156 matches found
BIT-LIBPHP-2021-21706 ZipArchive::extractTo may extract outside of destination dir
In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS...
CVE-2025-54433
Bugsink is a self-hosted error tracking service. In versions 1.4.2 and below, 1.5.0 through 1.5.4, 1.6.0 through 1.6.3, and 1.7.0 through 1.7.3, ingestion paths construct file locations directly from untrusted eventid input without validation. A specially crafted eventid can result in paths outsi...
Bugsink path traversal via event_id in ingestion
Summary In affected versions, ingestion paths construct file locations directly from untrusted eventid input without validation. A specially crafted eventid can result in paths outside the intended directory, potentially allowing file overwrite or creation in arbitrary locations. Submitting such...
PT-2025-31371
Name of the Vulnerable Software and Affected Versions Bugsink versions 1.4.2 and below Bugsink versions 1.5.0 through 1.5.4 Bugsink versions 1.6.0 through 1.6.3 Bugsink versions 1.7.0 through 1.7.3 Description Bugsink is a self-hosted error tracking service. Ingestion paths construct file locatio...
CBL Mariner 2.0 Security Update: ansible (CVE-2023-5115)
The version of ansible installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5115 advisory. - An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to...
Ubuntu 22.04 LTS / 24.04 LTS : YAML-LibYAML vulnerability (USN-7632-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-7632-1 advisory. It was discovered that YAML-LibYAML incorrectly handled certain file names. An attacker could possibly use this issue to overwrite arbitrary files...
GHSA-R546-H3FF-Q585 Salt vulnerable to directory traversal attack in minion file cache creation
Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory...
CVE-2024-23216
A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to overwrite arbitrary files...
CVE-2023-23436
Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file...
CVE-2005-4691
imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, certain versions of X.Org, and certain versions of XFree86 allows local users to overwrite arbitrary files via a symlink attack on the temporary file for the file.0 target, which is used for a pre-formatted manual page...
Apple Xcode Security Update (HT122380)
Apple Xcode is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:xcode"; ifdescription...
CVE-2025-30441
This issue was addressed through improved state management. This issue is fixed in Xcode 16.3. An app may be able to overwrite arbitrary files...
CVE-2024-6854
In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a model to any file in the server's file structure, thereby overwriting it. This vulnerability can be exploited to overwrite any file on the target server with a...
CVE-2024-8019 Arbitrary File Write/Overwrite in lightning-ai/pytorch-lightning
In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the LightningApp when running on a Windows host. The vulnerability occurs at the /api/v1/uploadfile/ endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to...
Linux Distros Unpatched Vulnerability : CVE-2022-29154
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The serv...
Linux Distros Unpatched Vulnerability : CVE-2023-35936
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior...
Linux Distros Unpatched Vulnerability : CVE-2022-1924
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux element in lzo decompression function which causes a...
Linux Distros Unpatched Vulnerability : CVE-2020-28407
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as...
Linux Distros Unpatched Vulnerability : CVE-2017-0901
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesyste...
Linux Distros Unpatched Vulnerability : CVE-2018-19044
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users...