8 matches found
EUVD-2026-42769
decompress before 4.2.2 contains an improper path containment check that enables directory traversal and arbitrary file write. The safeMakeDir function index.js line 29 and the extraction path validation index.js line 106 use String.indexOf to verify the resolved path is within the output...
GHSA-R6QV-FRPC-Q66C Jenkins has a link following vulnerability allows arbitrary file creation
Jenkins 2.554 and earlier, LTS 2.541.2 and earlier does not safely handle symbolic links during the extraction of .tar and .tar.gz archives, allowing crafted archives to write files to arbitrary locations on the filesystem, restricted only by file system access permissions of the user running...
CVE-2025-69429
Affected product: ORICO NAS CD3510 (versions V1.9.12 and below). Vulnerability: Incorrect Symlink Follow that lets an attacker format a USB drive (ext4), create a symbolic link to the drive’s root, insert it into the NAS, and access the symlink directory mounted on the NAS to leak or tamper with ...
MiracleLinux 9 : rpm-4.16.1.3-27.el9_3 (AXSA:2024-7473:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7473:01 advisory. rpm: TOCTOU race in checks for unsafe symlinks CVE-2021-35937 rpm: races with chown/chmod/capabilities calls during installation CVE-2021-35938 rpm:...
CVE-2025-55345 Unsafe symlink following in restricted workspace-write sandbox leads to RCE
Using Codex CLI in workspace-write mode inside a malicious context repo, directory, etc could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory...
CVE-2025-55345 Unsafe symlink following in restricted workspace-write sandbox leads to RCE
Using Codex CLI in workspace-write mode inside a malicious context repo, directory, etc could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory...
Security update for rsync
This update for rsync fixes the following issues: CVE-2024-12084: heap buffer overflow in checksum parsing. bsc1234100 CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. bsc1234101 CVE-2024-12086: leak of a client machine's file contents through the...
CVE-2024-12088
A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the...