11 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-6297
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documente...
CVE-2024-13640
The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.4.1 via the 'wcdn/invoice' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in...
CVE-2022-22795 Signiant - Manager+Agents XML External Entity (XXE)
Signiant - Manager+Agents XML External Entity XXE - Extract internal files of the affected machine An attacker can read all the system files, the product is running with root on Linux systems and nt/authority on windows systems, which allows him to access and extract any file on the systems, such...
ALSA-2021:4316 Low: zziplib security update
The zziplib is a lightweight library to easily extract data from zip files. Security Fixes: zziplib: infinite loop via the return value of zzipfileread as used in unzzipcatfile CVE-2020-18442 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and othe...
Updated gnome-autoar packages fix security vulnerability
Yiğit Can Yılmaz discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution CVE-2020-36241...
CVE-2020-10277
There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files such as the shadow file or privilege escalation by manually adding a new user with sudo privileges on the machine...
CVE-2017-0305
F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature...
DLA-341-1 php5 - security update
Bulletin has no description...
Files extracted during updates are not always read only — Mozilla
Security researcher Ash reported an issue where the extracted files for updates to existing files are not read only during the update process. This allows for the potential replacement or modification of these files during the update process if a malicious application is present on the local syst...
Fedora Update for cabextract FEDORA-2010-14722
Check for the Version of cabextract OpenVAS Vulnerability Test Fedora Update for cabextract FEDORA-2010-14722 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
[SECURITY] Fedora 9 Update: chmsee-1.0.1-8.fc9
A gtk2 chm document viewer. It uses chmlib to extract files. It uses gecko to display pages. It supports displaying multilingual pages due to gecko. It features bookmarks and tabs. The tabs could be used to jump inside the chm file conveniently. Its UI is clean and handy, also is well localized. ...