SUSE CVE-2022-37706

enlightenmentsys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring...

Enlightenment 0.25.3 Privilege Escalation

Title: Enlightenment Version: 0.25.3 LPE Author: nu11secur1ty Date: 12.26.2022 Vendor: https://www.enlightenment.org/ Software: https://www.enlightenment.org/download Reference: https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2022-37706 Description: The Enlightenment Version: 0.25.3 is...

CVE-2022-37706

enlightenmentsys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring...

UBUNTU-CVE-2022-37706

enlightenmentsys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring...

CVE-2022-37706

enlightenmentsys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring...

CVE-2022-37706

enlightenmentsys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring...

Ubuntu 20.04 LTS / 22.04 LTS : Pillow vulnerabilities (USN-5777-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5777-1 advisory. It was discovered that Pillow incorrectly handled the deletion of temporary files when using a temporary directory that contains spaces. An...

DEBIAN-CVE-2022-40299

In Singular before 4.3.1, a predictable /tmp pathname is used e.g., by sdb.cc, which allows local users to gain the privileges of other users via a procedure in a file under /tmp. NOTE: this CVE Record is about sdb.cc and similar files in the Singular interface that have predictable /tmp pathname...

PT-2022-25335 · Singular +1 · Singular +1

Name of the Vulnerable Software and Affected Versions: Singular versions prior to 4.3.1 Description: The issue is related to the use of predictable /tmp pathnames in files such as sdb.cc within the Singular interface. This predictability allows local users to gain the privileges of other users vi...

CVE-2022-39838

Systematic FIX Adapter ALFAFX 2.4.0.25 13/09/2017 allows remote file inclusion via a UNC share pathname, and also allows absolute path traversal to local pathnames...

Path traversal

Systematic FIX Adapter ALFAFX 2.4.0.25 13/09/2017 allows remote file inclusion via a UNC share pathname, and also allows absolute path traversal to local pathnames...

CVE-2022-39838

Systematic FIX Adapter ALFAFX 2.4.0.25 13/09/2017 allows remote file inclusion via a UNC share pathname, and also allows absolute path traversal to local pathnames...

EulerOS Virtualization 2.10.0 : python-pillow (EulerOS-SA-2022-2037)

According to the versions of the python-pillow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - pathgetbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. CVE-2022-22815 - pathgetbbox in path.c ...

Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2022-2037)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Pallets Werkzeug vulnerable to Path Traversal

In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names such as C: in Windows pathnames...

GHSA-CR78-RPHW-W73P Moodle Arbitrary File Read via Backup Functionality

The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration...

CVE-2022-24303

Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled...

ALPINE-CVE-2022-24303

Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled...

DEBIAN-CVE-2022-24303

Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled...

CVE-2022-24303

Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled...