CVE-2024-24579 Tar path traversal in stereoscope when processing OCI tar archives

stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary director...

CVE-2024-0402 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace...

CVE-2023-52076 Remote Code Execution Vulnerability in Atril's EPUB ebook parsing

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the use...

CVE-2024-20804

Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file...

CVE-2023-23426

Some Honor products are affected by file writing vulnerability, successful exploitation could cause information disclosure...

CVE-2023-23426

Some Honor products are affected by file writing vulnerability, successful exploitation could cause information disclosure...

CVE-2023-23424

Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution...

CVE-2023-23424

Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution...

Information disclosure

Some Honor products are affected by file writing vulnerability, successful exploitation could cause information disclosure...

Code injection

Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution...

CVE-2023-23426

Some Honor products are affected by file writing vulnerability, successful exploitation could cause information disclosure...

CVE-2023-23426

CVE-2023-23426 affects Honor products, including Honor FRI-AN00 per CNNVD; reports describe a file-writing vulnerability that could lead to information disclosure. The connected sources consistently identify the issue as a local-access file-write flaw, with confidentiality impact but no explicit ...

CVE-2023-23424

Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution...

CVE-2023-23424

Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution...

CVE-2023-23424

CVE-2023-23424 affects some Honor products via a file-writing vulnerability that can lead to code execution. The available sources consistently describe a security issue in Honor firmware/software components enabling remote-like exploitation with no user interaction, high impact to confidentialit...

PT-2023-18933 · Huawei · Honor

Name of the Vulnerable Software and Affected Versions: Honor products affected versions not specified Description: The issue is related to a file writing vulnerability. Successful exploitation of this vulnerability could cause information disclosure. Recommendations: At the moment, there is no...

PT-2023-18932 · Huawei · Honor

Name of the Vulnerable Software and Affected Versions: Honor products affected versions not specified Description: The issue concerns a file writing vulnerability. Successful exploitation of this vulnerability could lead to code execution. Recommendations: At the moment, there is no information...

CVE-2023-50731

CVE-2023-50731 – MindsDB : The vulnerability arises in mindsdb/mindsdb/api/http/namespaces/file.py, where the PUT path does not validate the user-controlled name used for a temporary file. This leads to path injection, allowing arbitrary file writes via f.write(chunk) and potential write outside ...

CVE-2023-50731 MindsDB has arbitrary file write in file.py

MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the put method in mindsdb/mindsdb/api/http/namespaces/file.py does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which...

SUSE-SU-2023:4591-1 Security update for squashfs

This update for squashfs fixes the following issues: - CVE-2015-4645,CVE-2015-4646: Multiple buffer overflows fixed in squashfs-tools bsc935380 - CVE-2021-40153: Fixed an issue where an attacker might have been able to write a file outside of destination bsc1189936 - CVE-2021-41072: Fixed an issu...