5154 matches found
CVE-2022-25842
CVE-2022-25842 affects all versions of com.alibaba.oneagent:one-java-agent-plugin. It is vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip): a crafted archive with directory traversal filenames (e.g., ../../evil.exe) can cause sensitive files to be overwritten, enabling remote c...
CVE-2022-25842 Arbitrary File Write via Archive Extraction (Zip Slip)
All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip using a specially crafted archive that holds directory traversal filenames e.g. ../../evil.exe. The attacker can overwrite executable files and either invoke...
CVE-2022-25842
All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip using a specially crafted archive that holds directory traversal filenames e.g. ../../evil.exe. The attacker can overwrite executable files and either invoke...
Cisco Unified Communications Products Arbitrary File Write (cisco-sa-cucm-arb-write-74QzruUU)
According to its self-reported version number, the software upgrade process of Cisco Unified Communications Manager Unified CM and Cisco Unified CM Session Management Edition is affected by an arbitrary file write vulnerability. An authenticated remote attacker can exploit this vulnerability to...
Important: gzip, xz
Issue Overview: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to...
The vulnerability of the Elcomplus SmartPPT SCADA server, related to input validation errors, allows attackers to write arbitrary files to arbitrary locations within the file system.
The vulnerability of the Elcomplus SmartPPT SCADA server is related to input validation errors. Exploiting this vulnerability allows a malicious actor to write arbitrary files to arbitrary locations in the file system using a specially created HTTP request...
Amazon Linux 2 : gzip, xz (ALAS-2022-1782)
The version of gzip installed on the remote host is prior to 1.5-10. The version of xz installed on the remote host is prior to 5.2.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1782 advisory. An arbitrary file write vulnerability was found in GNU gzip's zgrep...
Important: Red Hat Security Advisory: gzip security update
An update for gzip is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
gzip: arbitrary-file-write vulnerability
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...
gzip: arbitrary-file-write vulnerability
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...
Important: Red Hat Security Advisory: gzip security update
An update for gzip is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
gzip security update
An update is available for gzip. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gzip packages contain the gzip GNU zip data compression utility. gzip is use...
RLSA-2022:1537 Important: gzip security update
The gzip packages contain the gzip GNU zip data compression utility. gzip is used to compress regular files. It replaces them with files containing the .gz extension, while retaining ownership modes, access, and modification times. Security Fixes: gzip: arbitrary-file-write vulnerability...
ALSA-2022:1537 Important: gzip security update
The gzip packages contain the gzip GNU zip data compression utility. gzip is used to compress regular files. It replaces them with files containing the .gz extension, while retaining ownership modes, access, and modification times. Security Fixes: gzip: arbitrary-file-write vulnerability...
gzip security update
1.9-13 - fix an arbitrary-file-write vulnerability in zgrep Resolves: CVE-2022-1271...
Oracle Linux 8 : gzip (ELSA-2022-1537)
The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-1537 advisory. 1.9-13 - fix an arbitrary-file-write vulnerability in zgrep Resolves: CVE-2022-1271 Tenable has extracted the preceding description block directly from the Orac...
Mageia: Security Advisory (MGASA-2022-0149)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2022-0149 Updated gzip/xz packages fix security vulnerability
zgrep, xzgrep: arbitrary-file-write vulnerability. CVE-2022-1271...
Cisco Unified CM and Unified CM SME Arbitrary File Writing Vulnerability
Cisco Unified Communications Manager is a call processing component of Cisco's Unified Communications System. Unified Communications Manager Session Management Edition is the session management version of Unified Communications Manager. cisco Unified CM and Unified CM SME are vulnerable to an...
CVE-2022-20789 Cisco Unified Communications Products Arbitrary File Write Vulnerability
A vulnerability in the software upgrade process of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to write arbitrary files on the affected system. This vulnerability i...