11 matches found
Astra Linux - уязвимость в firefox
“EncryptingOutputStream” was vulnerable to exposing uninitialized data. This issue could only be exploited by writing data to a local disk, which may have implications for private browsing mode. This vulnerability affects Firefox ESR 115.6 and Firefox 121...
EUVD-2026-14561
OpenClaw before 2026.3.2 contains a race condition vulnerability in ZIP extraction that allows local attackers to write files outside the intended destination directory via parent-directory symlink rebind between path validation and file write operations. Attackers can exploit the gap between...
CVE-2026-32054 OpenClaw < 2026.2.25 - Symlink Traversal in Browser Trace/Download Path Handling
OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output path handling that allows local attackers to escape the managed temp root directory. An attacker with local access can create symlinks to route file writes outside the intended temp...
CVE-2026-27670
OpenClaw versions prior to 2026.3.2 contain a race condition vulnerability in ZIP extraction that allows local attackers to write files outside the intended destination directory. Attackers can exploit a time-of-check-time-of-use race between path validation and file write operations by rebinding...
CVE-2026-27670
OpenClaw versions prior to 2026.3.2 contain a race condition vulnerability in ZIP extraction that allows local attackers to write files outside the intended destination directory. Attackers can exploit a time-of-check-time-of-use race between path validation and file write operations by rebinding...
PT-2026-21675
Name of the Vulnerable Software and Affected Versions Docker Desktop versions prior to 4.62.0 Description An out of bounds read issue exists in the grpcfuse kernel module within the Linux VM used by Docker Desktop for Windows, Linux, and macOS. This could allow a local attacker to potentially cau...
Rocket TRUfusion Enterprise 安全漏洞
Rocket TRUfusion Enterprise is a product lifecycle management platform developed by the American company Rocket. Versions of Rocket TRUfusion Enterprise 7.10.5 and earlier contain security vulnerabilities. These vulnerabilities stem from improper cleaning of the jobDirectory parameter, which may...
IBM App Connect Enterprise Certified Container 安全漏洞
IBM App Connect Enterprise Certified Container is an image of the IBM App Connect Enterprise software product based on the International Business Machines IBM, Inc. The package is provided as an executable file that can be deployed and run in a containerized environment. A security vulnerability...
DEBIAN-CVE-2023-6865
EncryptingOutputStream was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. This vulnerability affects Firefox ESR 115.6 and Firefox 121...
OESA-2023-1337 cpio security update
GNU cpio copies files into or out of a cpio or tar archive.The archive can be another file on the disk, a magnetic tape, or a pipe. Security Fixes: cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an...
CVE-2022-23922
WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the Program Announcer directory and elevate permissions whenever the program is executed...