| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Versions 34.0 through 50.0 arevulnerable to arbitrary host file exfiltration (constrained by process privileges) when using virtio-block devices backed by raw images. A malicious guest can overwrite its disk header with a crafted QCOW2 structure pointing to a sensitive host path. Upon the next VM boot or disk scan, the image format auto-detection parses this header and serves the host file's contents to the guest. Guest-initiated VM reboots are sufficient to trigger a disk scan and do not cause the Cloud Hypervisor process to exit. Therefore, a single VM can perform this attack without needing interaction from the management stack. Successful exploitation requires the backing image to be either writable by the guest or sourced from an untrusted origin. Deployments utilizing only trusted, read-only images are not affected. This issue has been fixed in version 50.1. To workaround, enable land lock sandboxing and restrict process privileges and access. |
| A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be allowed. |
| File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources. It would be more difficult for an authenticated attacker to now traverse through the files and directories. This can only be exploited once an attacker has already found a way to get authenticated access to the device. |
| Incorrect Permission Assignment for Critical Resource in GitHub repository zerotier/zerotierone prior to 1.8.8. Local Privilege Escalation |
| Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3. |
| A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured. |
| Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to delete arbitrary files. |
| ADB Explorer is a fluent UI for ADB on Windows. Versions 0.9.26020 and below have an unvalidated command-line argument that allows any user to trigger recursive deletion of arbitrary directories on the Windows filesystem. ADB Explorer accepts an optional path argument to set a custom data directory, but only check whether the path exists. The ClearDrag() method calls Directory.Delete(dir, true) on every subdirectory of that path at both application startup and exit. An attacker can craft a malicious shortcut (.lnk) or batch script that launches ADB Explorer with a critical directory (e.g. C:\Users\%USERNAME%\Documents) as the argument, causing permanent recursive deletion of all its subdirectories. Any user who launches ADB Explorer via a crafted shortcut, batch file, or script loses the contents of the targeted directory permanently (deletion bypasses the Recycle Bin). This issue has been fixed in version 0.9.26021. |
| Improper access control vulnerability in M-Files Aino in versions before 24.10 allowed an authenticated user to access object information via incorrect evaluation of effective permissions. |
| External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network. |
| External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally. |
| External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform spoofing locally. |
| External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network. |
| External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. |
| External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. |
| An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected. |
| Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. |
| Penpot is an open-source design tool for design and code collaboration. Prior to version 2.13.2, an authenticated user can read arbitrary files from the server by supplying a local file path (e.g. `/etc/passwd`) as a font data chunk in the `create-font-variant` RPC endpoint, resulting in the file contents being stored and retrievable as a "font" asset. This is an arbitrary file read vulnerability. Any authenticated user with team edit permissions can read arbitrary files accessible to the Penpot backend process on the host filesystem. This can lead to exposure of sensitive system files, application secrets, database credentials, and private keys, potentially enabling further compromise of the server. In containerized deployments, the blast radius may be limited to the container filesystem, but environment variables, mounted secrets, and application configuration are still at risk. Version 2.13.2 contains a patch for the issue. |
| Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability. It may allow an authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE to elevate privilege. |
