CVE-2022-25165

CVE-2022-25165 and CVE-2022-25166 affect Amazon AWS VPN Client 2.0.0. The issues are described as a TOCTOU race during VPN config validation, allowing parameters outside the allow list to be injected into the config and potentially writing files as SYSTEM (elevating privileges) or leaking Net-NTL...

CVE-2022-25165

An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the validation of VPN configuration files. This allows parameters outside of the AWS VPN Client allow list to be injected into the configuration file prior to the AWS VPN Client service running as SYSTEM...

Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current xz Vulnerability (SSA:2022-104-03)

The version of xz installed on the remote host is prior to 5.2.5. It is, therefore, affected by a vulnerability as referenced in the SSA:2022-104-03 advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name fo...

Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current gzip Vulnerability (SSA:2022-104-02)

The version of gzip installed on the remote host is prior to 1.12. It is, therefore, affected by a vulnerability as referenced in the SSA:2022-104-02 advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name f...

SUSE SLES12 Security Update : xz (SUSE-SU-2022:1160-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1160-1 advisory. - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames ZDI-CAN-16587. bsc1198062 Tenable has extracted the preceding descriptio...

Ubuntu 18.04 LTS / 20.04 LTS : XZ Utils vulnerability (USN-5378-2)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5378-2 advisory. Cleemy Desu Wayo discovered that XZ Utils incorrectly handled certain filenames. If a user or automated system were tricked into performing xzgrep...

Ubuntu 16.04 ESM : Gzip vulnerability (USN-5378-4)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-5378-4 advisory. USN-5378-1 fixed a vulnerability in Gzip. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Tenable has extracted the preceding...

Ubuntu 16.04 ESM : XZ Utils vulnerability (USN-5378-3)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5378-3 advisory. USN-5378-2 fixed a vulnerability in XZ Utils. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Tenable has extracted the precedin...

SUSE SLES11 Security Update : xz (SUSE-SU-2022:14938-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2022:14938-1 advisory. - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames ZDI-CAN-16587. bsc1198062 Tenable has extracted the preceding description block...

SUSE SLED15 / SLES15 Security Update : xz (SUSE-SU-2022:1158-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1158-1 advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's...

Ubuntu 18.04 LTS / 20.04 LTS : Gzip vulnerability (USN-5378-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5378-1 advisory. Cleemy Desu Wayo discovered that Gzip incorrectly handled certain filenames. If a user or automated system were tricked into performing zgrep operatio...

CVE-2022-27261

An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server...

CVE-2022-27261

An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server...

CVE-2022-27261

An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server...

CVE-2022-27261

An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server...

CVE-2022-27261

CVE-2022-27261 describes an arbitrary file write vulnerability in Express-FileUpload v1.3.1. The issue allows uploading multiple files with the same name, leading to overwriting existing files on the web application server. Connected documents corroborate the affected product/version and impact, ...

file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write

Description file.copy operations in GruntJS are vulnerable to a TOC-TOU race condition leading to arbitrary file write when an attacker can create a symlink just after deletion of the dest symlink by repeatedly calling ln -s /etc/shadow2 dest/shadow2 in a while loop but right before the symlink i...

Samsung Flow Access Control Error Vulnerability

Samsung flow is an application for Samsung Samsung mobile devices, a software used to connect Samsung to Win10-based computers for a seamless, secure, and connected experience.An access control error vulnerability exists in versions prior to Samsung Flow 4.8.06.5, which stems from a lack of prope...

PT-2022-18338 · Unknown · Express-Fileupload

Name of the Vulnerable Software and Affected Versions: Express-FileUpload version 1.3.1 Description: The issue allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server. This can be exploited due to an arbitrary file write...

Dell Technologies Dell PowerScale OneFS 安全漏洞

Dell PowerScale OneFS is a PowerScale OneFS operating system that provides scale-out NAS. Dell PowerScale OneFS has a security vulnerability that could be exploited by an attacker to gain read-only file write access...