EUVD-2023-58210

Malicious code in bioql PyPI...

Aim 安全漏洞

Aim is an easy-to-use and high-performance open source experiment tracker from Aim Open Source USA. A security vulnerability exists in Aim version 3.19.3, which stems from an unvalidated path to the tarfile.extractall function and could lead to arbitrary file extraction and overwriting...

GHSA-4HH3-VJ32-GR6J Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files

Summary Upon reviewing the MobSF source code, I identified a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension files, the measure intended to prevent Zip Slip attacks is improperly implemented. Since the implemented measure can be bypassed, the...

Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files

Summary Upon reviewing the MobSF source code, I identified a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension files, the measure intended to prevent Zip Slip attacks is improperly implemented. Since the implemented measure can be bypassed, the...

CVE-2023-5938

CVE-2023-5938 affects Arc up to versions prior to 1.6.0. The vulnerability arises because multiple functions process archives without validating contained filenames, enabling path traversal via zip slip. An administrator able to supply tampered archives to Arc could cause arbitrary files to be ex...

Path Traversal

ZIPFoundation is vulnerable to Path Traversal. The vulnerability is due to the package not validating if symlinks are pointing to paths outside the extraction directory. This allows an attacker to extract files in any arbitrary location and can also lead to code execution...

Arbitrary File Extraction

elfinder.netcore is vulnerable to arbitrary file extraction. Lack of secure validation of user-provided data to the ExtractAsync method allows attacker to extract arbitrary files...

DLA-570-1 kde4libs - security update

Bulletin has no description...

Siemens SIMATIC WinCC, PCS 7, and WinCC Runtime Professional Vulnerabilities (Update C)

OVERVIEW This updated advisory is a follow-up to the advisory update titled ICSA-16-208-01B Siemens SIMATIC WinCC, PCS 7, and WinCC Runtime Professional Vulnerabilities that was published October 4, 2016, on the NCCIC/ICS-CERT web site. Siemens has identified two vulnerabilities in SIMATIC WinCC,...

Siemens SIMATIC WinCC, PCS 7, and WinCC Runtime Professional Vulnerabilities (Update C)

OVERVIEW This updated advisory is a follow-up to the advisory update titled ICSA-16-208-01B Siemens SIMATIC WinCC, PCS 7, and WinCC Runtime Professional Vulnerabilities that was published October 4, 2016, on the NCCIC/ICS-CERT web site. Siemens has identified two vulnerabilities in SIMATIC WinCC,...