For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read. This could lead to important files being overwritten anywhere the Gradle process has write permissions. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. Gradle is a build tool with a focus on build automation and support for multi-language development. It is not clear whether a fix exists.Īrtifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). The namespace of this custom resource would be user's control and may have permission to correct it. The charging interface may expose resource information. In version 4.2.0 and prior, there is a permission flaw in the Sealos billing system, which allows users to control the recharge resource account `sealos io/v1/Payment`, resulting in the ability to recharge any amount of 1 renminbi (RMB). Sealos is a Cloud Operating System designed for managing cloud-native applications. In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH. Successful exploitation of this vulnerability may affect some wireless projection features. Vulnerability of apps' permission to access a certain API being incompletely verified in the wireless projection module. Attackers who bypass the selinux permission can exploit this vulnerability to crash the program. Format string vulnerability in the distributed file system.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |