GSD-2022-1000045 net/mlx5e: Wrap the tx reporter dump callback to extract the sq

net/mlx5e: Wrap the tx reporter dump callback to extract the sq This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.90 by commit...

AZL-8960 CVE-2021-45953 affecting package dnsmasq for versions less than 2.89-1

Dnsmasq 2.86 has a heap-based buffer overflow in extractname called from hashquestions and fuzzutil.c. NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge...

Heap overflow

DISPUTED Dnsmasq 2.86 has a heap-based buffer overflow in extractname called from answerauth and FuzzAuth. NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge."...

Dnsmasq 缓冲区错误漏洞

dnsmasq is a lightweight DNS forwarding and DHCP and TFTP server written in C. It can be used as a server to forward DNS, DHCP, and TFTP. Dnsmasq 2.86 suffers from a buffer error vulnerability that stems from a heap-based buffer overflow in extractname called from answerauth and FuzzAuth...

OSV-2021-1658 Null-dereference READ in istio.io/istio/security/pkg/util.ExtractJwtAud

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42142 Crash type: Null-dereference READ Crash state: istio.io/istio/security/pkg/util.ExtractJwtAud...

Directory traversal

ServerManagement master branch as of commit 49491cc6f94980e6be7791d17be947c27071eb56 is affected by a directory traversal vulnerability. This vulnerability can be used to extract credentials which can in turn be used to execute code...

PT-2021-22372 · Octorpki · Octorpki

Name of the Vulnerable Software and Affected Versions: OctoRPKI affected versions not specified Description: The issue allows a repository to create a file that can be written to disk outside the base cache folder due to a failure to escape a URI with a filename containing "..". This could enable...

VulnCheck KEV: CVE-2020-5847

Unraid contains a vulnerability due to the insecure use of the extract PHP function that can be abused to execute remote code as root. This CVE is chainable with CVE-2020-5849 for initial access...

Code injection

The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality...

CVE-2021-42540 Emerson WirelessHART Gateway

The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality...

CVE-2021-38394

An attacker with physical access to the device can extract the binary that checks for the hardware key and reverse engineer it, which could be used to create a physical duplicate of a valid hardware key. The hardware key allows access to special settings when inserted...

Safari Credential Gatherer

This module searches for Safari credentials on a Windows host. Module Options msf use post/windows/gather/credentials/safari msf postsafari show actions ...actions... msf postsafari set ACTION msf postsafari show options ...show and set options... msf postsafari run This module requires Metasploi...

airust (=0.1.6), font (>=0.2.0 <=0.3.2) +6 more potentially affected by CVE-2021-26953 via postscript (>=0.10.1 <=0.11.1)

postscript CARGO version =0.10.1, =0.2.0, =0.0.2, =0.1.0, =0.15.0, =0.1.0, =0.6.3 - text =0.0.4 Source cves: CVE-2021-26953 Source advisory: OSV:GHSA-FHVC-GP6C-H2WX...

OSV-2021-934 Heap-buffer-overflow in extract_addresses

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35865 Crash type: Heap-buffer-overflow WRITE 1 Crash state: extractaddresses FuzzExtractTheAddress fuzzrfc1035.c...

PT-2021-7713 · Dnsmasq +2 · Dnsmasq +2

Name of the Vulnerable Software and Affected Versions: Dnsmasq affected versions not specified Description: The issue is related to a buffer overflow in the extract name function of the fuzz util.c component of the Dnsmasq DNS server. This could allow a remote attacker to access confidential data...

PT-2021-7716 · Dnsmasq +2 · Dnsmasq +2

Name of the Vulnerable Software and Affected Versions: Dnsmasq affected versions not specified Description: The issue is related to a buffer overflow in the extract name function of the Dnsmasq DNS server. This could allow a remote attacker to access confidential data, compromise its integrity, a...

DEBIAN-CVE-2017-20006

UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile...

CVE-2021-35958

TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.getfile is used with extract=True. NOTE: the vendor's position is that tf.keras.utils.getfile is not intended for untrusted archives...

PT-2021-21079 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.1 Description: The issue allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get file is used with extract=True. It's noted that the vendor's position is that...

PT-2021-11424 · Red Hat · Openshift-Clients

Name of the Vulnerable Software and Affected Versions: openshift-clients versions up to and including 4.7.0-202104250659.p0.git.95881af Description: A Zip Slip vulnerability was found in the oc binary where an arbitrary file write is achieved by using a specially crafted raw container image .tar...