CVE-2022-2560
published 2023-03-29CVE-2022-2560: This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP 22.1.0 Server. Authentication is not…
PriorityP277critical9.1CVSS 3.1
AVNACLPRNUINSUCNIHAH
EPSS
77.69%
99.5th percentile
This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP 22.1.0 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HttpFile class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. Was ZDI-CAN-17481.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| enterprisedt | completeftp | — | — |
| enterprisedt | completeftp_server | < 22.1.1 | 22.1.1 |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
nvdv3.08.2HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5xr5-9vfx-374w: This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP CompleteFTP Server v22
ghsa_unreviewed·2023-03-29
CVE-2022-2560 [CRITICAL] CWE-22 GHSA-5xr5-9vfx-374w: This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP CompleteFTP Server v22
This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP CompleteFTP Server v22.1.0 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HttpFile class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. Was ZDI-CAN-17481.
Red Hat
kernel: f2fs: fix to do sanity check on total_data_blocks
vendor_redhat·2025-02-26·CVSS 5.5
CVE-2022-49360 [MEDIUM] kernel: f2fs: fix to do sanity check on total_data_blocks
kernel: f2fs: fix to do sanity check on total_data_blocks
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to do sanity check on total_data_blocks
As Yanming reported in bugzilla:
https://bugzilla.kernel.org/show_bug.cgi?id=215916
The kernel message is shown below:
kernel BUG at fs/f2fs/segment.c:2560!
Call Trace:
allocate_segment_by_default+0x228/0x440
f2fs_allocate_data_block+0x13d1/0x31f0
do_write_page+0x18d/0x710
f2fs_outplace_write_data+0x151/0x250
f2fs_do_write_data_page+0xef9/0x1980
move_data_page+0x6af/0xbc0
do_garbage_collect+0x312f/0x46f0
f2fs_gc+0x6b0/0x3bc0
f2fs_balance_fs+0x921/0x2260
f2fs_write_single_data_page+0x16be/0x2370
f2fs_write_cache_pages+0x428/0xd00
f2fs_write_data_pages+0x96e/0xd50
do_writepages+0x168/0x550
__writeback_single_inode+0x9
No detection rules found.
No public exploits indexed.
2023-03-29
Published