Lucene search
K

32 matches found

OSV
OSV
added 2024/07/12 1:55 p.m.18 views

SUSE-SU-2024:2463-1 Security update for squashfs

This update for squashfs fixes the following issues: - CVE-2015-4645,CVE-2015-4646: Multiple buffer overflows fixed in squashfs-tools bsc935380 - CVE-2021-40153: Fixed an issue where an attacker might have been able to write a file outside of destination bsc1189936 - CVE-2021-41072: Fixed an issu...

8.1CVSS7.7AI score0.0691EPSS
Exploits2References8
OpenVAS
OpenVAS
added 2023/11/28 12:0 a.m.29 views

SUSE: Security Advisory (SUSE-SU-2023:4591-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.2AI score0.0691EPSS
Exploits2References6
SUSE CVE
SUSE CVE
added 2023/08/09 2:8 a.m.3 views

SUSE CVE-2022-48579

UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains...

7.5CVSS6.6AI score0.00722EPSS
Exploits0References3
OSV
OSV
added 2023/08/07 4:15 a.m.7 views

AZL-34592 CVE-2022-48579 affecting package clamav for versions less than 0.105.2-4

UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains...

7.5CVSS6.8AI score0.00722EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/08/07 4:15 a.m.6 views

CVE-2022-48579

UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains...

7.5CVSS6.7AI score0.00722EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:4 a.m.4 views

SUSE CVE-2020-1737

A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the winunzip module as the extracted files are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive...

7.5CVSS8.7AI score0.00362EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2021/11/09 6:30 p.m.5 views

gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory

autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location...

5.5CVSS7.4AI score0.00639EPSS
Exploits1References4
OSV
OSV
added 2021/08/27 3:15 p.m.7 views

AZL-7463 CVE-2021-40153 affecting package squashfs-tools for versions less than 4.5.1-1

squashfsopendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations...

8.1CVSS6.6AI score0.025EPSS
Exploits1References1
OSV
OSV
added 2021/08/27 3:15 p.m.4 views

ALPINE-CVE-2021-40153

squashfsopendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations...

8.1CVSS6.9AI score0.025EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/02/03 3:35 p.m.37 views

CVE-2019-11251 kubectl cp allows symlink directory traversal

The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be...

4.8CVSS6AI score0.0262EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2019/09/18 12:0 a.m.3 views

PT-2019-5665 · Kubernetes +1 · Kubernetes +1

Name of the Vulnerable Software and Affected Versions: Kubernetes versions 1.1 through 1.12 Kubernetes versions prior to 1.13.11 Kubernetes versions prior to 1.14.7 Kubernetes versions prior to 1.15.4 Description: The issue is related to the Kubernetes kubectl cp command, which allows an attacker...

7.8CVSS6.6AI score0.83433EPSS
Exploits1References24
Positive Technologies
Positive Technologies
added 2019/09/10 12:0 a.m.3 views

PT-2019-6092 · Unknown +9 · Squashfs-Tools +9

Name of the Vulnerable Software and Affected Versions: Squashfs-Tools version 4.5 Description: The issue is related to the squashfs opendir function in the unsquash-1.c component of Squashfs-Tools. This function stores the filename in the directory entry, which is then used by unsquashfs to creat...

8.1CVSS6.5AI score0.0691EPSS
Exploits2References105
Rows per page
Query Builder