CVE-2023-21505

Improper access control in Samsung Core Service prior to version 2.1.00.36 allows attacker to write arbitrary file in sandbox...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from the South Korean company Samsung SAMSUNG. A security vulnerability previously existed in SAMSUNG Mobile devices version 2.1.00.36, which originated from allowing arbitrary files to be written i...

CVE-2023-21491

Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege...

OPENSUSE-SU-2023:0097-1 Security update for stellarium

This update for stellarium fixes the following issues: - CVE-2023-28371: Fixed arbitrary file write issue. boo1209285...

Security update for stellarium (important)

openSUSE Security Update: Security update for stellarium Announcement ID: openSUSE-SU-2023:0097-1 Rating: important References: 1209285 Cross-References: CVE-2023-28371 CVSS scores: CVE-2023-28371 NVD : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports...

CVE-2023-2273

Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write...

Rapid7 Insight Agent 路径遍历漏洞

Rapid7 Insight Agent is a lightweight software from Rapid7 USA. The software is capable of collecting data from IT assets. A security vulnerability exists in Rapid7 Insight Agent version 3.2.6 and earlier versions. An attacker exploiting this vulnerability can write to arbitrary files...

CVE-2023-25652 "git apply --reject" partially-controlled arbitrary file write

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to git apply --reject, a path outside the working tree can be overwritten with partially controlled contents...

CVE-2023-25652 "git apply --reject" partially-controlled arbitrary file write

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to git apply --reject, a path outside the working tree can be overwritten with partially controlled contents...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to improper input sanitization in ClientLogController, when the GetRequestInformation method retrieves the name and version of the client from the HttpContext.User object. Details A Directory Traversal attack als...

Arbitrary File Write

MindsDB is vulnerable to Arbitrary File Write. The vulnerability exists due to an unsafe extraction process in file.py which does not ensure relative file paths are escaped allowing an attacker to write arbitrary files outside the expected directory...

CVE-2023-30620 Arbitrary File Write when Extracting a Remotely retrieved Tarball in mindsdb/mindsdb

mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using tarfile.extractall from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Sometimes, the...

CVE-2023-30620 Arbitrary File Write when Extracting a Remotely retrieved Tarball in mindsdb/mindsdb

mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using tarfile.extractall from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Sometimes, the...

Cisco TelePresence Collaboration Endpoint and RoomOS Arbitrary File Write Vulnerabilities

Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint CE and Cisco RoomOS could allow an attacker to elevate privileges, overwrite arbitrary files, or view sensitive data on an affected device. For more information about these vulnerabilities, see the Details "details" section of...

CVE-2022-43293

Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability via the component \Wacom\WacomTablet.exe...

CVE-2022-43293

Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability via the component \Wacom\WacomTablet.exe...

CVE-2022-43293

Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability via the component \Wacom\WacomTablet.exe...

CVE-2022-43293

Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability via the component \Wacom\WacomTablet.exe...

PT-2023-14188 · Wacom · Wacom Driver

Name of the Vulnerable Software and Affected Versions: Wacom Driver version 6.3.46-1 Description: The Wacom Driver for Windows contains an arbitrary file write issue via the Wacom Tablet.exe component. This allows for potential malicious activity. Recommendations: For Wacom Driver version 6.3.46-...

CVE-2022-43293

CVE-2022-43293 concerns Wacom Driver 6.3.46-1 for Windows, which contains an arbitrary file write vulnerability via the Wacom_Tablet.exe component. The affected software is the Windows driver; the underlying issue is an arbitrary file write capability, enabling potential manipulation of files by ...