1646 matches found
Google TensorFlow 路径遍历漏洞
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from an arbitrary file overwrite vulnerability, which originates from an issue caused when tf.keras.utils.getfile is used with extract=True, and can be exploited by an...
The vulnerability of IBM DB2 database management systems, including IBM DB2 Connect, stems from privilege management errors, allowing attackers to overwrite arbitrary files.
The vulnerability of IBM DB2 database management systems and IBM DB2 Connect is related to privilege management errors. Exploiting this vulnerability can allow a malicious actor to re-record arbitrary files remotely...
[ASA-202106-39] thefuck: arbitrary file overwrite
Arch Linux Security Advisory ASA-202106-39 ========================================== Severity: Medium Date : 2021-06-15 CVE-ID : CVE-2021-34363 Package : thefuck Type : arbitrary file overwrite Remote : No Link : https://security.archlinux.org/AVG-2062 Summary ======= The package thefuck before...
CVE-2021-23391
This affects all versions of package calipso. It is possible for a malicious module to overwrite files on an arbitrary file system through the module install functionality...
PT-2021-3256 · Cisco · Cisco Sd-Wan
Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN Software affected versions not specified Description: A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system of an affected...
Exim 后置链接漏洞
Exim is an open source messaging agent MTA running on Unix systems that routes, forwards and delivers mail. Exim suffers from a security vulnerability that exists as a result of the following issue with symbolic links in the Exim log directory. An attacker can exploit the vulnerability to overwri...
PT-2021-2544 · Cisco · Cisco Sd-Wan Vmanage
Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN vManage Software affected versions not specified Description: The issue is related to errors in access control, which could allow an attacker to overwrite arbitrary files or execute arbitrary code. An unauthenticated, remote...
Cisco Aironet Access Points Arbitrary File Overwrite Vulnerability
A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points AP could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit...
Cisco IOS XE SD-WAN Software 安全漏洞
Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. An arbitrary file overwrite vulnerability exists in the CLI for SD-WAN for Cisco IOS XE. The vulnerability stems from insufficient validation of parameters for specific CLI...
NetApp Cloud Manager Arbitrary File Overwrite Vulnerability
NetApp Cloud Manager is a centralized system for viewing and managing local and cloud storage with support for hybrid, multi-cloud providers and accounts. An arbitrary file overwrite vulnerability exists in NetApp Cloud Manager prior to version 3.9.4. A remote attacker could exploit this...
Netapp NetApp OnCommand Cloud Manager 安全漏洞
NetApp Cloud Manager is a centralized system for viewing and managing local and cloud storage with support for hybrid, multi-cloud providers and accounts. An arbitrary file overwrite vulnerability exists in NetApp Cloud Manager prior to version 3.9.4. A remote attacker could exploit this...
CVE-2021-21068 Adobe Creative Cloud installer arbitrary file overwrite vulnerability
Adobe Creative Cloud Desktop Application version 5.3 and earlier is affected by a file handling vulnerability that could allow an attacker to cause arbitrary file overwriting. Exploitation of this issue requires physical access and user interaction...
CVE-2021-25833
A file extension handling issue was found in server module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21. The file extension is controlled by an attacker through the request data and leads to arbitrary file overwriting. Using this vulnerability, a remote attacker can obtain remote code executi...
CVE-2019-25017
An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned only directory traversa...
MIT Kerberos Security Vulnerability
MIT Kerberos is a Massachusetts Institute of Technology MIT software for authentication in network clusters.Kerberos also serves as a network authentication protocol designed to provide strong authentication services to client/server applications through a key system. A security vulnerability in...
CentOS 8 : icedtea-web (CESA-2019:2004)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:2004 advisory. - icedtea-web: unsigned code injection in a signed JAR file CVE-2019-10181 - icedtea-web: path traversal while processing elements of JNLP files result...
CVE-2020-26941
A local authenticated low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite deletion of any file via a symlink, due to insecure permissions. The possibility of exploiting this vulnerability is limited and can only take place during the installation...
The vulnerability lies in the implementation of the PrintData or PrintStats functions in the network traffic balancing system’s Keepalived module. This allows a attacker to re-record arbitrary files.
The vulnerability in the implementation of the PrintData or PrintStats functions of the network traffic balancing system Keepalived is related to an incorrect definition of the link before accessing the file. Exploiting this vulnerability could allow an attacker to re-record arbitrary files...
Arbitrary File Overwrite
libreoffice is vulnerable to arbitrary file overwrite. Forms allowed to be submitted to any URI could result in local file overwrite...
Unspecified Vulnerability in Apple macOS Catalina System Component
Apple macOS Catalina is a specialized operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in the System component of Apple macOS Catalina prior to version 10.15.3. An attacker can exploit the vulnerability to overwrite arbitrary files...