7185 matches found
RHEL 8 : gzip (RHSA-2022:1665)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:1665 advisory. The gzip packages contain the gzip GNU zip data compression utility. gzip is used to compress regular files. It replaces them with files containing t...
CVE-2022-25842
All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip using a specially crafted archive that holds directory traversal filenames e.g. ../../evil.exe. The attacker can overwrite executable files and either invoke...
CVE-2022-25842
All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip using a specially crafted archive that holds directory traversal filenames e.g. ../../evil.exe. The attacker can overwrite executable files and either invoke...
Directory traversal
All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip using a specially crafted archive that holds directory traversal filenames e.g. ../../evil.exe. The attacker can overwrite executable files and either invoke...
CVE-2022-25842
CVE-2022-25842 affects all versions of com.alibaba.oneagent:one-java-agent-plugin. It is vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip): a crafted archive with directory traversal filenames (e.g., ../../evil.exe) can cause sensitive files to be overwritten, enabling remote c...
CVE-2022-25842 Arbitrary File Write via Archive Extraction (Zip Slip)
All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip using a specially crafted archive that holds directory traversal filenames e.g. ../../evil.exe. The attacker can overwrite executable files and either invoke...
CVE-2022-25842
All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip using a specially crafted archive that holds directory traversal filenames e.g. ../../evil.exe. The attacker can overwrite executable files and either invoke...
Cisco Unified Communications Products Arbitrary File Write (cisco-sa-cucm-arb-write-74QzruUU)
According to its self-reported version number, the software upgrade process of Cisco Unified Communications Manager Unified CM and Cisco Unified CM Session Management Edition is affected by an arbitrary file write vulnerability. An authenticated remote attacker can exploit this vulnerability to...
The vulnerability of the Elcomplus SmartPPT SCADA server, related to input validation errors, allows attackers to write arbitrary files to arbitrary locations within the file system.
The vulnerability of the Elcomplus SmartPPT SCADA server is related to input validation errors. Exploiting this vulnerability allows a malicious actor to write arbitrary files to arbitrary locations in the file system using a specially created HTTP request...
Important: gzip, xz
Issue Overview: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to...
Amazon Linux 2 : gzip, xz (ALAS-2022-1782)
The version of gzip installed on the remote host is prior to 1.5-10. The version of xz installed on the remote host is prior to 5.2.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1782 advisory. An arbitrary file write vulnerability was found in GNU gzip's zgrep...
Important: Red Hat Security Advisory: gzip security update
An update for gzip is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
gzip: arbitrary-file-write vulnerability
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...
Important: Red Hat Security Advisory: gzip security update
An update for gzip is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
gzip: arbitrary-file-write vulnerability
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...
ALSA-2022:1537 Important: gzip security update
The gzip packages contain the gzip GNU zip data compression utility. gzip is used to compress regular files. It replaces them with files containing the .gz extension, while retaining ownership modes, access, and modification times. Security Fixes: gzip: arbitrary-file-write vulnerability...
gzip security update
An update is available for gzip. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gzip packages contain the gzip GNU zip data compression utility. gzip is use...
RLSA-2022:1537 Important: gzip security update
The gzip packages contain the gzip GNU zip data compression utility. gzip is used to compress regular files. It replaces them with files containing the .gz extension, while retaining ownership modes, access, and modification times. Security Fixes: gzip: arbitrary-file-write vulnerability...
gzip security update
1.9-13 - fix an arbitrary-file-write vulnerability in zgrep Resolves: CVE-2022-1271...
Oracle Linux 8 : gzip (ELSA-2022-1537)
The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-1537 advisory. 1.9-13 - fix an arbitrary-file-write vulnerability in zgrep Resolves: CVE-2022-1271 Tenable has extracted the preceding description block directly from the Orac...