Updated ark packages fix security vulnerability

A maliciously crafted archive with "../" in the file paths would install files anywhere in the user's home directory upon extraction CVE-2020-16116...

Directory Traversal

apache hyracks-control is vulnerable to directory traversal. Lack of validation of file paths within an archive allows an attacker to write files outside of the UDF deployment folder...

CVE-2020-12027

All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features found within...

Design/Logic Flaw

All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features found within...

CVE-2020-7667

In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which leads in file extraction outside of the current directory. Note: the fixing commit was applied to all...

CVE-2020-7664

In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide...

Code injection

In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide...

Code injection

In all versions of the package github.com/unknwon/cae/tz, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide...

GOG Galaxy Privilege Permission and Access Control Issues Vulnerability (CNVD-2021-25692)

GOG Galaxy is a game client program from the Polish company GOG. The program is used to install, launch and update games. A vulnerability exists in GOG Galaxy version 1.2.x prior to 1.2.62 and version 2.0.x prior to 2.0.12 in the context of privilege permission and access control issues. An...

GLSA-202006-14 : PEAR Archive_Tar: Remote code execution vulnerability

The remote host is affected by the vulnerability described in GLSA-202006-14 PEAR ArchiveTar: Remote code execution vulnerability An issue was discovered in the PEAR module ArchiveTars handling of file paths within Tar achives. Impact : A local or remote attacker could possibly execute arbitrary...

Windows Shell Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user. If the current user is logged on as an administrator, an attacker could...

June 2, 2020, update for Office 2016 (KB4484335)

June 2, 2020, update for Office 2016 KB4484335 This article describes update 4484335 for Microsoft Office 2016 that was released on June 2, 2020.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply to Offi...

ownCloud: File System Monitoring Queue Overflow

in the source code "owncloud/client" in the file "src/gui/folderwatcherlinux.cpp" in the function "void FolderWatcherPrivate :: inotifyRegisterPath const QString & path" by calling "inotifyaddwatch" the file paths are set for monitoring cpp int wd = inotifyaddwatchfd, path.toUtf8.constData,...

CVE-2020-1081

An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'...

Privilege escalation

An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'...

CVE-2020-1081

An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'...

GOG GalaxyClientService Privilege Escalation

This module will send arbitrary filepaths to the GOG GalaxyClientService, which will be executed with SYSTEM privileges verified on GOG Galaxy Client v1.2.62 and v2.0.12; prior versions are also likely affected. This module requires Metasploit: https://metasploit.com/download Current source:...

Windows Printer Service Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers. An authenticated attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. To exploit this...

CVE-2020-11883

In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace, with absolute file paths and Node.js module names...

CVE-2020-11883

In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace, with absolute file paths and Node.js module names...