15965 matches found
ROS-20250819-12
Vulnerability of configuration management and remote Salt operations execution system is related to incorrect input data validation in the findfile method of the GitFS class. Exploitation of the vulnerability could allow an attacker to manipulate files and directories Vulnerability in the Salt...
Linux Distros Unpatched Vulnerability : CVE-2025-53022
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TrustedFirmware-M aka Trusted Firmware for M profile Arm CPUs before 2.1.3 and 2.2.x before 2.2.1 lacks length validation during a firmware upgrade. While...
GHSA-P7Q8-GRRJ-3M8W Copier's safe template has filesystem write access outside destination path
Impact Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it turns out, a safe template can currently write files outside the destination path...
Copier's safe template has filesystem write access outside destination path
Impact Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it turns out, a safe template can currently write files outside the destination path...
CVE-2025-55293
Meshtastic (vulnerable before 2.6.3) allows crafting NodeInfo packets to overwrite a known node’s publicKey in NodeDB. Attack flow: first send NodeInfo with an empty publicKey to bypass size checks (clears existing key), then send a new key that gets stored. Root cause is improper handling of emp...
CVE-2025-55293 Meshtastic allows crafting of specific NodeInfo packets that overwrite any publicKey saved in the NodeDB
Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if p.publickey.size 0 ', clearing the existing publicKey and resetting the size to 0 for a know...
CVE-2025-55293 Meshtastic allows crafting of specific NodeInfo packets that overwrite any publicKey saved in the NodeDB
Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if p.publickey.size 0 ', clearing the existing publicKey and resetting the size to 0 for a know...
CVE-2025-55293 Meshtastic allows crafting of specific NodeInfo packets that overwrite any publicKey saved in the NodeDB
Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if p.publickey.size 0 ', clearing the existing publicKey and resetting the size to 0 for a know...
CVE-2025-55214
Copier library and CLI app for rendering project templates. From 7.1.0 to before 9.9.1, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it...
Meshtastic 授权问题漏洞
Meshtastic is a decentralized wireless off-grid mesh network LoRa protocol open-sourced by Meshtastic. An authorization issue vulnerability exists in Meshtastic versions prior to 2.6.3, which stems from bypassing public key authentication and could lead to malicious key overwriting...
PT-2025-33669 · Copier · Copier
Name of the Vulnerable Software and Affected Versions: Copier versions 7.1.0 through 9.9.0 Description: Copier, a library and CLI application for rendering project templates, allows for the potential to write files outside the intended destination path when rendering a generated directory structu...
Linux Distros Unpatched Vulnerability : CVE-2018-14681
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in kwajdreadheaders in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte...
Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2025-1138)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1138 advisory. Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim's tar.vim plugin can allow overwriting of arbitrary files when opening specially craft...
CLSA-2025-1755271747 dmidecode: Fix of CVE-2023-30630
CVE-2023-30630: prevent --dump-bin from overwriting local files to address privilege escalation vulnerability...
CVE-2025-55345
Using Codex CLI in workspace-write mode inside a malicious context repo, directory, etc could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory...
Linux Distros Unpatched Vulnerability : CVE-2024-44973
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mm, slub: do not call doslabfree for kfence object In 782f8906f805 the freeing of kfence...
Linux Distros Unpatched Vulnerability : CVE-2023-53065
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix perfoutputbegin parameter is incorrectly invoked in perfeventbpfoutput...
CVE-2024-52964
An Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability CWE-22 in Fortinet FortiManager version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9 and below 7.0.13 & FortiManager Cloud version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5 and before 7.2...
git: Fix of CVE-2025-46835
CVE-2025-46835: fix vulnerability where Git GUI can create and overwrite arbitrary writable files...
CVE-2012-10057
CVE-2012-10057 affects Lattice ispVM System v18.0.2 and is due to a buffer overflow when parsing the version attribute of the ispXCF XML tag in .xcf project files. This local, no-privilege path enables arbitrary code execution when a crafted .xcf is opened. Exploitation code/module exists (e.g., ...