utils 安全特征问题漏洞

utils is a utility program by Fred Smith Personal Developer. A security vulnerability exists in utils that stems from a problem with the unknown handling of the screenshotsync file of the Filename Handler component, which can lead to predictions from observable state...

PT-2022-11682 · Unknown · Fredsmith Utils

Name of the Vulnerable Software and Affected Versions: fredsmith utils affected versions not specified Description: A problematic issue has been found in the processing of the file screenshot sync of the component Filename Handler. The manipulation leads to predictable data from observable state...

GHSA-QWMP-2CF2-G9G6 pypa/wheel vulnerable to Regular Expression denial of service (ReDoS)

Python Packaging Authority PyPA Wheel is a reference implementation of the Python wheel packaging standard. Wheel 0.37.1 and earlier are vulnerable to a Regular Expression denial of service via attacker controlled input to the wheel cli. The vulnerable regex is used to verify the validity of Whee...

Slackware Linux 15.0 / current mozilla-thunderbird Vulnerability (SSA:2022-355-01)

The version of mozilla-thunderbird installed on the remote host is prior to 102.6.1. It is, therefore, affected by a vulnerability as referenced in the SSA:2022-355-01 advisory. - A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious...

CVE-2022-46874

A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.Note: This issue was originally included in the advisories for Thunderbird...

CVE-2022-46874

A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.Note: This issue was originally included in the advisories for Thunderbird...

DEBIAN-CVE-2022-46874

A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.Note: This issue was originally included in the advisories for Thunderbird...

CVE-2022-45415

When downloading an HTML file, if the title of the page was formatted as a filename with a malicious extension, Firefox may have saved the file with that extension, leading to possible system compromise if the downloaded file was later ran. This vulnerability affects Firefox 107...

Design/Logic Flaw

A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.Note: This issue was originally included in the advisories for Thunderbird...

CVE-2022-34483

An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from...

CVE-2022-34483

An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from...

Mozilla Thunderbird < 102.6.1

The version of Thunderbird installed on the remote Windows host is prior to 102.6.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2022-54 advisory. - A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious...

CVE-2022-45415

This CVE affects Mozilla Firefox. When downloading an HTML file, if the page title is formatted as a filename with a malicious extension, Firefox may save the file with that extension, potentially allowing system compromise if the file is executed. Affected versions are Firefox

CVE-2022-34482

An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from...

CVE-2022-46874

A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.Note: This issue was originally included in the advisories for Thunderbird...

Mozilla Thunderbird < 102.6.1

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 102.6.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2022-54 advisory. - A file with a long filename could have had its filename truncated to remove the valid extension, leaving a...

CVE-2022-46874

A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.Note: This issue was originally included in the advisories for Thunderbird...

CVE-2022-4515

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags in sort.c calls the system3...

AZL-34647 CVE-2022-4515 affecting package ctags for versions less than 6.1.0-1

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags in sort.c calls the system3...

AZL-12083 CVE-2022-4515 affecting package ctags for versions less than 5.9.20220619.0-7

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags in sort.c calls the system3...