3 matches found
SUSE CVE-2018-16867
A flaw was found in qemu Media Transfer Protocol MTP before version 3.1.0. A path traversal in the in usbmtpwritedata function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lea...
CVE-2018-16872
A flaw was found in qemu Media Transfer Protocol MTP. The code opening files in usbmtpgetobject and usbmtpgetpartialobject and directories in usbmtpobjectreaddir doesn't consider that the underlying filesystem may have changed since the time lstat2 was called in usbmtpobjectalloc, a classical...
CVE-2018-16867
A flaw was found in qemu Media Transfer Protocol MTP before version 3.1.0. A path traversal in the in usbmtpwritedata function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lea...