7263 matches found
CVE-2020-36561
CVE-2020-36561 is a path-traversal vulnerability in the unzip library used by github.com/yi-ge/unzip (go-unzip). The root cause is improper path sanitization that allows archives containing relative file paths to write or overwrite files outside the target directory. Documents indicate the issue ...
Arbitrary File Write
GuardDog is vulnerable to arbitrary file write. The vulnerability exists due to the unsafe extracting using the shutil.unpackarchive functionality in the downloadcompressed function of packagescanner.py, allowing an attacker to write arbitrary files outside the destination directory through a...
PYSEC-2022-42994
GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine...
CVE-2022-23531 Arbitrary file write when scanning a specially-crafted local PyPI package
GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine...
CVE-2022-23531 Arbitrary file write when scanning a specially-crafted local PyPI package
GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine...
CVE-2022-23530
GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpackarchive from a potentially malicious tarball without validating that the destinati...
Design/Logic Flaw
GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpackarchive from a potentially malicious tarball without validating that the destinati...
PYSEC-2022-42993
GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpackarchive from a potentially malicious tarball without validating that the destinati...
PYSEC-2022-42993
GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpackarchive from a potentially malicious tarball without validating that the destinati...
CVE-2022-23530 GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package
GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpackarchive from a potentially malicious tarball without validating that the destinati...
CVE-2022-23530 GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package
GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpackarchive from a potentially malicious tarball without validating that the destinati...
CVE-2022-23530
CVE-2022-23530 affects GuardDog prior to v0.1.8, where scanning a remotely fetched PyPI package could trigger arbitrary file writes. The root cause is using shutil.unpack_archive() on a crafted tarball without validating that extracted paths stay within the destination directory, allowing writes ...
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Directory Traversal / File Write
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x Directory Traversal File Write Exploit Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Pulse Eco...
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Directory Traversal File Write Exploit
Summary The SOUND4 IMPACT introduces an innovative process - mono and stereo parts of the signal are processed separately to obtain perfect consistency in terms of both sound and level. Therefore, in moving reception, when the FM receiver switches from stereo to mono and back to stereo, the sound...
Arbitrary File Write via Archive Extraction (Zip Slip)
Overview github.com/snapcore/snapd/overlord/snapshotstate/backend is a The snapd and snap tools enable systems to work with .snap files. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. When importing a snapshot...
The vulnerability of the Fortinet FortiClient for Windows security tool arises from the insecure management of privileges, allowing attackers to write arbitrary files.
The vulnerability of the Fortinet FortiClient for Windows security tool is related to insecure management of privileges. Exploiting this vulnerability could allow an attacker to write arbitrary files...
SUSE SLES15 / openSUSE 15 Security Update : buildah (SUSE-SU-2022:4350-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4350-1 advisory. Version update to 1.28.2. - CVE-2022-2990: Fixed a possible information disclosure and modification vulnerability...
VMware vCenter vScalation Privilege Escalation Exploit
This Metasploit module exploits a privilege escalation in vSphere/vCenter due to improper permissions on the /usr/lib/vmware-vmon/java-wrapper-vmon file. It is possible for anyone in the cis group to write to the file, which will execute as root on vmware-vmon service restart or host reboot. This...
py7zr 0.20.0 Directory Traversal
CVE-2022-44900: path traversal vulnerability in py7zr Directory traversal vulnerability in SevenZipFile.extractall function of the python library py7zr version 0.20.0 and earlier allow attackers to read arbitrary files on the local machine via malicious 7z file extraction. CVE-2022-44900...
py7zr 0.20.0 Directory Traversal Vulnerability
CVE-2022-44900: path traversal vulnerability in py7zr Directory traversal vulnerability in SevenZipFile.extractall function of the python library py7zr version 0.20.0 and earlier allow attackers to read arbitrary files on the local machine via malicious 7z file extraction. CVE-2022-44900...