Lucene search
K

1646 matches found

CNVD
CNVD
added 2020/11/05 12:0 a.m.2 views

Cisco SD-WAN vManage Elevation of Privilege Vulnerability

Cisco SD-WAN Solution is a suite of network extension solutions from Cisco, of which vManage is the console. An elevation of privilege vulnerability exists in the System File Transfer feature of Cisco SD-WAN vManage. The vulnerability stems from improper validation of the path input to the System...

7.8CVSS7.2AI score0.00185EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/11/04 12:53 a.m.1 views

python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py

A flaw was found in the pip package installer for Python when downloading or installing a remote package via a specified URL. Improper validation of the "Content-Disposition" HTTP response header makes a path traversal attack possible, leading to an arbitrary file overwrite. This flaw allows an...

7.5CVSS7.6AI score0.03028EPSS
Exploits1References4
CNVD
CNVD
added 2020/10/25 12:0 a.m.1 views

Apple OS X libxpc Arbitrary File Overwrite Vulnerability

Apple OS X is a specialized operating system developed by Apple for Mac computers. A security vulnerability exists in OS X libxpc due to a product design flaw that does not restrict file uploads, which allows malicious applications to overwrite arbitrary files. No details of the vulnerability are...

7.1CVSS6.7AI score0.00941EPSS
Exploits0References1
NVD
NVD
added 2020/10/22 7:15 p.m.17 views

CVE-2020-9994

A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to overwrite arbitrary files...

7.1CVSS0.00941EPSS
Exploits0References4
OSV
OSV
added 2020/10/22 7:15 p.m.0 views

CVE-2020-9994

A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to overwrite arbitrary files...

7.1CVSS7.2AI score0.00941EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/10/20 4:3 p.m.3 views

python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py

A flaw was found in the pip package installer for Python when downloading or installing a remote package via a specified URL. Improper validation of the "Content-Disposition" HTTP response header makes a path traversal attack possible, leading to an arbitrary file overwrite. This flaw allows an...

7.5CVSS7.6AI score0.03028EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/10/19 6:8 p.m.0 views

python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py

A flaw was found in the pip package installer for Python when downloading or installing a remote package via a specified URL. Improper validation of the "Content-Disposition" HTTP response header makes a path traversal attack possible, leading to an arbitrary file overwrite. This flaw allows an...

7.5CVSS7.6AI score0.03028EPSS
Exploits1References4
CVE
CVE
added 2020/10/08 4:20 a.m.74 views

CVE-2020-3597

Cisco Nexus Data Broker Software is affected by CVE-2020-3597. A path traversal vulnerability exists in the configuration restore feature due to insufficient validation of configuration backup files. An unauthenticated, remote attacker could trick an administrator into restoring a crafted backup ...

5.8CVSS5.5AI score0.01408EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/09/24 5:52 p.m.25 views

CVE-2020-3476 Cisco IOS XE Software Arbitrary File Overwrite Vulnerability

A vulnerability in the CLI implementation of a specific command of Cisco IOS XE Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying host file system. The vulnerability is due to insufficient validation of the parameters of a specific CLI command. A...

4.4CVSS6AI score0.00269EPSS
Exploits0References1
Prion
Prion
added 2020/09/22 6:15 p.m.14 views

Path traversal

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module's Script Name, an attacker may write to or overwrite arbitrary files, with arbitrary content, usually with NT AUTHORITY\SYSTEM privileges...

9CVSS7AI score0.01864EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2020/09/07 2:21 p.m.63 views

CVE-2019-20916

A flaw was found in the pip package installer for Python when downloading or installing a remote package via a specified URL. Improper validation of the "Content-Disposition" HTTP response header makes a path traversal attack possible, leading to an arbitrary file overwrite. This flaw allows an...

8CVSS5.4AI score0.03028EPSS
Exploits1References3
Veracode
Veracode
added 2020/09/03 4:31 a.m.8 views

Arbitrary File Overwrite

decompress-zip is vulnerable to arbitrary file overwrite. The vulnerability exists as it does not verify that extract files can escape out of the extraction root directory...

3.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/08/28 12:0 a.m.53 views

Oracle Linux 8 : nodejs:10 (ELSA-2020-0579)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-0579 advisory. - Rebase to 10.19.0 to fix CVE-2019-15604 to CVE-2019-15606 - Rebase to 10.16.3 to fix CVE-2019-9511 to CVE-2019-9518 Tenable has extracted the precedi...

9.8CVSS7.6AI score0.58373EPSS
Exploits2References7
Cvelist
Cvelist
added 2020/08/26 4:16 p.m.15 views

CVE-2020-3440 Cisco Webex Meetings Desktop App for Windows Arbitrary File Overwrite Vulnerability

A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. The vulnerability is due to improper validation of URL parameters that are sent from a website to the affected application. An attack...

6.5CVSS6.7AI score0.0262EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2020/08/26 4:16 p.m.5 views

CVE-2020-3440 Cisco Webex Meetings Desktop App for Windows Arbitrary File Overwrite Vulnerability

A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. The vulnerability is due to improper validation of URL parameters that are sent from a website to the affected application. An attack...

6.5CVSS7.1AI score0.0262EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/08/25 12:0 a.m.34 views

Cisco Webex Meetings Desktop App for Windows Arbitrary File Overwrite (cisco-sa-webex-desktop-app-OVSfpVMj)

According to its self-reported version, Cisco Webex Meetings Desktop App for Windows is affected by a vulnerability due to improper validation of URL parameters that are sent from a website to the affected application. An unauthenticated, remote attacker can exploit this, by persuading a user to...

6.5CVSS6.7AI score0.0262EPSS
Exploits0References3
CNVD
CNVD
added 2020/08/20 12:0 a.m.3 views

Cisco Webex Meetings Desktop App Path Traversal Vulnerability

Cisco Webex Meetings Desktop App and Cisco Webex Meetings are both products of Cisco, Inc.Cisco Webex Meetings Desktop App is a video conferencing control application for use in a desktop environment.Cisco Webex Meetings is a video conferencing solution. A path traversal vulnerability exists in...

6.5CVSS7AI score0.0262EPSS
Exploits0References1
Cisco
Cisco
added 2020/08/19 4:0 p.m.25 views

Cisco Webex Meetings Desktop App for Windows Arbitrary File Overwrite Vulnerability

A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. The vulnerability is due to improper validation of URL parameters that are sent from a website to the affected application. An attack...

6.5CVSS6.7AI score0.0262EPSS
Exploits0References1
CNVD
CNVD
added 2020/08/12 12:0 a.m.5 views

IBM QRadar Improper Access Control Vulnerability

IBM QRadar is an enterprise security information and event management SIEM product that detects anomalies, finds advanced threats, and eliminates false positives. A security vulnerability exists in IBM QRadar Wincollect versions 7.2.0 through 7.2.9 that stems from WinCollect failing to install...

8.1CVSS6.7AI score0.01506EPSS
Exploits0References1
OSV
OSV
added 2020/08/11 12:15 p.m.5 views

CVE-2020-4486

IBM QRadar 7.2.0 thorugh 7.2.9 could allow an authenticated user to overwrite or delete arbitrary files due to a flaw after WinCollect installation. IBM X-Force ID: 181861...

8.1CVSS7.4AI score0.01506EPSS
Exploits0References2
Rows per page
Query Builder