Vulnerabilities (CVE)

Filtered by CWE-61
Total 43 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-0134 2 Linux, Nvidia 3 Linux Kernel, Nvidia Container Toolkit, Nvidia Gpu Operator 2024-11-08 N/A 4.1 MEDIUM
NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerability might lead to data tampering.
CVE-2024-39578 1 Dell 1 Powerscale Onefs 2024-09-03 N/A 6.3 MEDIUM
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.
CVE-2024-42367 2024-08-12 N/A 4.8 MEDIUM
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.2, static routes which contain files with compressed variants (`.gz` or `.br` extension) are vulnerable to path traversal outside the root directory if those variants are symbolic links. The server protects static routes from path traversal outside the root directory when `follow_symlinks=False` (default). It does this by resolving the requested URL to an absolute path and then checking that path relative to the root. However, these checks are not performed when looking for compressed variants in the `FileResponse` class, and symbolic links are then automatically followed when performing the `Path.stat()` and `Path.open()` to send the file. Version 3.10.2 contains a patch for the issue.