323 matches found
CVE-2023-45897
exfatprogs before 1.2.2 allows out-of-bounds memory access, such as in readfiledentryset...
libeconf: Stack overflow in function read_file at libeconf/lib/getfilecontents.c
A flaw was found in the libeconf library. This issue occurs when parsing a specially crafted configuration file, causing a stack-based buffer overflow that results in a denial of service...
The vulnerability of the read_file() function in the libeconf library for analyzing and managing configuration files allows a attacker to cause a service failure or execute arbitrary code.
The vulnerability of the readfile function in the libeconf library for analyzing and managing configuration files is related to the situation where the operation’s output goes beyond the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures or...
CVE-2023-39130
GNU gdb GDB 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function peas16 at /gdb/coff-pe-read.c...
SUSE CVE-2023-29450
JavaScript pre-processing can be used by the attacker to gain access to the file system read-only access on behalf of user "zabbix" on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data...
CVE-2023-26563
The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesystem-server.js directory traversal. As a result, an unauthenticated attacker can: - On Windows, list files in any directory, read any file, delete any file, upload any file to any directory accessible by the web server. - On...
Syncfusion ej2-filemanager-node-filesystem 路径遍历漏洞
Syncfusion ej2-filemanager-node-filesystem is an application from Syncfusion, Inc. Syncfusion ej2-filemanager-node-filesystem has a security vulnerability that stems from filesystem-server.js being vulnerable to a directory traversal attack, which can be exploited by an attacker to list any file ...
CVE-2023-2161
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized read access to the file system when a malicious configuration file is loaded on to the software by a local user...
PT-2023-5283 · Libeconf +3 · Libeconf +3
Name of the Vulnerable Software and Affected Versions: libeconf version 0.5.1 Description: The issue is related to a stack overflow vulnerability in the read file function of the libeconf library, which can be exploited by a remote attacker to cause a denial of service or execute arbitrary code...
PT-2023-35698 · Mosquitto · Mosquitto
Name of the Vulnerable Software and Affected Versions: mosquitto affected versions not specified Description: A heap buffer overflow read issue has been identified. The crash occurs in the mosquitto strdup function, which is called by config read file core and config read file. Recommendations: A...
SUSE CVE-2018-16424
A double free when handling responses in readfile in tools/egk-tool.c aka the eGK card tool in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service application crash or possibly have unspecified other impact...
SUSE CVE-2019-8980
A memory leak in the kernelreadfile function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service memory consumption by triggering vfsread failures...
SUSE CVE-2021-32549
It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users...
SUSE CVE-2021-32554
It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users...
SUSE CVE-2021-32552
It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users...
SUSE CVE-2021-32553
It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users...
SUSE CVE-2021-32555
It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users...
The vulnerability of the ext4_read_file function in the Cboot module of the NVIDIA Jetson computing platform’s driver suite allows a malicious actor to execute arbitrary code, gain elevated privileges, or cause partial service failure.
The vulnerability of the ext4readfile function in the Cboot module of the NVIDIA Jetson computing platform’s driver suite is related to a numerical overflow vulnerability. Exploiting this vulnerability could allow an attacker to execute arbitrary code, gain elevated privileges, or cause partial...
CVE-2022-28195
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4readfile function, where insufficient validation of untrusted data may allow a highly privileged local attacker to cause a integer overflow, which may lead to code execution, escalation of privileges, limited denial of...
CVE-2022-24683
HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec or job-submit capabilities to read arbitrary files on the host filesystem as root...