7263 matches found
Directory traversal
All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip using a specially crafted archive that holds directory traversal filenames e.g. ../../evil.exe. The attacker can overwrite executable files and either invoke...
CVE-2022-25842
CVE-2022-25842 affects all versions of com.alibaba.oneagent:one-java-agent-plugin. It is vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip): a crafted archive with directory traversal filenames (e.g., ../../evil.exe) can cause sensitive files to be overwritten, enabling remote c...
CVE-2022-25842 Arbitrary File Write via Archive Extraction (Zip Slip)
All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip using a specially crafted archive that holds directory traversal filenames e.g. ../../evil.exe. The attacker can overwrite executable files and either invoke...
CVE-2022-25842
All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip using a specially crafted archive that holds directory traversal filenames e.g. ../../evil.exe. The attacker can overwrite executable files and either invoke...
Cisco Unified Communications Products Arbitrary File Write (cisco-sa-cucm-arb-write-74QzruUU)
According to its self-reported version number, the software upgrade process of Cisco Unified Communications Manager Unified CM and Cisco Unified CM Session Management Edition is affected by an arbitrary file write vulnerability. An authenticated remote attacker can exploit this vulnerability to...
Important: gzip, xz
Issue Overview: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to...
Amazon Linux 2 : gzip, xz (ALAS-2022-1782)
The version of gzip installed on the remote host is prior to 1.5-10. The version of xz installed on the remote host is prior to 5.2.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1782 advisory. An arbitrary file write vulnerability was found in GNU gzip's zgrep...
The vulnerability of the Elcomplus SmartPPT SCADA server, related to input validation errors, allows attackers to write arbitrary files to arbitrary locations within the file system.
The vulnerability of the Elcomplus SmartPPT SCADA server is related to input validation errors. Exploiting this vulnerability allows a malicious actor to write arbitrary files to arbitrary locations in the file system using a specially created HTTP request...
gzip: arbitrary-file-write vulnerability
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...
Important: Red Hat Security Advisory: gzip security update
An update for gzip is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
gzip: arbitrary-file-write vulnerability
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...
Important: Red Hat Security Advisory: gzip security update
An update for gzip is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
gzip security update
An update is available for gzip. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gzip packages contain the gzip GNU zip data compression utility. gzip is use...
ALSA-2022:1537 Important: gzip security update
The gzip packages contain the gzip GNU zip data compression utility. gzip is used to compress regular files. It replaces them with files containing the .gz extension, while retaining ownership modes, access, and modification times. Security Fixes: gzip: arbitrary-file-write vulnerability...
RLSA-2022:1537 Important: gzip security update
The gzip packages contain the gzip GNU zip data compression utility. gzip is used to compress regular files. It replaces them with files containing the .gz extension, while retaining ownership modes, access, and modification times. Security Fixes: gzip: arbitrary-file-write vulnerability...
Oracle Linux 8 : gzip (ELSA-2022-1537)
The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-1537 advisory. 1.9-13 - fix an arbitrary-file-write vulnerability in zgrep Resolves: CVE-2022-1271 Tenable has extracted the preceding description block directly from the Orac...
gzip security update
1.9-13 - fix an arbitrary-file-write vulnerability in zgrep Resolves: CVE-2022-1271...
Mageia: Security Advisory (MGASA-2022-0149)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2022-0149 Updated gzip/xz packages fix security vulnerability
zgrep, xzgrep: arbitrary-file-write vulnerability. CVE-2022-1271...
CVE-2021-3722
The CVE-2021-3722 entry affects Lenovo PCManager prior to version 4.0.40.2175. It describes a vulnerability where installation could allow configuration files to be written to non-standard locations, impacting availability. The connected documents provide no details on exploit steps, affected pro...