PT-2023-13427 · Intel · Intel Iris Xe Max Drivers

Name of the Vulnerable Software and Affected Versions: IntelR IrisR Xe MAX drivers for Windows versions prior to 100.0.5.1436v2 Description: The issue is related to an uncaught exception in the IntelR IrisR Xe MAX drivers for Windows, which may allow a privileged user to potentially enable denial...

Intel Iris Xe 安全漏洞

Intel Iris Xe is a display chip integrated inside the central processor from Intel Corporation USA. A security vulnerability exists in Intel Iris Xe MAX drivers versions prior to 100.0.5.1436 v2. An attacker could exploit this vulnerability to cause a denial of service on the system...

Intel Iris Xe 缓冲区错误漏洞

Intel Iris Xe is a display chip integrated inside the central processor from Intel Corporation USA. A security vulnerability exists in Intel Iris Xe MAX drivers prior to version 100.0.5.1474, which originates from a driver out-of-bounds read. An attacker could exploit the vulnerability to cause...

PT-2023-13011 · Intel · Intel Iris Xe Max Drivers

Name of the Vulnerable Software and Affected Versions: IntelR IrisR Xe MAX drivers for Windows versions prior to 100.0.5.1474 Description: The issue is an out-of-bounds read that may allow a privileged user to potentially enable information disclosure via local access. Recommendations: For versio...

SUSE CVE-2021-23772

This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder...

Intel® Iris® Xe MAX Advisory

Summary: Potential security vulnerabilities in the Intel® Iris® Xe MAX drivers for Windows may allow denial of service or information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2022-30531 Description: Out-of-bound...

GO-2022-0272 Directory traversal in github.com/kataras/iris and github.com/kataras/iris/v12

The Context.UploadFormFiles function is vulnerable to directory traversal attacks, and can be made to write to arbitrary locations outside the destination directory. This vulnerability only occurs when built with Go versions prior to 1.17. Go 1.17 and later strip directory paths from filenames...

PT-2022-17681 · Irisnet · Irisnext

Name of the Vulnerable Software and Affected Versions: IRISNext versions through 9.8.28 Description: The issue allows execution of arbitrary commands on the target server by creating a custom search or editing an existing search of the documents. The search components permit adding BeanShell...

IRIS IrisNext 命令注入漏洞

IRIS IrisNext is a document management solution from IRIS Luxembourg designed to manage, protect and use your company's information. A security vulnerability exists in IRISNext version 9.8.28 and prior versions of the BeanShell component, which originates from a BeanShell component that allows...

Link Following in Iris

This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder...

GHSA-JCXC-RH6W-WF49 Link Following in Iris

This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder...

CVE-2021-23772

A flaw was found in the Iris Web Framework, where the UploadFormFiles method unsafely handles file names during upload. This flaw allows an attacker to write in arbitrary locations outside the designated target folder...

Directory Traversal

github.com/kataras/iris is vulnerable to directory traversal. A malicious user is able to write to arbitrary locations using UploadFormFiles method in context file due to improper parsing of file paths...

Design/Logic Flaw

This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder...

CVE-2021-23772 Arbitrary File Write

This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder...

CVE-2021-23772

CVE-2021-23772 affects all versions of github.com/kataras/iris and iris/v12, due to unsafe handling of filenames in UploadFormFiles that can allow writing to arbitrary locations outside the target folder. Multiple sources (Red Hat, SUSE, OSV, CVE listings) consistently describe a directory-traver...

Iris 后置链接漏洞

Iris is a fast, simple, yet full-featured and very efficient Go web framework. A security vulnerability exists in iris version 12, which stems from the program's insecure handling of filenames during uploads using the UploadFormFiles method could allow an attacker to write to an arbitrary locatio...

Arbitrary File Write

Overview github.com/kataras/iris/v12 is a fast, simple yet fully featured and very efficient web framework for Go. Affected versions of this package are vulnerable to Arbitrary File Write. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write t...

Arbitrary File Write

Overview github.com/kataras/iris is a fast, simple yet fully featured and very efficient web framework for Go. Affected versions of this package are vulnerable to Arbitrary File Write. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to...

CVE-2021-0121

Improper access control in the installer for some IntelR IrisR Xe MAX Dedicated Graphics Drivers for Windows 10 before version 27.20.100.9466 may allow authenticated user to potentially enable escalation of privilege via local access...