CVE-2023-46253 Remote code execution in Squidex

Squidex is an open source headless CMS and content management hub. Affected versions are subject to an arbitrary file write vulnerability in the backup restore feature which allows an authenticated attacker to gain remote code execution RCE. Squidex allows users with the squidex.admin.restore...

libreoffice: Arbitrary file write

A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker...

Moderate: Red Hat Security Advisory: libreoffice security update

An update for libreoffice is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

PT-2023-29933 · Squidex · Squidex

Name of the Vulnerable Software and Affected Versions: Squidex versions affected versions not specified Description: The issue concerns an arbitrary file write vulnerability in the backup restore feature of Squidex, allowing an authenticated attacker with the squidex.admin.restore permission to...

squidex path traversal vulnerability

squidex is a Headless CMS and Content Management Center. A path traversal vulnerability exists in squidex version 7.8.2, which stems from an arbitrary file write vulnerability in the backup restore feature...

Rocky Linux 8 : gzip (RLSA-2022:1537)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1537 advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted fi...

Rocky Linux 9 : xz (RLSA-2022:4940)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:4940 advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted fi...

Moderate: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

Rocky Linux 8 : xz (RLSA-2022:4991)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:4991 advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted fi...

RHEL 9 : libreoffice (RHSA-2023:6508)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6508 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor...

Rocky Linux 9 : gzip (RLSA-2022:4582)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:4582 advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted fi...

Rocky Linux 8 : nodejs:10 (RLSA-2020:0579)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:0579 advisory. - Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate CVE-2019-15604 - HTTP...

CVE-2023-2621

The McFeeder server distributed as part of SSW package, is susceptible to an arbitrary file write vulnerability on the MAIN computer system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An...

CVE-2023-2621

The McFeeder server distributed as part of SSW package, is susceptible to an arbitrary file write vulnerability on the MAIN computer system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An...

Design/Logic Flaw

The McFeeder server distributed as part of SSW package, is susceptible to an arbitrary file write vulnerability on the MAIN computer system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An...

CVE-2023-2621

CVE-2023-2621 affects Hitachi Energy MACH System Software (SSW) via the McFeeder server component. Affected SSW/MACH versions include older branches (e.g., MACH SSW 5.x, 6.x and 7.0.x up to the 7.17.x/7.18.x ranges as cited) where an outdated third‑party archive extraction library enables an auth...

CVE-2023-2621

The McFeeder server distributed as part of SSW package, is susceptible to an arbitrary file write vulnerability on the MAIN computer system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An...

PT-2023-20541 · Unknown · Mcfeeder Server

Name of the Vulnerable Software and Affected Versions: McFeeder server distributed as part of SSW package affected versions not specified Description: The McFeeder server is susceptible to an arbitrary file write vulnerability on the MAIN computer system. This issue stems from the use of an...

ABUS TVIP Security Vulnerability

ABUS TVIP is a series of video surveillance cameras from the German company ABUS. A security vulnerability exists in ABUS TVIP that stems from the presence of path traversal, which allows an attacker to write to a file to arbitrarily execute code with root privileges...

SUSE CVE-2023-46122

sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, IO.unzip allows writing of arbitrary file. This would have potential to overwrite /root/.ssh/authorizedkeys. Within sbt's main code, IO.unzip is used in pullRemoteCache task and Resolvers.remote; however...