223 matches found
The vulnerability of the Filesystem component in Oracle Solaris allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Filesystem component in Oracle Solaris is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
Design/Logic Flaw
Vite is a frontend tooling framework for javascript. The Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area...
CVE-2023-45139
fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...
SUSE-SU-2023:4329-1 Security update for slurm
This update for slurm fixes the following issues: - CVE-2023-41914: Fixed a filesystem handling race conditions that could lead to an attacker taking control of an arbitrary file. bsc1216207...
CVE-2023-22128
Vulnerability in the Oracle Solaris product of Oracle Systems component: Filesystem. Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via rquota to compromise Oracle Solaris. Successful attacks require human...
CVE-2023-20197
A vulnerability in the filesystem image parser for Hierarchical File System Plus HFS+ of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is...
CVE-2023-20197
A vulnerability in the filesystem image parser for Hierarchical File System Plus HFS+ of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is...
Path traversal
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and extract arbitrary files using Zip Slip method to any location on the underlying filesystem with root...
CVE-2023-30945
Multiple Services such as VHSVideo History Server and VCDVideo Clip Distributor and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesyst...
Input validation
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device. These vulnerabilities are due to insufficient input validation. An attacker cou...
CVE-2023-31472
An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied...
Command injection
An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied...
CVE-2023-31476
An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters the working directory is /www...
CVE-2023-31476
An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters the working directory is /www...
Design/Logic Flaw
In buildPropFile of filesystem.go, there is a possible insecure hash due to an improperly used crypto. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262892...
The vulnerability of the ntfs_read_mft() function in the kernel module fs/ntfs3/inode.c of the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the ntfsreadmft function in the fs/ntfs3/inode.c file of the Linux kernel is related to the lack of checks for valid attribute sizes. Exploiting this vulnerability could allow an attacker to cause a service failure...
SUSE CVE-2021-38203
btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service deadlock via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system spaceinfo...
SUSE CVE-2022-3621
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfsbmaplookupatlevel of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is...
Arbitrary File Deletion
github.com/pterodactyl/wingso is vulnerable to Arbitrary File Deletion. A remote authenticated attacker is able to delete files and directories recursively on the host system via the vulnerable Delete function of filesystem.go. This vulnerability can further be exploited to overwrite existing fil...
CVE-2022-45103
Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system...