1270 matches found
Input validation
outdoorbits little-backup-box aka Little Backup Box before f39f91c allows remote attackers to execute arbitrary code because the PHP extract function is used for untrusted input...
Little Backup Box Security Vulnerability
Little Backup Box is a pocket-sized backup solution from the individual developers at outdoorbits that turns a single board computer into a multifunctional one. Little Backup Box suffers from a security vulnerability that stems from the presence of untrusted inputs to the PHP extract function,...
CVE-2023-52262
outdoorbits little-backup-box aka Little Backup Box before f39f91c allows remote attackers to execute arbitrary code because the PHP extract function is used for untrusted input...
CVE-2023-52262
Outdoorbits Little-backup-box; vulnerable in versions prior to f39f91c due to untrusted input being fed to PHP extract, enabling remote code execution. A fix exists in the commit f39f91c; advised remediation is to update to a version after f39f91c (or temporarily disable PHP extract for untrusted...
PT-2023-8937 · Outdoorbits · Little-Backup-Box
Name of the Vulnerable Software and Affected Versions: outdoorbits little-backup-box versions prior to f39f91c Description: The issue allows remote attackers to execute arbitrary code because the PHP extract function is used for untrusted input. This is due to insufficient validation of input dat...
tracker-miners: sandbox escape
A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability...
tracker-miners: sandbox escape
A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability...
tracker-miners: sandbox escape
A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability...
tracker-miners: sandbox escape
A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability...
tracker-miners: sandbox escape
A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability...
tracker-miners: sandbox escape
A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability...
tracker-miners: sandbox escape
A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability...
tracker-miners: sandbox escape
A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability...
CVE-2023-48090
GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extractattributes mediatools/m3u8.c:329...
DEBIAN-CVE-2023-48090
GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extractattributes mediatools/m3u8.c:329...
UBUNTU-CVE-2023-48090
GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extractattributes mediatools/m3u8.c:329...
PT-2023-8887 · Gpac +2 · Gpac +2
Name of the Vulnerable Software and Affected Versions: GPAC version 2.3-DEV-rev617-g671976fcc-master Description: The issue is related to a memory leak in the extract attributes function, located in media tools/m3u8.c:329, which can lead to a denial of service. This is due to the lack of memory...
CVE-2023-5245
FileUtil.extract enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory. When creating an instance of TensorflowModel using the savedmodel format and an exported tensorflow model, the apply function invokes th...
python: tarfile module directory traversal
A flaw was found in the Python tarfile module. Extracting a crafted TAR archive with the tarfile.extract or tarfile.extractall functions could lead to a directory traversal vulnerability, resulting in overwrite of arbitrary files...
VulnCheck KEV: CVE-2022-4063
The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers...