CVE-2022-26688

An issue in the handling of symlinks was addressed with improved validation. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious app with root privileges may be able to modify the contents of system files...

Apple macOS Monterey 后置链接漏洞

Apple macOS Monterey is the 18th major release of Apple's macOS for the Macintosh desktop operating system. A security vulnerability exists in Apple macOS Monterey version 12.3. An attacker has exploited the vulnerability to modify the contents of system files...

LXD vulnerable to Race Condition

LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer has an unsafe Chmod call that races against the stat in the Filepath.Walk function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice. Specific Go Packages Affected...

CVE-2022-22782

The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local...

ZOOM Rooms 安全漏洞

ZOOM Rooms is a software-based conferencing system from ZOOM USA. system that allows web conferencing on fixed endpoints, similar to traditional video conferencing systems. Zoom Rooms suffers from a security vulnerability that stems from being susceptible to local privilege escalation issues duri...

Cisco Unified Communications Manager 安全漏洞

Cisco Unified Communications Manager is a call processing component of Cisco's Unified Communications System. Unified Communications Manager Session Management Edition is the session management version of Unified Communications Manager. cisco Unified CM and Unified CM SME are vulnerable to an...

ASUS RT-AX56U update_json function path traversal vulnerability

The ASUS RT-AX56U is a wireless router from ASUS of Taiwan, China. A path traversal vulnerability exists in the ASUS RT-AX56U updatejson function due to insufficient filtering of special characters in URL parameters. An attacker can exploit the vulnerability to cause a service interruption by...

CVE-2022-23970

ASUS RT-AX56U’s updatejson function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another file with the same file name, which results in service disruption...

CVE-2022-23970

ASUS RT-AX56U’s updatejson function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another file with the same file name, which results in service disruption...

CVE-2022-23971

ASUS RT-AX56U’s updatePLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another PLC/PORT file with the same file name, which results in service...

Path traversal

ASUS RT-AX56U’s updatePLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another PLC/PORT file with the same file name, which results in service...

Path traversal

ASUS RT-AX56U’s updatejson function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another file with the same file name, which results in service disruption...

CVE-2022-23970

The CVE-2022-23970 entry concerns the ASUS RT-AX56U router. A path traversal flaw exists in the update_json function due to insufficient filtering of special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another file with the same filena...

CVE-2022-23970 ASUS RT-AX56U - Path Traversal

ASUS RT-AX56U’s updatejson function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another file with the same file name, which results in service disruption...

ASUS RT-AX56U 路径遍历漏洞

The ASUS RT-AX56U is a wireless router from ASUS of Taiwan, China. A path traversal vulnerability exists in the ASUS RT-AX56U updatejson function due to insufficient filtering of special characters in URL parameters. An attacker can exploit the vulnerability to cause a service interruption by...

VulnCheck KEV: CVE-2019-1385

A privilege escalation vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files...

CVE-2021-32008

The CVE-2021-32008 entry affects Secomea GateManager, versions 9.6.621421014 and earlier. The root cause is an improper limitation of a pathname to restricted directories, enabling a logged-in GateManager administrator to delete system files or directories. The connected sources confirm the affec...

Symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations in dbdeployer

Impact Users unpacking a tarball through dbdeployer may use a maliciously packaged tarball that contains symlinks to files external to the target. In such scenario, an attacker could induce dbdeployer to write into a system file, thus altering the computer defences. Mitigating factors For the...

CVE-2022-23426

A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows attackers to access files with system privilege...

CVE-2022-23426

A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows attackers to access files with system privilege...