Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links

Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in...

@npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following

Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution @npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and t...

Adobe XMP Toolkit SDK out-of-bounds read vulnerability

Adobe XMP Toolkit SDK is a tagging technology from Adobe that allows you to embed data about a file called metadata into the file itself. an out-of-bounds read vulnerability exists in Adobe XMP Toolkit SDK versions 2020.1 and earlier. An attacker could exploit this vulnerability to read arbitrary...

Adobe Bridge out-of-bounds read vulnerability (CNVD-2021-63271)

Adobe Bridge is a free digital asset management application from Adobe. 11.1 and earlier versions of Adobe Bridge contain an out-of-bounds read vulnerability. An attacker could exploit the vulnerability to read arbitrary file systems...

Adobe XMP Toolkit SDK 缓冲区错误漏洞

Adobe XMP Toolkit SDK is a tagging technology from Adobe that allows you to embed data about a file called metadata into the file itself. an out-of-bounds read vulnerability exists in Adobe XMP Toolkit SDK versions 2020.1 and earlier. An attacker could exploit this vulnerability to read arbitrary...

autofs bug fix and enhancement update

The autofs utility controls the operation of the automount daemon. The daemon automatically mounts file systems when in use and unmounts them when they are not busy. Bug Fixes and Enhancements: autofs: already mounted as other than autofs or failed to unlink entry in tree BZ1973888...

Adobe Illustrator 2021 post-release reuse vulnerability (CNVD-2021-74115)

Adobe Illustrator 2021 is a vector drawing software. A security vulnerability exists in Adobe Illustrator 2021 25.2.3 and earlier versions when handling specially crafted files. An attacker can exploit the vulnerability to read arbitrary file systems...

Adobe After Effects Out-of-Bounds Reading Vulnerability (CNVD-2021-54345)

Adobe After Effects "AE" is a graphics and video processing software from Adobe for organizations involved in design and video special effects, including television stations, animation production companies, personal post-production studios, and multimedia studios. Effects 18.2.1 and earlier...

CVE-2021-22924

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...

Adobe Media Encoder out-of-bounds read vulnerability (CNVD-2021-54346)

Adobe Media Encoder, a video and audio encoding application, is vulnerable to an out-of-bounds read vulnerability in Adobe Media Encoder version 15.2 and earlier. An attacker could exploit this vulnerability to read arbitrary file systems...

Adobe Illustrator 2021 Post-release Reuse Vulnerability

Adobe Illustrator 2021 is a vector graphics software. Adobe Illustrator 2021 25.2.3 and earlier versions are vulnerable to a post-release reuse vulnerability. An attacker could exploit this vulnerability to read arbitrary file systems...

Adobe Bridge out-of-bounds read vulnerability (CNVD-2021-63276)

Adobe Bridge, a free digital asset management application from Adobe, is vulnerable to an out-of-bounds read vulnerability in Adobe Bridge 11.0.2 and earlier. An attacker could exploit the vulnerability to read arbitrary file systems...

Adobe Illustrator 资源管理错误漏洞

Adobe Illustrator 2021 is a vector drawing software. A security vulnerability exists in Adobe Illustrator 2021 25.2.3 and earlier versions when handling specially crafted files. An attacker can exploit the vulnerability to read arbitrary file systems...

Adobe Illustrator 资源管理错误漏洞

Adobe Illustrator 2021 is a vector graphics software. Adobe Illustrator 2021 25.2.3 and earlier versions are vulnerable to a post-release reuse vulnerability. An attacker could exploit this vulnerability to read arbitrary file systems...

Security Bulletin: Vulnerabilities in Python, Tornado, and Urllib3 affect IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore

Summary IBM Spectrum Protect Plus Microsoft® File Systems backup and restore may be affected by vulnerabilities in Python, Tornado. and Urllib3 such as server-side request forgery, HTTP response splitting, buffer overflow, and man-in-the-middle attacks. Vulnerability Details CVEID: CVE-2021-29921...

Adobe After Effects Out-of-Bounds Read Vulnerability (CNVD-2021-41063)

Adobe After Effects referred to as "AE" is a graphic video processing software from Adobe, suitable for organizations engaged in design and video stunts, including television stations, animation production companies, individual post-production studios and multimedia studios. An out-of-bounds read...

Adobe After Effects 缓冲区错误漏洞

Adobe After Effects referred to as "AE" is a graphic video processing software from Adobe, suitable for organizations engaged in design and video stunts, including television stations, animation production companies, individual post-production studios and multimedia studios. An out-of-bounds read...

Adobe Animate Out-of-Bounds Read Vulnerability (CNVD-2021-49190)

Adobe Animate is a multimedia authoring and computer animation program. An out-of-bounds read vulnerability exists in Adobe Animate 21.0.6 and earlier versions. An attacker can exploit the vulnerability to read arbitrary file systems...

IPED - Digital Forensic Tool - Process And Analyze Digital Evidence, Often Seized At Crime Scenes By Law Enforcement Or In A Corporate Investigation By Private Examiners

IPED is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners. Introduction IPED - Digital Evidence Processor and Indexer translated from Portuguese is a tool implement...

GLSA-202104-01 : Git: User-assisted execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-202104-01 Git: User-assisted execution of arbitrary code It was discovered that Git could be fooled into running remote code during a clone on case-insensitive file systems with support for symbolic links, if Git is configured...