25 matches found
PT-2026-33229
Summary goshs contains an SFTP root escape caused by prefix-based path validation. An authenticated SFTP user can read from and write to filesystem paths outside the configured SFTP root, which breaks the intended jail boundary and can expose or modify unrelated server files. Details The SFTP...
ibaPDA security vulnerabilities
ibaPDA is an industrial process data acquisition and analysis system developed by the German company iba. There is a security vulnerability in ibaPDA, which allows unauthorized operations on the file system under certain conditions. This vulnerability may affect the confidentiality, integrity, or...
CVE-2025-54547
On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions e.g, scp, sftp multiplexed onto the same channel could perform file-system operations after a configured session timeout expired...
CVE-2025-54547
On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions e.g, scp, sftp multiplexed onto the same channel could perform file-system operations after a configured session timeout expired...
CVE-2025-54547
CVE-2025-54547 affects Arista DANZ Monitoring Fabric and related platforms where SSH session multiplexing (ControlMaster) is used. The issue allows SSH sessions multiplexed onto the same channel (e.g., scp/sftp) to perform file-system operations after a session timeout, under specific conditions ...
CVE-2025-54547 On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions (e.g, scp, sftp) multiplexed onto the same channel could perform file-system operations after a configured session timeout expired
On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions e.g, scp, sftp multiplexed onto the same channel could perform file-system operations after a configured session timeout expired...
EUVD-2020-0279
Malware in sbrugna...
EUVD-2013-0676
Malware in sbrugna...
CVE-2025-59016 Information Disclosure via File Abstraction Layer
Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 allow backend users to disclose full file paths via failed low-level file-system operations...
CVE-2024-3980
Hitachi Energy CVE-2024-3980 affects MicroSCADA Pro/X SYS600 (and related MACH GWS components per ICS/CISA notes). The vulnerability arises from inadequate input validation that lets an authenticated user influence file paths/file names used in filesystem operations, enabling access or modificati...
GHSA-23RX-C3G5-HV9W Deno permission escalation vulnerability via open of privileged files with missing `--deny` flag
The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading /proc/self/environ may provide access equivalent to --allow-env, and writing /proc/self/mem may provide access equivalent t...
Deno permission escalation vulnerability via open of privileged files with missing `--deny` flag
The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading /proc/self/environ may provide access equivalent to --allow-env, and writing /proc/self/mem may provide access equivalent t...
SUSE-SU-2022:3674-1 Security update for clone-master-clean-up
This update for clone-master-clean-up fixes the following issues: - CVE-2021-32000: Fixed some potentially dangerous file system operations bsc1181050. Bugfixes: - Fixed failures to remove btrfs snapshots bsc1203651...
CVE-2022-24897 Arbitrary filesystem write access from Velocity
APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Starting with version 2.3 and prior to 12.6.7, 12.10.3, and 13.0, the velocity scripts are not properly sandboxed against using the Java File API to perform read or write operations on the filesystem...
Rockwell Automation ISaGRAF5 Runtime Cleartext Transmission of Sensitive Information (CVE-2020-25178)
ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote...
The vulnerability of the Windows Installer installation service on Microsoft Windows operating systems allows attackers to escalate their privileges.
The vulnerability of the Windows Installer installation service on Microsoft Windows operating systems is related to improper handling of file system operations. Exploiting this vulnerability can allow an attacker to increase their privileges...
CVE-2020-14057
Monsta FTP 2.10.1 or below allows external control of paths used in filesystem operations. This allows attackers to read and write arbitrary local files, allowing an attacker to gain remote code execution in common deployments...
The vulnerability of the Windows Installer installation service on Microsoft Windows operating systems allows attackers to escalate their privileges.
The vulnerability of the Windows Installer installation service on Microsoft Windows operating systems is related to improper handling of file system operations. Exploiting this vulnerability can allow an attacker to increase their privileges...
Microsoft Windows Installer elevation of privilege vulnerability (CNVD-2021-31220)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, U.S.A. Microsoft Windows is a set of operating systems for personal devices.Microsoft Windows Server is a set of server operating systems. Windows Installer is one of the Windows-based tool components, main...
Microsoft Windows and Windows Server Elevation of Privilege Vulnerability (CNVD-2021-73132)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation-of-privilege vulnerability exists in Microsoft Windows and Windows Server, which stems from a...