Lucene search
K

1647 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 3:40 a.m.1 views

SUSE CVE-2021-32803

The npm package "tar" aka node-tar before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in...

8.1CVSS8AI score0.07795EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2022/12/28 12:0 a.m.37 views

EulerOS Virtualization 2.10.1 : rsync (EulerOS-SA-2022-2942)

According to the versions of the rsync package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories ...

9.8CVSS7.6AI score0.1593EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2022/12/14 12:0 a.m.5 views

PT-2022-27794 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server version 3.7.0 Description: An improper limitation of a pathname to a restricted directory was identified, enabling remote code execution. A check was added within Pages to ensure the working directory is clean before...

9.8CVSS9.8AI score0.01449EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/11/30 12:0 a.m.26 views

Adobe Creative Cloud Security Update (APSB21-18) - Mac OS X

Adobe Creative cloud is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:creativecloud";...

9.3CVSS6.8AI score0.02467EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/11/30 12:0 a.m.19 views

Adobe Creative Cloud Security Update (APSB21-18) - Windows

Adobe Creative cloud is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:creativecloud";...

9.3CVSS6.8AI score0.02467EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/11/24 6:39 a.m.22 views

CVE-2022-44749 Opening workflows from untrusted resources may override arbitrary file system contents

A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Analytics Platform 3.2.0 and above can result in arbitrary files being overwritten on the user's system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME workflow that, when being...

5.5CVSS7.6AI score0.00407EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/11/14 12:0 a.m.4 views

Liferay Portal和Liferay DXP 路径遍历漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

7.5CVSS7.3AI score0.00857EPSS
Exploits0References5
OSV
OSV
added 2022/11/11 11:4 a.m.3 views

OESA-2022-2084 nodejs-fstream security update

Provides advanced file system stream objects for Node.js. These objects are like FS streams, but with stat on them, and support directories and symbolic links, as well as normal files. Also, you can use them to set the stats on a file, even if you don't change its contents, or to create a symlink...

7.5CVSS8.9AI score0.02781EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/11/07 12:0 a.m.4 views

The vulnerability of the command-line interface (CLI) of microprogramming software for Cisco TelePresence Collaboration Endpoint conference call control devices and Cisco RoomOS operating systems allows a hacker to overwrite arbitrary files.

The vulnerability of the command-line interface CLI of microprogramming software for Cisco TelePresence Collaboration Endpoint conference call controllers and Cisco RoomOS operating systems is related to access control deficiencies. Exploiting this vulnerability could allow a attacker to re-recor...

4.6CVSS7.2AI score0.00413EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/09/28 11:0 p.m.3 views

CVE-2022-20930

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands...

6.7CVSS6.8AI score0.00231EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/09/23 6:59 p.m.6 views

CVE-2022-32807

This issue was addressed with improved file handling. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to overwrite arbitrary files...

6.3AI score0.00685EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2022/09/15 8:54 a.m.2 views

Archive_Tar: improper filename sanitization leads to file overwrites

A flaw was found in the ArchiveTar package. PEAR ArchiveTar could allow a local authenticated attacker to bypass security restrictions caused by a stream-wrapper attack. An attacker can overwrite arbitrary files on the system using a specially-crafted tar archive...

7.8CVSS5.9AI score0.84554EPSS
Exploits4References5
ATTACKERKB
ATTACKERKB
added 2022/09/09 3:15 p.m.4 views

CVE-2022-36850

Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 Release 1 allows attacker to overwrite arbitrary file with phone uid...

4.7CVSS5.9AI score0.00103EPSS
Exploits0References2
Prion
Prion
added 2022/09/09 3:15 p.m.16 views

Path traversal

Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 Release 1 allows attacker to overwrite arbitrary file with phone uid...

1CVSS5AI score0.00103EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/07/20 12:0 a.m.4 views

Apple macOS Big Sur 输入验证错误漏洞

Apple macOS Big Sur is the 17th major release of Apple's macOS for MAC operating system from Apple USA. Apple macOS Big Sur suffers from an input validation error vulnerability that stems from an application that may be able to overwrite arbitrary files...

7.1CVSS7AI score0.00685EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2022/06/28 7:58 a.m.5 views

nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite

A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain both a directory and a symlink with the same name, where the symlink and directory names in the archive entry used backslashes as a path separator, made it possible to bypass node-tar symlink checks on...

8.6CVSS7.4AI score0.03286EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/06/28 7:58 a.m.2 views

nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite

A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain two directories and a symlink with names containing Unicode values that normalize to the same value on Windows systems made it possible to bypass node-tar symlink checks on directories. This allows an...

8.6CVSS7.4AI score0.0185EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/06/21 12:40 p.m.4 views

nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite

A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain two directories and a symlink with names containing Unicode values that normalize to the same value on Windows systems made it possible to bypass node-tar symlink checks on directories. This allows an...

8.6CVSS7.4AI score0.0185EPSS
Exploits0References6
OSV
OSV
added 2022/06/10 8:15 p.m.1 views

CVE-2022-29094

Dell SupportAssist Client Consumer versions 3.10.4 and versions prior and Dell SupportAssist Client Commercial versions 3.1.1 and versions prior contain an arbitrary file deletion/overwrite vulnerability. Authenticated non-admin user could exploit the issue and delete or overwrite arbitrary files...

7.1CVSS5.9AI score
Exploits0References1
CVE
CVE
added 2022/06/10 8:5 p.m.57 views

CVE-2022-29094

Dell SupportAssist Client (Consumer 3.10.4 and earlier; Commercial 3.1.1 and earlier) contains an arbitrary file deletion/overwrite vulnerability. An authenticated non‑admin user can delete or overwrite arbitrary files on the system. The issue is documented as CVE-2022-29094; CVSS data in the pro...

7.1CVSS7.1AI score0.00241EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder