Lucene search
K

301 matches found

Veracode
Veracode
added 2025/05/24 5:43 a.m.7 views

Time-of-check Time-of-use (TOCTOU) Race Condition

github.com/containerd/containerd is a Time-of-check Time-of-use TOCTOU Race Condition. The vulnerability is due to insufficient validation of image contents between the time of verification and the time of use during image unpacking, allowing malicious images to modify the host file system...

9.4CVSS6.5AI score0.00435EPSS
Exploits0References4Affected Software2
RedhatCVE
RedhatCVE
added 2025/05/23 10:35 a.m.6 views

CVE-2024-7625

In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the same file. This vulnerability,...

5.8CVSS6.6AI score0.00333EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:38 a.m.12 views

CVE-2024-24940

In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives...

4.3CVSS6.9AI score0.00275EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:1 a.m.6 views

CVE-2023-42523

Certain WithSecure products allow a remote crash of a scanning engine via unpacking of a PE file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security fo...

7.5CVSS7.1AI score0.00515EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/20 6:25 p.m.17 views

CVE-2025-47290 Containerd vulnerable to host filesystem access during image unpack

containerd is a container runtime. A time-of-check to time-of-use TOCTOU vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. The only affected version of containerd is 2.1.0...

9.4CVSS6.4AI score0.00435EPSS
Exploits0References3
CVE
CVE
added 2025/05/20 6:25 p.m.202 views

CVE-2025-47290

CVE-2025-47290 affects containerd v2.1.0, where a TOCTOU flaw during image unpack could allow an attacker to arbitrarily modify the host filesystem. The issue is limited to 2.1.0; 2.1.1 fixes it. Affected guidance: upgrade to containerd 2.1.1+; as a workaround, use only trusted images and restric...

9.4CVSS6.4AI score0.00435EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/05/20 12:0 a.m.3 views

containerd 安全漏洞

containerd is an industry standard container runtime from containerd open source. A security vulnerability exists in containerd version 2.1.0, which stems from a TOCTOU issue in the image unpacking process that could lead to arbitrary modifications to the host filesystem...

9.4CVSS6.5AI score0.00435EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.4 views

Progress Telerik UI 路径遍历漏洞

Progress Telerik UI is a suite of UI user interface controls for application development from Progress, Inc. A path traversal vulnerability exists in Progress Telerik UI prior to version 2025 Q1, which stems from the fact that the use of improper destination path restrictions could result in the...

9.8CVSS6.5AI score0.0039EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/10 12:0 a.m.2 views

PT-2025-7256 · Wavpack · Wavpack

Name of the Vulnerable Software and Affected Versions: Wavpack affected versions not specified Description: The issue is related to a crash caused by a use-of-uninitialized-value error. The crash occurs in the decimate dsd run function, which is called by WavpackUnpackSamples. This suggests a...

6.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 3:6 a.m.7 views

CVE-2024-6717

HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2...

7.7CVSS6.7AI score0.00388EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/05 12:0 a.m.2 views

curl 安全漏洞

curl is a cURL open source tool for transferring data from or to a server. A security vulnerability exists in curl versions 7.10.5 through 8.11.1, which stems from a buffer overflow that could be exploited by an attacker to cause a buffer overflow when automatically unpacking HTTP responses using...

7.3CVSS6.5AI score0.01218EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/11/13 12:0 a.m.3 views

PT-2024-41143 · 7 Zip · 7-Zip

Name of the Vulnerable Software and Affected Versions: 7-Zip affected versions not specified Description: The issue is related to a flaw in the Mark-of-the-Web protection mechanism of 7-Zip, which can lead to data protection violations. Exploitation of this issue may allow an attacker to execute...

4.3CVSS7.8AI score
Exploits0References1
SUSE Linux
SUSE Linux
added 2024/11/06 10:13 a.m.1 views

Security update for gradle

This update for gradle fixes the following issues: CVE-2023-35947: Fixed an issue while unpacking tar archives, where files could be created outside of the unpack location bsc1212931. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

6.9CVSS9.4AI score0.00528EPSS
Exploits0References4
OSV
OSV
added 2024/11/06 10:13 a.m.6 views

SUSE-SU-2024:3923-1 Security update for gradle

This update for gradle fixes the following issues: - CVE-2023-35947: Fixed an issue while unpacking tar archives, where files could be created outside of the unpack location bsc1212931...

8.1CVSS7.2AI score0.00528EPSS
Exploits0References3
OSV
OSV
added 2024/09/18 2:15 p.m.4 views

CVE-2024-31198

Out-of-bounds Read vulnerability in Open Networking Foundation ONF libfluid libfluidmsg module. This vulnerability is associated with program routine fluidmsg::of10::Port:unpack. This issue affects libfluid: 0.1.0...

7.5CVSS5.8AI score0.00328EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/16 12:0 a.m.5 views

PT-2024-22100 · Apple · Visionos +6

Name of the Vulnerable Software and Affected Versions: macOS Ventura versions 13.0 through 13.6 iOS versions 17.0 through 17.6 iPadOS versions 17.0 through 17.6 macOS Sonoma versions 14.0 through 14.6 macOS Sequoia versions 15.0 affected versions not specified for visionOS Description: A race...

8.1CVSS5.7AI score0.00499EPSS
Exploits1References47
Cvelist
Cvelist
added 2024/09/10 3:51 p.m.29 views

CVE-2024-45593 Nix affected by unsafe NAR unpacking

Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root...

9CVSS0.00566EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2024/09/04 12:0 a.m.295 views

Backdoor.Win32.Optix.02.b MVID-2024-0690 Hardcoded Credential

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/706ddc06ebbdde43e4e97de4d5af3b19.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Optix.02.b Vulnerability: Weak Hardcoded Credentials Description: Optix listens o...

7.4AI score
Exploits0
OSV
OSV
added 2024/08/21 3:28 p.m.27 views

GO-2022-0787 Symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations in dbdeployer in github.com/datacharmer/dbdeployer

Symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations in dbdeployer in github.com/datacharmer/dbdeployer...

6.1CVSS6.2AI score0.01186EPSS
Exploits0References3
OSV
OSV
added 2024/08/19 5:26 p.m.32 views

GO-2024-3073 Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking in github.com/hashicorp/nomad

Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking in github.com/hashicorp/nomad. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

5.8CVSS5.4AI score0.00333EPSS
Exploits0References3
Rows per page
Query Builder