6796 matches found
CVE-2025-58755
MONAI Medical Open Network for AI is an AI toolkit for health care imaging. The extractall function zipfile.extractalloutputdir is used directly to process compressed files. It is used in many places in the project. In versions up to and including 1.5.0, when the Zip file containing malicious...
SUSE CVE-2025-9566
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...
Podman 路径遍历漏洞
Podman is a Podman open source engine for developing, managing and running OCI containers on Linux systems. Podman suffers from a path traversal vulnerability that stems from the fact that the kube play command may be used to overwrite a host file, potentially resulting in the file being...
podman kube play symlink traversal vulnerability
Impact The podman kube play command can overwrite host files when the kube file contains a ConfigMap or Secret volume mount and the volume already contains a symlink to a host file. This allows a malicious container to write to arbitrary files on the host BUT the attacker only controls the target...
GHSA-WP3J-XQ48-XPJW podman kube play symlink traversal vulnerability
Impact The podman kube play command can overwrite host files when the kube file contains a ConfigMap or Secret volume mount and the volume already contains a symlink to a host file. This allows a malicious container to write to arbitrary files on the host BUT the attacker only controls the target...
Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted external_data.location paths containing traversal sequences, bypassing intended directory restrictions.
...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the podman kube play command. An attacker can cause sensitive data corruption and system crashes by supplying a malicious Kubernetes YAML file that results in overwriting critical host files. The attacker only...
Directory Traversal
Overview mobsf is a Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Directory...
CVE-2025-9810
TOCTOU vulnerability CVE-2025-9810 in linenoiseHistorySave (linenoise) enables local attackers to overwrite files or change permissions via a symlink race between fopen("w") on the history path and a subsequent chmod() on the same path. Connected advisories confirm this CVE affects Redis-related ...
CVE-2025-9810 TOCTOU race in Linenoise enables arbitrary file overwrite and permission changes
TOCTOU in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen"w" on the history path and subsequent chmod on the same path...
Linux Distros Unpatched Vulnerability : CVE-2025-53906
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim's zip.vim plugin can allow overwriting of arbitrary...
Linux Distros Unpatched Vulnerability : CVE-2025-53905
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim's tar.vim plugin can allow overwriting of arbitrary...
CVE-2025-54819
Improper limitation of a pathname to a restricted directory 'Path Traversal' issue exists in SS1 Ver.16.0.0.10 and earlier Media version:16.0.0a and earlier. If this vulnerability is exploited, legitimate files may be overwritten by a remote authenticated attacker...
CVE-2025-54819
Improper limitation of a pathname to a restricted directory 'Path Traversal' issue exists in SS1 Ver.16.0.0.10 and earlier Media version:16.0.0a and earlier. If this vulnerability is exploited, legitimate files may be overwritten by a remote authenticated attacker...
DOS & CO SS1 路径遍历漏洞
DOS & CO SS1 is an asset management tool from DOS & CO Japan. A path traversal vulnerability exists in DOS & CO SS1 version 16.0.0.10 and earlier, which stems from an improperly restricted pathname and could allow a remote, authenticated attacker to overwrite legitimate files...
Linux Distros Unpatched Vulnerability : CVE-2024-7776
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the downloadmodel function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to...
Linux Distros Unpatched Vulnerability : CVE-2017-13709
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of th...
Linux Distros Unpatched Vulnerability : CVE-2023-33466
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment...
Linux Distros Unpatched Vulnerability : CVE-2019-11249
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to...
Linux Distros Unpatched Vulnerability : CVE-2019-7283
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp...