Lucene search
+L

216 matches found

Prion
Prion
added 2023/01/31 10:15 a.m.24 views

Path traversal

A path traversal vulnerability affects yaffshiv YAFFS filesystem extractor. By crafting a malicious YAFFS file, an attacker could force yaffshiv to write outside of the extraction directory. This issue affects yaffshiv up to version 0.1 included, which is the most recent at time of publication...

1.9CVSS5.5AI score0.00354EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/31 9:25 a.m.8 views

CVE-2023-0592 Path traversal in jefferson

A path traversal vulnerability affects jefferson's JFFS2 filesystem extractor. By crafting malicious JFFS2 files, attackers could force jefferson to write outside of the extraction directory.This issue affects jefferson: before 0.4.1...

5.5CVSS5.5AI score0.00361EPSS
Exploits1References2
OSV
OSV
added 2023/01/31 9:18 a.m.16 views

CVE-2023-0591 Path Traversal in ubi_reader

ubireaderextractfiles is vulnerable to path traversal when run against specifically crafted UBIFS files, allowing the attacker to overwrite files outside of the extraction directory provided the process has write access to that file or directory. This is due to the fact that a node name...

5.5CVSS6.2AI score0.0039EPSS
Exploits1References6
Cvelist
Cvelist
added 2023/01/31 9:18 a.m.28 views

CVE-2023-0591 Path Traversal in ubi_reader

ubireaderextractfiles is vulnerable to path traversal when run against specifically crafted UBIFS files, allowing the attacker to overwrite files outside of the extraction directory provided the process has write access to that file or directory. This is due to the fact that a node name...

5.5CVSS5.7AI score0.0039EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/01/31 12:0 a.m.5 views

PT-2023-16390 · Yaffshiv · Yaffshiv

Name of the Vulnerable Software and Affected Versions: yaffshiv versions up to 0.1 Description: A path traversal issue affects the yaffshiv YAFFS filesystem extractor. By crafting a malicious YAFFS file, an attacker could force yaffshiv to write outside of the extraction directory. Recommendation...

5.5CVSS5.4AI score0.00354EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/01/31 12:0 a.m.7 views

UBI Reader 路径遍历漏洞

UBI Reader is a collection of Python modules and scripts from Jason Pruitt's personal developer. It is capable of extracting the contents of UBI and UBIFS images and analyzing them to determine the parameter settings to recreate them using the mtd-utils tool. A security vulnerability exists in UB...

5.5CVSS5.7AI score0.0039EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/01/31 12:0 a.m.4 views

yaffshiv 路径遍历漏洞

yaffshiv is a simple YAFFS filesystem parser and extractor from the devttys0 personal developer. A security vulnerability exists in yaffshiv. An attacker can exploit this vulnerability to write arbitrary files outside of the extraction directory by crafting a malicious YAFFS file...

5.5CVSS6AI score0.00354EPSS
Exploits1References3
CVE
CVE
added 2022/04/07 6:20 p.m.237 views

CVE-2022-26612

CVE-2022-26612 affects Apache Hadoop. The vulnerability arises during TAR extraction: Hadoop’s unTar uses unTarUsingJava on Windows and the built-in tar utility on other OSes, allowing a TAR entry to create a symlink pointing outside the extraction directory. A following TAR entry can write arbit...

9.8CVSS9.2AI score0.04176EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/03/18 5:40 p.m.25 views

GHSA-VW83-H3MQ-3QWJ Path Traversal in Spring-integration-zip

Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...

5.3CVSS4.5AI score0.01038EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/03/18 5:40 p.m.35 views

Path Traversal in Spring-integration-zip

Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...

5.3CVSS2.6AI score0.01038EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/01/28 10:15 p.m.16 views

CVE-2021-23484

The package zip-local before 0.3.5 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip which can lead to an extraction of a crafted file outside the intended extraction directory...

9.8CVSS9.3AI score
Exploits0References3
AlpineLinux
AlpineLinux
added 2021/08/31 4:50 p.m.38 views

CVE-2021-37713

The npm package "tar" aka node-tar before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, ...

8.6CVSS8.8AI score0.01263EPSS
Exploits0
OSV
OSV
added 2021/03/01 6:15 p.m.40 views

CVE-2021-22114

Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...

5.3CVSS6.6AI score0.01038EPSS
Exploits0References1
Prion
Prion
added 2021/03/01 6:15 p.m.21 views

Path traversal

Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...

5CVSS4.7AI score0.01446EPSS
Exploits0References1Affected Software1
OPENSUSE Linux
OPENSUSE Linux
added 2020/09/18 12:0 a.m.48 views

Security update for ark (moderate)

openSUSE Security Update: Security update for ark Announcement ID: openSUSE-SU-2020:1310-2 Rating: moderate References: 1175857 Cross-References: CVE-2020-24654 Affected Products: openSUSE Backports SLE-15-SP2 An update that fixes one vulnerability is now available. Description: This update for a...

4.3CVSS3.6AI score0.01496EPSS
Exploits0References1
Debian
Debian
added 2020/09/04 7:14 p.m.50 views

[SECURITY] [DSA 4759-1] ark security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4759-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 04, 2020 https://www.debian.org/security/faq -...

4.3CVSS3.4AI score0.01496EPSS
Exploits0
Veracode
Veracode
added 2020/09/03 4:31 a.m.9 views

Arbitrary File Overwrite

decompress-zip is vulnerable to arbitrary file overwrite. The vulnerability exists as it does not verify that extract files can escape out of the extraction root directory...

3.5AI score
Exploits0
NVD
NVD
added 2020/09/02 5:15 p.m.15 views

CVE-2020-24654

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory...

4.3CVSS3.5AI score0.01496EPSS
Exploits0References11
OSV
OSV
added 2020/09/02 5:15 p.m.21 views

CVE-2020-24654

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory...

3.3CVSS6.5AI score
Exploits0References11
AlpineLinux
AlpineLinux
added 2020/09/02 4:22 p.m.83 views

CVE-2020-24654

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory...

4.3CVSS3.6AI score0.01496EPSS
Exploits0
Rows per page
Query Builder