570 matches found
CVE-2021-31566
An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. ...
CVE-2021-23177
CVE-2021-23177 concerns an improper link resolution flaw in libarchive when extracting archives. A crafted archive could trigger changes to the ACL of the link target, potentially allowing a local attacker to modify file ACLs and gain higher privileges. The vulnerability is described across multi...
CVE-2021-31566
An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. ...
CVE-2021-23177
An improper link resolution flaw while extracting an archive can lead to changing the access control list ACL of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw...
CVE-2021-23177
An improper link resolution flaw while extracting an archive can lead to changing the access control list ACL of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw...
CVE-2021-31566
An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. ...
Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2022-2027)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
QNAP QuTS hero Multiple Vulnerabilities (QSA-22-16)
QNAP QuTS hero is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qutshero"; ifdescriptio...
GHSA-98C8-36P9-GW66 Openstack DBaaS (Trove) Improper Link Resolution Before File Access
The writeconfig function in trove/guestagent/datastore/experimental/mongodb/service.py, resetconfiguration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, writeconfig function in trove/guestagent/datastore/experimental/redis/service.py, writemycnf function in...
Openstack DBaaS (Trove) Improper Link Resolution Before File Access
The writeconfig function in trove/guestagent/datastore/experimental/mongodb/service.py, resetconfiguration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, writeconfig function in trove/guestagent/datastore/experimental/redis/service.py, writemycnf function in...
Improper Link Resolution Before File Access in logilab-commons
The 1 extractkeysfrompdf and 2 fillpdf functions in pdfext.py in logilab-common before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf...
GHSA-4GV5-QHVR-36VV Improper Link Resolution Before File Access in pip
pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory...
CVE-2021-44052
An improper link resolution before file access 'Link Following' vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, and QTS. If exploited, this vulnerability allows remote attackers to traverse the file system to unintended locations and read or overwrite the...
Design/Logic Flaw
An improper link resolution before file access 'Link Following' vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, and QTS. If exploited, this vulnerability allows remote attackers to traverse the file system to unintended locations and read or overwrite the...
PT-2022-3428 · Qnap · Quts Hero +2
Name of the Vulnerable Software and Affected Versions: QuTS hero versions prior to h4.5.4.1971 build 20220310 QuTS hero versions prior to h5.0.0.1986 build 20220324 QTS versions prior to 4.2.6 build 20220304 QTS versions prior to 4.3.3.1945 build 20220303 QTS versions prior to 4.3.4.1976 build...
EulerOS Virtualization 2.9.0 : libarchive (EulerOS-SA-2022-1631)
According to the versions of the libarchive package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists,...
EulerOS Virtualization 2.9.1 : libarchive (EulerOS-SA-2022-1608)
According to the versions of the libarchive package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists,...
Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2022-1631)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2022-1608)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-20085
In netdiag, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06308877; Issue ID: ALPS06308877...