USN-5291-1 libarchive vulnerabilities

It was discovered that libarchive incorrectly handled symlinks. If a user or automated system were tricked into processing a specially crafted archive, an attacker could possibly use this issue to change modes, times, ACLs, and flags on arbitrary files. CVE-2021-23177, CVE-2021-31566 It was...

Information Disclosure

Drupal is vulnerable to information disclosure. File metadata of a permanent private file can be accessed by an attacker who can guess ID of the file...

Exposure of Resource to Wrong Sphere in Drupal Core

Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prio...

Rocky Linux 8 : aide (RLSA-2022:441)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:441 advisory. - AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata such as XFS extended attributes or tmpfs ACLs, because of a heap-based...

Debian DLA-2894-1 : aide - LTS security update

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2894 advisory. David Bouman discovered a heap-based buffer overflow vulnerability in the base64 functions of aide, an advanced intrusion detection system, which can be triggered via large...

Privilege Escalation

aide is vulnerable to privilege escalation. An attacker can obtain root privileges via crafted file metadata, because of a heap-based buffer overflow...

SUSE SLED15 / SLES15 Security Update : aide (SUSE-SU-2022:0150-1)

The remote SUSE Linux SLED15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:0150-1 advisory. - AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata such as XFS extended attributes or tmpf...

DEBIAN-CVE-2021-45417

AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata such as XFS extended attributes or tmpfs ACLs, because of a heap-based buffer overflow...

CVE-2021-45417

AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata such as XFS extended attributes or tmpfs ACLs, because of a heap-based buffer overflow...

Heap overflow

AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata such as XFS extended attributes or tmpfs ACLs, because of a heap-based buffer overflow...

CVE-2021-45417

AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata such as XFS extended attributes or tmpfs ACLs, because of a heap-based buffer overflow...

UBUNTU-CVE-2021-45417

AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata such as XFS extended attributes or tmpfs ACLs, because of a heap-based buffer overflow...

CVE-2021-30658

This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Big Sur 11.3. A malicious application may bypass Gatekeeper checks...

CVE-2021-30658

This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Big Sur 11.3. A malicious application may bypass Gatekeeper checks...

Improper access control

This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Big Sur 11.3. A malicious application may bypass Gatekeeper checks...

CVE-2021-30658

CVE-2021-30658 affects macOS Big Sur 11.3 and is tied to Installer/file-metadata handling. Root cause: improved handling of file metadata. Impact: a malicious application may bypass Gatekeeper checks during installation. Remedy: fixed in macOS Big Sur 11.3 (HT212325). Other documents corroborate ...

CVE-2021-37620

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted image file. An...

Advisory ROSA-SA-2021-1996

Software: wget 1.14 OS: Cobalt 7.9 CVE-ID: CVE-2016-7098 CVE-Crit: HIGH CVE-DESC: The race condition in wget 1.17 and earlier, when used in recursive or mirror mode to download a single file, may allow remote servers to bypass perceived access list restrictions by leaving the HTTP connection open...

CVE-2020-27894

The issue was addressed with additional user controls. This issue is fixed in macOS Big Sur 11.0.1. Users may be unable to remove metadata indicating where files were downloaded from...

The vulnerability of the set_file_metadata function in the GNU Wget download manager allows a hacker to gain access to protected information.

The vulnerability of the setfilemetadata function in the GNU Wget download manager is related to the lack of protection for metadata. Exploiting this vulnerability could allow an attacker to access protected information...