Lucene search
K

1647 matches found

Cvelist
Cvelist
added 2021/09/23 2:30 a.m.19 views

CVE-2021-1612 Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability

A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system. This vulnerability is due to improper access controls on files within the local file system. An attacker could exploit this vulnerability by placi...

5.5CVSS6.9AI score0.00242EPSS
Exploits0References1
Prion
Prion
added 2021/09/20 10:15 a.m.18 views

Path traversal

The OMGF WordPress plugin before 4.5.4 does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website...

6.4CVSS9.2AI score0.01762EPSS
Exploits2References1Affected Software1
Node.js
Node.js
added 2021/08/31 4:10 p.m.329 views

Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization

Overview Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, in part, accomplished by sanitizing absolute paths of entries within t...

4.4CVSS1.3AI score0.01263EPSS
Exploits0Affected Software1
OSV
OSV
added 2021/08/31 4:5 p.m.1 views

GHSA-9R2W-394V-53QC Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links

Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in...

8.2CVSS6.8AI score0.03286EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2021/08/31 4:5 p.m.40 views

Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links

Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in...

8.6CVSS7.3AI score0.03286EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2021/08/31 4:5 p.m.2 views

GHSA-QQ89-HQ3F-393P Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links

Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in...

8.2CVSS6.7AI score0.0185EPSS
Exploits0References14
OSV
OSV
added 2021/08/31 4:5 p.m.0 views

GHSA-5955-9WPR-37JH Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization

Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, in part, accomplished by sanitizing absolute paths of entries within the archiv...

8.2CVSS6.9AI score0.01263EPSS
Exploits0References9
OSV
OSV
added 2021/08/31 4:4 p.m.21 views

GHSA-2H3H-Q99F-3FHC @npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following

Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution @npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and t...

8.2CVSS6.5AI score0.00576EPSS
Exploits0References6
OSV
OSV
added 2021/08/31 4:3 p.m.34 views

GHSA-GMW6-94GG-2RC2 UNIX Symbolic Link (Symlink) Following in @npmcli/arborist

Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution @npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and t...

8.2CVSS6.7AI score0.00553EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2021/08/25 8:43 p.m.17 views

Arbitrary file overwrite in tar-rs

When unpacking a tarball with the unpackin-family of functions it's intended that only files within the specified directory are able to be written. Tarballs with hard links or symlinks, however, can be used to overwrite any file on the filesystem. Tarballs can contain multiple entries for the sam...

7.5CVSS7.3AI score0.01676EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2021/08/10 5:15 p.m.4 views

CVE-2020-23172

A vulnerability in all versions of Kuba allows attackers to overwrite arbitrary files in arbitrary directories with crafted Zip files due to improper validation of file paths in .zip archives...

5.5CVSS5.9AI score0.00741EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/08/10 12:0 a.m.4 views

Kuba 路径遍历漏洞

Kuba is a software package. Kuba suffers from a security vulnerability that allows an attacker to overwrite arbitrary files in any directory with a carefully crafted Zip file...

5.5CVSS5.9AI score0.00741EPSS
Exploits1References2
OSV
OSV
added 2021/08/03 7:6 p.m.6 views

GHSA-3JFQ-G458-7QM9 Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization

Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to prevent extraction of absolute file paths by turning absolute paths into relative paths when the preservePaths flag is not set to true. This is achieved by stripping the absolute path root from any...

8.2CVSS6.9AI score0.15014EPSS
Exploits1References8
OSV
OSV
added 2021/08/03 7:0 p.m.4 views

GHSA-R628-MHMH-QJHW Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning

Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in...

8.2CVSS6.9AI score0.07795EPSS
Exploits0References12
NVD
NVD
added 2021/07/22 5:15 p.m.16 views

CVE-2020-5370

Dell EMC OpenManage Enterprise OME versions prior to 3.4 contain an arbitrary file overwrite vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to overwrite arbitrary files via directory traversal sequences using a crafted tar fi...

7.9CVSS0.01451EPSS
Exploits0References1
OSV
OSV
added 2021/07/22 5:15 p.m.2 views

CVE-2020-5370

Dell EMC OpenManage Enterprise OME versions prior to 3.4 contain an arbitrary file overwrite vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to overwrite arbitrary files via directory traversal sequences using a crafted tar fi...

6.8CVSS5.9AI score0.01451EPSS
Exploits0References1
Prion
Prion
added 2021/07/22 5:15 p.m.12 views

Directory traversal

Dell EMC OpenManage Enterprise OME versions prior to 3.4 contain an arbitrary file overwrite vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to overwrite arbitrary files via directory traversal sequences using a crafted tar fi...

6CVSS6.6AI score0.01451EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/07/22 5:0 p.m.16 views

CVE-2020-5370

Dell EMC OpenManage Enterprise OME versions prior to 3.4 contain an arbitrary file overwrite vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to overwrite arbitrary files via directory traversal sequences using a crafted tar fi...

7.9CVSS7.5AI score0.01451EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/07/20 12:0 a.m.4 views

NVIDIA GPU Display Driver 后置链接漏洞

NVIDIA GPU Display Driver is a driver software from NVIDIA Corporation for interactive support of graphics card display modules in operating systems. NVIDIA GPU Display Driver for Windows suffers from a backlink vulnerability that originates from a symbolic link in the NVIDIA Control Panel...

7.1CVSS7.2AI score0.0026EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2021/07/08 12:0 a.m.10 views

The vulnerability of the client-side SCP mechanism in OpenSSH, which arises due to insufficient validation of input data, allows attackers to overwrite arbitrary files in the client’s download directory.

The vulnerability of the client-side SCP component in OpenSSH exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to rewrite any files in the client’s download directory by creating a sub-directory anywhere on the remote server...

7.8CVSS7.3AI score0.02267EPSS
Exploits0References5Affected Software3
Rows per page
Query Builder