173 matches found
The vulnerability of the NTFS file system in Windows operating systems allows attackers to increase their privileges.
The vulnerability of the NTFS file system in Windows operating systems is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the NTFS file system of the Windows operating system allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the NTFS file system in Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker, working remotely, to gain unauthorized access to protected information...
The vulnerability of the NTFS file system in Windows operating systems allows attackers to disclose protected information.
The vulnerability of the NTFS file system in Windows operating systems is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to disclose protected information...
Ubuntu 24.04 LTS : Linux kernel (OEM) vulnerabilities (USN-7386-1)
"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7386-1 advisory. Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker...
USN-7388-1 linux-aws-5.15, linux-kvm vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service system crash or possibly execute arbitrary code...
CVE-2024-10209 Incorrect Permission Assignment in APROL file system
An Incorrect Permission Assignment for Critical Resource vulnerability in the file system used in B&R APROL 4.4-01 may allow an authenticated local attacker to read and alter the configuration of another engineering or runtime user...
CVE-2025-25685
An issue was discovered in GL-INet Beryl AX GL-MT3000 v4.7.0. Attackers are able to download arbitrary files from the device's file system via adding symbolic links on an external drive used as a samba share...
CVE-2025-29787 zip Vulnerable to Incorrect Path Canonicalization During Archive Extraction, Leading to Arbitrary File Write
zip is a zip library for rust which supports reading and writing of simple ZIP files. In the archive extraction routine of affected versions of the zip crate starting with version 1.3.0 and prior to version 2.3.0, symbolic links earlier in the archive are allowed to be used for later files in the...
CVE-2025-25685
An issue was discovered in GL-INet Beryl AX GL-MT3000 v4.7.0. Attackers are able to download arbitrary files from the device's file system via adding symbolic links on an external drive used as a samba share...
CVE-2025-25685
An issue was discovered in GL-INet Beryl AX GL-MT3000 v4.7.0. Attackers are able to download arbitrary files from the device's file system via adding symbolic links on an external drive used as a samba share...
GHSA-8VVX-QVQ9-5948 Flowise allows arbitrary file write to RCE
Summary An attacker could write files with arbitrary content to the filesystem via the /api/v1/document-store/loader/process API. An attacker can reach RCERemote Code Execution via file writing. Details All file writing functions in packages/components/src/storageUtils.ts are vulnerable. -...
Linux Distros Unpatched Vulnerability : CVE-2022-48700
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 2024-08-27: CVE-2022-48700 was added to this advisory. 2024-08-27: CVE-2022-48671 was added to this advisory. 2024-08-27: CVE-2022-48672 was added to this...
Security Bulletin: IBM App Connect Enterprise is vulnerable to an attacker with deploy privilege (CVE-2025-0799)
Summary Malicious bar files could allow an attacker with deploy privilege to write arbitrary files on the file system for a running IBM App Connect Enterprise installation. Vulnerability Details CVEID:CVE-2025-0799 DESCRIPTION: IBM App Connect enterprise could allow an authenticated user to write...
CVE-2024-51534
Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unauthorized overwrite of OS files stored on the server filesystem. Exploitation could lead to denial o...
Time-of-check Time-of-use (TOCTOU) Race Condition
Apache Tomcat is vulnerable to a Time-of-check Time-of-use TOCTOU Race Condition. The vulnerability is lack of proper synchronization between the time the system checks a file's state and when it actually uses the file, allowing an attacker to manipulate the file system state during the brief...
CVE-2024-38819
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...
CVE-2024-21575
CVE-2024-21575 affects ComfyUI-Impact-Pack. Root cause: missing validation of image.filename in the POST /upload/temp endpoint, enabling path traversal and arbitrary file writes on the server. Consequence: under some conditions this can lead to remote code execution (RCE). CVSS vectors indicate h...
CVE-2024-50404 Qsync Central
A link following vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: Qsync Central...
The vulnerability of the FileSystem component in Microsoft Edge and Google Chrome browsers allows attackers to bypass file system restrictions.
The vulnerability of the FileSystem component in Microsoft Edge and Google Chrome is related to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a malicious actor to bypass file system restrictions by using a specially created HTML page...
CVE-2024-50054
The back-end does not sufficiently verify the user-controlled filename parameter which makes it possible for an attacker to perform a path traversal attack and retrieve arbitrary files from the file system...