Directory traversal

ServerManagement master branch as of commit 49491cc6f94980e6be7791d17be947c27071eb56 is affected by a directory traversal vulnerability. This vulnerability can be used to extract credentials which can in turn be used to execute code...

PT-2021-22372 · Octorpki · Octorpki

Name of the Vulnerable Software and Affected Versions: OctoRPKI affected versions not specified Description: The issue allows a repository to create a file that can be written to disk outside the base cache folder due to a failure to escape a URI with a filename containing "..". This could enable...

VulnCheck KEV: CVE-2020-5847

Unraid contains a vulnerability due to the insecure use of the extract PHP function that can be abused to execute remote code as root. This CVE is chainable with CVE-2020-5849 for initial access...

Code injection

The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality...

CVE-2021-42540 Emerson WirelessHART Gateway

The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality...

CVE-2021-38394

An attacker with physical access to the device can extract the binary that checks for the hardware key and reverse engineer it, which could be used to create a physical duplicate of a valid hardware key. The hardware key allows access to special settings when inserted...

Safari Credential Gatherer

This module searches for Safari credentials on a Windows host. Module Options msf use post/windows/gather/credentials/safari msf postsafari show actions ...actions... msf postsafari set ACTION msf postsafari show options ...show and set options... msf postsafari run This module requires Metasploi...

airust (=0.1.6), font (>=0.2.0 <=0.3.2) +6 more potentially affected by CVE-2021-26953 via postscript (>=0.10.1 <=0.11.1)

postscript CARGO version =0.10.1, =0.2.0, =0.0.2, =0.1.0, =0.15.0, =0.1.0, =0.6.3 - text =0.0.4 Source cves: CVE-2021-26953 Source advisory: OSV:GHSA-FHVC-GP6C-H2WX...

Vulnerability of the extract_name() function (rfc1035.c): The Dnsmasq DNS server has a vulnerability related to the failure of operations beyond the buffer in memory, allowing an attacker to cause a service failure.

The vulnerability of the extractname function rfc1035.c in the Dnsmasq DNS server is related to the lack of length checking on input data. Exploiting this vulnerability allows a remote attacker to cause a service failure...

Vulnerability of the extract_name() function (rfc1035.c): The Dnsmasq DNS server has a vulnerability related to the failure of operations beyond the buffer in memory, allowing an attacker to cause a service failure.

The vulnerability of the extractname function rfc1035.c in the Dnsmasq DNS server is related to the lack of length checking on input data. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

OSV-2021-934 Heap-buffer-overflow in extract_addresses

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35865 Crash type: Heap-buffer-overflow WRITE 1 Crash state: extractaddresses FuzzExtractTheAddress fuzzrfc1035.c...

PT-2021-7713 · Dnsmasq +2 · Dnsmasq +2

Name of the Vulnerable Software and Affected Versions: Dnsmasq affected versions not specified Description: The issue is related to a buffer overflow in the extract name function of the fuzz util.c component of the Dnsmasq DNS server. This could allow a remote attacker to access confidential data...

PT-2021-7716 · Dnsmasq +2 · Dnsmasq +2

Name of the Vulnerable Software and Affected Versions: Dnsmasq affected versions not specified Description: The issue is related to a buffer overflow in the extract name function of the Dnsmasq DNS server. This could allow a remote attacker to access confidential data, compromise its integrity, a...

DEBIAN-CVE-2017-20006

UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile...

CVE-2021-35958

TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.getfile is used with extract=True. NOTE: the vendor's position is that tf.keras.utils.getfile is not intended for untrusted archives...

PT-2021-21079 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.1 Description: The issue allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get file is used with extract=True. It's noted that the vendor's position is that...

PT-2021-11424 · Red Hat · Openshift-Clients

Name of the Vulnerable Software and Affected Versions: openshift-clients versions up to and including 4.7.0-202104250659.p0.git.95881af Description: A Zip Slip vulnerability was found in the oc binary where an arbitrary file write is achieved by using a specially crafted raw container image .tar...

Exim 缓冲区错误漏洞

Opera Software Opera is a Norwegian web browser from Opera Software that supports multi-window browsing, customizable user interfaces, etc. Exim is an open source messaging agent MTA that runs on Unix systems and is responsible for routing, forwarding, and delivering mail. Exim suffers from a...

GHSA-893H-35V4-MXQX Path Traversal in Ansible

A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the winunzip module as the extracted files are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive...

Path Traversal in Ansible

A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the winunzip module as the extracted files are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive...