPI package

5.8CVSS7.5AI score0.0059EPSS

Exploits0References3

NVD•added 2022/12/16 11:15 p.m.•24 views

CVE-2022-23530

GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpackarchive from a potentially malicious tarball without validating that the destinati...

6.5CVSS0.00704EPSS

Exploits1References3

OSV•added 2022/12/16 11:15 p.m.•24 views

PYSEC-2022-42993

6.5CVSS6.9AI score0.00704EPSS

Exploits1References3

PyPA•added 2022/12/16 11:15 p.m.•7 views

PYSEC-2022-42993

6.5CVSS7.1AI score0.00704EPSS

Exploits1References5Affected Software1

Vulnrichment•added 2022/12/16 10:56 p.m.•6 views

CVE-2022-23530 GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package

5.8CVSS6.5AI score0.00704EPSS

Exploits1References3

CVE•added 2022/12/16 10:56 p.m.•138 views

CVE-2022-23530

CVE-2022-23530 affects GuardDog prior to v0.1.8, where scanning a remotely fetched PyPI package could trigger arbitrary file writes. The root cause is using shutil.unpack_archive() on a crafted tarball without validating that extracted paths stay within the destination directory, allowing writes ...

6.5CVSS6AI score0.00704EPSS

Exploits1References3Affected Software1

Snyk•added 2022/12/12 11:22 a.m.•2 views

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview github.com/snapcore/snapd/overlord/snapshotstate/backend is a The snapd and snap tools enable systems to work with .snap files. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. When importing a snapshot...

5.5CVSS7.8AI score

Exploits0References2

BDU FSTEC•added 2022/12/12 12:0 a.m.•5 views

The vulnerability of the Fortinet FortiClient for Windows security tool arises from the insecure management of privileges, allowing attackers to write arbitrary files.

The vulnerability of the Fortinet FortiClient for Windows security tool is related to insecure management of privileges. Exploiting this vulnerability could allow an attacker to write arbitrary files...

7.7CVSS7.2AI score0.00307EPSS

Exploits0References4Affected Software1

0day.today•added 2022/12/07 12:0 a.m.•252 views

py7zr 0.20.0 Directory Traversal Vulnerability

CVE-2022-44900: path traversal vulnerability in py7zr Directory traversal vulnerability in SevenZipFile.extractall function of the python library py7zr version 0.20.0 and earlier allow attackers to read arbitrary files on the local machine via malicious 7z file extraction. CVE-2022-44900...

9.1CVSS9.3AI score0.02242EPSS

Exploits3

Packet Storm•added 2022/12/07 12:0 a.m.•528 views

py7zr 0.20.0 Directory Traversal

0.3AI score0.02242EPSS

Exploits3

OSV•added 2022/12/06 8:15 p.m.•2 views

DEBIAN-CVE-2022-44900

A directory traversal vulnerability in the SevenZipFile.extractall function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file...

9.1CVSS8.5AI score0.02242EPSS

Exploits3References1

PyPA•added 2022/12/06 8:15 p.m.•6 views

PYSEC-2022-42998

9.1CVSS7AI score0.02242EPSS

Exploits3References7Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by