144 matches found
AMD Secure Processor(ASP) 安全漏洞
AMD Secure Processor ASP is a standalone ARM Coretex-A5 chip from UltraMicroelectronics AMD. AMD Secure Processor ASP suffers from a security vulnerability that stems from the fact that TOCTOU may allow a physical attacker to write outside of buffer boundaries, which could result in loss of...
tar-utils 路径遍历漏洞
tar-utils is a set of tar utilities from the go-ipfs codebase by the individual developer Whyrusleeping. A path traversal vulnerability exists in tar-utils, which stems from an incorrect path, where an archive file containing a relative file path could result in a file being written or overwritte...
kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region
A flaw was found in KVM. When updating a guest's page table entry, vmpgoff was improperly used as the offset to get the page's pfn. As vaddr and vmpgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and...
Out of bounds write in TFLite
Impact An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive under certain conditions. Patches We have patched t...
ALPINE-CVE-2021-41072
squashfsopendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create th...
ALPINE-CVE-2021-40153
squashfsopendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations...
AZL-7463 CVE-2021-40153 affecting package squashfs-tools for versions less than 4.5.1-1
squashfsopendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations...
PT-2021-12081 · Github.Com/Whyrusleeping/Tar Utils +3 · Github.Com/Whyrusleeping/Tar-Utils +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is caused by improper path sanitization, allowing archives with relative file paths to write or overwrite files outside the intended directory...
UBUNTU-CVE-2021-29488
SABnzbd is an open source binary newsreader. A vulnerability was discovered in SABnzbd that could trick the filesystem.renamer function into writing downloaded files outside the configured Download Folder via malicious PAR2 files. A patch was released as part of SABnzbd 3.2.1RC1. As a workaround,...
PT-2021-16921 · Joomla · Joomla!
Name of the Vulnerable Software and Affected Versions: Joomla! versions 3.0.0 through 3.9.24 Description: An issue was discovered where extracting a specifically crafted zip package could write files outside of the intended path. Recommendations: For Joomla! versions 3.0.0 through 3.9.24, update ...
Microsoft Windows CreateXlateObject Out-Of-Bounds Write Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
PT-2019-6092 · Unknown +9 · Squashfs-Tools +9
Name of the Vulnerable Software and Affected Versions: Squashfs-Tools version 4.5 Description: The issue is related to the squashfs opendir function in the unsquash-1.c component of Squashfs-Tools. This function stores the filename in the directory entry, which is then used by unsquashfs to creat...
PT-2019-11751 · Jenkins · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.185 and earlier Jenkins LTS versions 2.176.1 and earlier Description: A path traversal issue allows attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory. This...
UBUNTU-CVE-2019-3902
A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository...
glusterfs: Files can be renamed outside volume
A flaw was found in RPC request using gfs3renamereq in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume...
Red Hat glusterfs server RPC request processor component reset vulnerability
Red Hat glusterfs server is an open source distributed file system from Red Hat Red Hat. The system is mainly for media streaming , data analysis and other data and bandwidth intensive tasks to create large-scale distributed storage solutions. A security vulnerability exists in the 'gfs3renamereq...
Design/Logic Flaw
A flaw was found in RPC request using gfs3renamereq in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume...
UBUNTU-CVE-2018-10930
A flaw was found in RPC request using gfs3renamereq in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume...
glusterfs: Files can be renamed outside volume
A flaw was found in RPC request using gfs3renamereq in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume...
CVE-2017-14804 package builds could use directory traversal to write outside of target area
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...