48 matches found
Ivanti Endpoint Manager 安全漏洞
Ivanti Endpoint Manager is a comprehensive endpoint management solution developed by Ivanti to unify the management of all types of devices in an enterprise network, including Windows, macOS, Linux, ChromeOS, mobile devices and IoT devices. Ivanti Endpoint Manager suffers from a privilege issue...
CVE-2025-55013
The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. In versions below 4.6.1.dev138, the Assemblyline 4 Service Client taskhandler.py accepts a SHA-256 value returned by the service server and uses it directly as a local...
Linux Distros Unpatched Vulnerability : CVE-2023-6865
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - EncryptingOutputStream was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have...
CVE-2025-55013
The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. In versions below 4.6.1.dev138, the Assemblyline 4 Service Client taskhandler.py accepts a SHA-256 value returned by the service server and uses it directly as a local...
CVE-2025-55013 Assemblyline 4 Service Client: Arbitrary Write through path traversal in Client code
The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. In versions below 4.6.1.dev138, the Assemblyline 4 Service Client taskhandler.py accepts a SHA-256 value returned by the service server and uses it directly as a local...
Mozilla: Potential exposure of uninitialized data in <code>EncryptingOutputStream</code>
The Mozilla Foundation Security Advisory describes this flaw as: EncryptingOutputStream was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode...
CVE-2023-6865
EncryptingOutputStream was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. This vulnerability affects Firefox ESR 115.6 and Firefox 121...
Paessler PRTG Network Monitor Command Injection Vulnerability
Paessler PRTG Network Monitor is a full-featured network monitoring and management software from Paessler, Germany. A command injection vulnerability exists in Paessler PRTG Network Monitor version 23.2.83.1760, which stems from command line parameter injection and undocumented debug feature flag...
SUSE CVE-2017-0359
diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive...
SUSE CVE-2020-6490
Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page...
SUSE CVE-2022-45417
Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not have persisted them in a state where they would run again, but it would have leaked Private...
CVE-2022-31004 Potential secrets being logged to disk in CVE Services
CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If this method were call...
Virtuozzo Hybrid Infrastructure 4.6 Update 1
This update provides new features, as well as bug fixes and improvements. Vulnerability id: VSTOR-45315 The MDS service may be unstable under a high load condition. Vulnerability id: VSTOR-43126 A deadlock is possible between atomic and non-atomic commands in the iSCSI kernel module. Vulnerabilit...
CVE-2021-33576
An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk...
chromium-browser: Insufficient data validation in loader
Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page...
DEBIAN-CVE-2020-6490
Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page...
UBUNTU-CVE-2020-6490
Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page...
CVE-2020-6490
Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page...
Code injection
FireGPG before 0.6 handle user’s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users’s private key...
kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence
A flaw was found in the Linux kernel's NFS implementation. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the...