SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from the South Korean company Samsung SAMSUNG. A security vulnerability previously existed in SAMSUNG Mobile devices version 2.1.00.36, which originated from allowing arbitrary files to be written i...

openSUSE 15 Security Update : stellarium (openSUSE-SU-2023:0097-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2023:0097-1 advisory. - In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal...

OPENSUSE-SU-2023:0097-1 Security update for stellarium

This update for stellarium fixes the following issues: - CVE-2023-28371: Fixed arbitrary file write issue. boo1209285...

Security update for stellarium (important)

openSUSE Security Update: Security update for stellarium Announcement ID: openSUSE-SU-2023:0097-1 Rating: important References: 1209285 Cross-References: CVE-2023-28371 CVSS scores: CVE-2023-28371 NVD : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports...

CVE-2023-2273

Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write...

Rapid7 Insight Agent 路径遍历漏洞

Rapid7 Insight Agent is a lightweight software from Rapid7 USA. The software is capable of collecting data from IT assets. A security vulnerability exists in Rapid7 Insight Agent version 3.2.6 and earlier versions. An attacker exploiting this vulnerability can write to arbitrary files...

CVE-2023-25652 "git apply --reject" partially-controlled arbitrary file write

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to git apply --reject, a path outside the working tree can be overwritten with partially controlled contents...

CVE-2023-25652 "git apply --reject" partially-controlled arbitrary file write

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to git apply --reject, a path outside the working tree can be overwritten with partially controlled contents...

CVE-2021-23166

A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to improper input sanitization in ClientLogController, when the GetRequestInformation method retrieves the name and version of the client from the HttpContext.User object. Details A Directory Traversal attack als...

GHSA-9P5F-5X8V-X65M Directory traversal + file write causing arbitrary code execution

Impact Frederic Linn @FredericLinn has reported a series of vulnerabilities that can result in directory traversal, file write, and potential remote code execution on Jellyfin instances. The general process involves chaining several exploits including a stored XSS vulnerability and can be used by...

Directory traversal

Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the ClientLogController, specifically /ClientLog/Document. When combined with a cross-site scripting vulnerability CVE-2023-30627, this can result...

CVE-2023-30626 Jellyfin vulnerable to directory traversal and file write causing arbitrary code execution

Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the ClientLogController, specifically /ClientLog/Document. When combined with a cross-site scripting vulnerability CVE-2023-30627, this can result...

CVE-2023-30626 Jellyfin vulnerable to directory traversal and file write causing arbitrary code execution

Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the ClientLogController, specifically /ClientLog/Document. When combined with a cross-site scripting vulnerability CVE-2023-30627, this can result...

CVE-2023-30626 Jellyfin vulnerable to directory traversal and file write causing arbitrary code execution

Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the ClientLogController, specifically /ClientLog/Document. When combined with a cross-site scripting vulnerability CVE-2023-30627, this can result...

Arbitrary File Write

MindsDB is vulnerable to Arbitrary File Write. The vulnerability exists due to an unsafe extraction process in file.py which does not ensure relative file paths are escaped allowing an attacker to write arbitrary files outside the expected directory...

PT-2023-22824 · Jellyfin · Jellyfin-Web

Name of the Vulnerable Software and Affected Versions: jellyfin-web versions 10.1.0 through 10.8.10 Description: A stored cross-site scripting issue in device.js can be used to make arbitrary calls to the REST endpoints with admin privileges. This can result in remote code execution on the Jellyf...

jellyfin -- Multiple vulnerabilities

[email protected] reports: Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the ClientLogController, specifically /ClientLog/Document. When combined with a cross-site scripting...

CVE-2023-30620 Arbitrary File Write when Extracting a Remotely retrieved Tarball in mindsdb/mindsdb

mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using tarfile.extractall from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Sometimes, the...

CVE-2023-30620 Arbitrary File Write when Extracting a Remotely retrieved Tarball in mindsdb/mindsdb

mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using tarfile.extractall from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Sometimes, the...