Lucene search
K

1646 matches found

UbuntuCve
UbuntuCve
added 2018/02/23 9:29 p.m.23 views

CVE-2018-7442

An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite...

9.1CVSS7.3AI score0.02065EPSS
Exploits0References2
OSV
OSV
added 2018/02/23 9:29 p.m.2 views

DEBIAN-CVE-2018-7442

An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite...

9.1CVSS7.2AI score0.02065EPSS
Exploits0References1
OSV
OSV
added 2018/02/23 9:29 p.m.2 views

UBUNTU-CVE-2018-7442

An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite...

9.1CVSS7.4AI score0.02065EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2018/02/23 12:0 a.m.2 views

PT-2018-18074 · Dan Bloomberg +1 · Leptonica +1

Name of the Vulnerable Software and Affected Versions: Leptonica versions prior to 1.75.4 Description: The issue allows local users to potentially overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, due to the use of hardcoded /tmp...

9.8CVSS6.8AI score0.03798EPSS
Exploits3References32
CVE
CVE
added 2018/02/23 12:0 a.m.85 views

CVE-2018-7442

CVE-2018-7442 affects Leptonica up to 1.75.3 where gplotMakeOutput does not block '/' in the gplot rootname, enabling path traversal and arbitrary file overwrite. The vulnerability is reachable remotely (CVSS says NETWORK) with no authentication required and no user interaction. Impact per source...

9.1CVSS7.5AI score0.02065EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/02/23 12:0 a.m.34 views

CVE-2018-7442

An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite...

7.7AI score0.02065EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2018/02/23 12:0 a.m.28 views

CVE-2018-7442

An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite...

9.1CVSS9.2AI score0.02065EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2018/02/23 12:0 a.m.3 views

PT-2018-18075 · Dan Bloomberg +1 · Leptonica +1

Name of the Vulnerable Software and Affected Versions: Leptonica versions prior to 1.75.4 Description: An issue was discovered where the gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite...

9.8CVSS6.6AI score0.03798EPSS
Exploits3References38
Prion
Prion
added 2018/02/08 6:29 p.m.13 views

Design/Logic Flaw

This vulnerability allows remote attackers to create a denial-of-service condition on vulnerable installations of Quest NetVault Backup 11.2.0.13. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be easily bypassed. The specific flaw...

8.5CVSS8AI score0.05029EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2018/02/08 7:29 a.m.3 views

CVE-2018-0122

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are stored in the flash memory of an affected system. The vulnerability is due to insufficient...

6.6CVSS5.9AI score0.00376EPSS
Exploits0References4
OSV
OSV
added 2018/02/01 1:25 p.m.3 views

USN-3555-1 w3m vulnerabilities

It was discovered that w3m incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service. CVE-2018-6196, CVE-2018-6197 It was discovered that w3m incorrectly handled temporary files. An attacker could possibly use this to overwrite arbitrary files...

7.5CVSS6.8AI score0.04475EPSS
Exploits2References4
CNVD
CNVD
added 2018/01/25 12:0 a.m.4 views

w3m Arbitrary File Overwrite Vulnerability

w3m is an open source text-based Web browser . A security vulnerability exists in w3m 0.5.3 and earlier versions, which stems from the program failing to properly handle temporary files. A local attacker can exploit this vulnerability by performing a symbolic link attack to overwrite arbitrary...

4.7CVSS6.6AI score0.00402EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/01/24 12:0 a.m.25 views

CVE-2018-6198

w3m through 0.5.3 does not properly handle temporary files when the /.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files...

4.7CVSS6.8AI score0.00402EPSS
Exploits0References6
OSV
OSV
added 2018/01/23 1:29 a.m.4 views

CVE-2017-16598

This vulnerability allows remote attackers to execute code by overwriting arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed...

8.8CVSS6AI score0.04202EPSS
Exploits0References1
OSV
OSV
added 2018/01/23 1:29 a.m.3 views

CVE-2017-16601

This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

6.5CVSS5.9AI score0.02307EPSS
Exploits0References1
CNVD
CNVD
added 2018/01/03 12:0 a.m.1 views

Syncthing Symbolic Link Traversal Vulnerability

Syncthing is an open source continuous file synchronization program. A security vulnerability exists in Syncthing 0.14.33 and earlier versions. An attacker can exploit the vulnerability to overwrite arbitrary files...

7.5CVSS7AI score0.01509EPSS
Exploits0References1
Prion
Prion
added 2018/01/02 7:29 p.m.18 views

Design/Logic Flaw

Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite...

6.4CVSS7.5AI score0.01509EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/01/02 7:29 p.m.15 views

CVE-2017-1000420

Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite...

7.5CVSS7.5AI score0.01509EPSS
Exploits0References1
OSV
OSV
added 2018/01/02 7:29 p.m.1 views

UBUNTU-CVE-2017-1000420

Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite...

7.5CVSS7.2AI score0.01509EPSS
Exploits0References3
OSV
OSV
added 2018/01/02 7:29 p.m.28 views

CVE-2017-1000420

Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite...

7.5CVSS7.8AI score
Exploits0References1
Rows per page
Query Builder