45 matches found
Astra Linux - ŃŃŠ·Š²ŠøŠ¼Š¾ŃŃŃ Š² libvirt
A improper locking issue was detected in the virStoragePoolLookupByTargetPath API of libvirt. This issue occurs in the storagePoolLookupByTargetPath function, where a locked virStoragePoolObj object is not properly released in case of an ACL permission failure. Clients connecting to the read-writ...
ClearanceKit å®å Øę¼ę“
ClearanceKit is a macOS file system access control tool developed by Craig J. Bass. Versions of ClearanceKit prior to 5.0.4-beta-1f46165 contained security vulnerabilities. These vulnerabilities stemmed from the endpoint security event handler only checking the source path for double-path...
goshs å®å Øę¼ę“
Goshs is a simple HTTP server developed by Patrick Hener using Go language. Versions of Goshs from 1.0.7 to 2.0.0-beta.4 contained security vulnerabilities. These vulnerabilities stemmed from the SFTP command rename, which only cleaned up the source path but did not clean up the target path,...
CVE-2026-4220
A vulnerability has been found in Technologies Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /SetWebpagePic.jsp. The manipulation of the argument targetPath/Suffix leads to unrestricted upload. The attack may be initiated remotely. The...
CVE-2026-4220 Technologies Integrated Management Platform SetWebpagePic.jsp unrestricted upload
A vulnerability has been found in Technologies Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /SetWebpagePic.jsp. The manipulation of the argument targetPath/Suffix leads to unrestricted upload. The attack may be initiated remotely. The...
CVE-2026-4220
A vulnerability has been found in Technologies Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /SetWebpagePic.jsp. The manipulation of the argument targetPath/Suffix leads to unrestricted upload. The attack may be initiated remotely. The...
Tiandy Easy7 Integrated Management Platform 代ē é®é¢ę¼ę“
Tiandy Easy7 Integrated Management Platform is a comprehensive video surveillance management platform developed by Tiandy Company in China. The version 7.17.0 of Tiandy Easy7 Integrated Management Platform contains a code vulnerability. This vulnerability stems from operations on the parameters...
ZimaOS å®å Øę¼ę“
ZimaOS is an open-source operating system project by IceWhaleTech, aimed at providing a lightweight, high-performance, and secure operating system environment. Version ZimaOS 1.5.2-beta3 contains a security vulnerability, which stems from the API not properly verifying target paths. This could le...
CVE-2026-24137 sigstore legacy TUF client allows for arbitrary file writes with target cache path traversal
sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client pkg/tuf/client.go supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from...
Copier security vulnerabilities
Copier is an open-source library used for rendering project templates by Copier. Versions of Copier prior to 9.11.2 contained a security vulnerability. This vulnerability stemmed from the use of symbolic links and certain settings, which could lead to writing into directories outside of the targe...
EUVD-2025-198297
When zx is invoked with --prefer-local=, the CLI creates a symlink named ./nodemodules pointing to /nodemodules. Due to a logic error in src/cli.ts linkNodeModules / cleanup, the function returns the target path instead of the alias symlink path. The later cleanup routine removes what it received...
CVE-2025-13437
ZX contains a vulnerability (CVE-2025-13437) where, when invoked with --prefer-local=, the CLI creates a symlink ./node_modules to the specified path and a logic error in src/cli.ts (linkNodeModules/cleanup) returns the target path instead of the symlink path. The subsequent cleanup can delete th...
PT-2025-47601
Name of the Vulnerable Software and Affected Versions zx affected versions not specified Description A flaw exists in zx where, when invoked with the --prefer-local option pointing to a specific path, the command-line interface creates a symbolic link named ./node modules to the specified pathās...
Unity Linux 20.1070e Security Update: libvirt (UTSA-2025-680657)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680657 advisory. An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked...
EUVD-2022-7292
Malicious code in bioql PyPI...
CVE-2025-0332
In ProgressĀ® TelerikĀ® UI for WinForms, versions prior to 2025 Q1 2025.1.211, using the improper limitation of a target path can lead to decompressing an archive's content into a restricted directory...
CVE-2024-21518
This affects versions of the package opencart/opencart from 4.0.0.0. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files within a malicious archive to traverse the filesystem and be extracted to arbitrary locations. An...
SUSE CVE-2020-10703
A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools li...
SUSE CVE-2021-3667
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited...
libvirt: Improper locking on ACL failure in virStoragePoolLookupByTargetPath API
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited...