3 matches found
CVE-2026-50162
A flaw was found in oras-go. The file content store, intended to confine writes to a specified working directory, does not properly account for symbolic link symlink traversal. A remote attacker, by providing a specially crafted blob title, could exploit this vulnerability to create files outside...
GO-2021-0099 Zip slip directory exploit in github.com/deislabs/oras
Due to improper path validation, using the github.com/deislabs/oras/pkg/content.FileStore content store may result in directory traversal during archive extraction, allowing a malicious archive to write paths to arbitrary paths that the process can write to...
CVE-2011-5096
Stack-based buffer overflow in cstore.exe in the Media Application Server MAS in Avaya Aura Application Server 5300 formerly Nortel Media Application Server 1.x before 1.0.2 and 2.0 before Patch Bundle 10 allows remote attackers to execute arbitrary code via a crafted csanams parameter in a...