5164 matches found
CVE-2022-1271
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...
CVE-2022-1271
CVE-2022-1271 affects GNU gzip's zgrep: an attacker can cause arbitrary file writes by supplying crafted multi-line filenames. Two or more consecutive newlines in filenames lead to content and target file names being embedded in the same path, and insufficient validation enables remote, low-privi...
CVE-2022-1271
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...
CVE-2022-1271
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...
SUSE-SU-2022:2959-2 Security update for rsync
This update for rsync fixes the following issues: - CVE-2022-29154: Fixed an arbitrary file write issue that could be triggered by a malicious remote server bsc1201840...
SUSE-SU-2022:2959-1 Security update for rsync
This update for rsync fixes the following issues: - CVE-2022-29154: Fixed an arbitrary file write issue that could be triggered by a malicious remote server bsc1201840...
PT-2022-22150 · Dell · Dell Command | Integration Suite For System Center
Name of the Vulnerable Software and Affected Versions: Dell Command | Integration Suite for System Center versions prior to 6.2.0 Description: The issue allows a locally authenticated malicious user to potentially perform an arbitrary file write as system, due to an arbitrary file write...
CVE-2022-26113: FortiClient Arbitrary File Write As SYSTEM
The post CVE-2022-26113: FortiClient Arbitrary File Write As SYSTEM appeared first on Rhino Security Labs...
CVE-2021-40326
CVE-2021-40326 affects Foxit PDF Reader before 11.1, Foxit PDF Editor before 11.1, and Foxit PhantomPDF before 10.1.6. The flaw stems from mishandling hidden and incremental data in digitally signed PDFs, enabling an attacker to write to an arbitrary file and display controlled contents during si...
CVE-2021-40326
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle hidden and incremental data in signed documents. An attacker can write to an arbitrary file, and display controlled contents, during signature verification...
rsync: remote arbitrary files write inside the directories of connecting peers
A flaw was found in rsync that is triggered by a victim rsync user/client connecting to a malicious rsync server. The server can copy and overwrite arbitrary files in the client's rsync target directory and subdirectories. This flaw allows a malicious server, or in some cases, another attacker wh...
Important: Red Hat Security Advisory: rsync security update
An update for rsync is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
rsync: remote arbitrary files write inside the directories of connecting peers
A flaw was found in rsync that is triggered by a victim rsync user/client connecting to a malicious rsync server. The server can copy and overwrite arbitrary files in the client's rsync target directory and subdirectories. This flaw allows a malicious server, or in some cases, another attacker wh...
SUSE: Security Advisory (SUSE-SU-2022:2858-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2022:2859-1 Security update for rsync
This update for rsync fixes the following issues: - CVE-2022-29154: Fixed an arbitrary file write issue that could be triggered by a malicious remote server bsc1201840...
SUSE-SU-2022:2858-1 Security update for rsync
This update for rsync fixes the following issues: - CVE-2022-29154: Fixed an arbitrary file write issue that could be triggered by a malicious remote server bsc1201840...
CLSA-2022-1660761947 Fixed CVE-2022-29154 in rsync
CVE-2022-29154: fix arbitrary file write vulnerability via malicious rysnc server MITM attack - Add '%check unset DISPLAY ' section but disable broken 'daemon' and 'hardlinks' tests...
Fixed CVE-2022-29154 in rsync
CVE-2022-29154: fix arbitrary file write vulnerability via malicious rysnc server MITM attack - Add '%check unset DISPLAY ' section but disable broken 'daemon' and 'hardlinks' tests...
CLSA-2022-1660761395 Fix CVE(s): CVE-2022-29154
SECURITY UPDATE: arbitrary file write vulnerability via malicious rysnc server MITM attack - debian/patches/CVE-2022-29154.patch: add extra file-list safety checks. - CVE-2022-29154 Fix noatime patch to build the testsuite and enable it in debian/rules...
CLSA-2022-1660759162 Fixed CVE-2022-29154 in rsync
CVE-2022-29154: fix arbitrary file write vulnerability via malicious rysnc server MITM attack - Add '%check unset DISPLAY ' section but disable broken 'daemon' and 'hardlinks' tests...