CVE-2022-27152

Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification...

CVE-2022-27152

CVE-2022-27152 affects RokuOS on devices using a Realtek WiFi chip with RokuOS 9.4.0 build 4200 or earlier. The vulnerability enables arbitrary file modification. The available connected sources indicate the affected platform and version range; no explicit root cause details are provided in the d...

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2022:0822-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0822-1 advisory. - An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable...

Mozilla: Time-of-check time-of-use bug when verifying add-on signatures

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified, and Firefox...

Mozilla: Time-of-check time-of-use bug when verifying add-on signatures

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified, and Firefox...

Researchers Warn of Linux Kernel 'Dirty Pipe' Arbitrary File Overwrite Vulnerability

Linux distributions are in the process of issuing patches to address a newly disclosed security vulnerability in the kernel that could allow an attacker to overwrite arbitrary data into any read-only files and allow for a complete takeover of affected systems. Dubbed "Dirty Pipe" CVE-2022-0847,...

PT-2022-6571 · Icl · Icl Scadaflex Ii Scada Controller Sc-1 +1

Name of the Vulnerable Software and Affected Versions: ICL ScadaFlex II SCADA Controller SC-1 and SC-2 version 1.03.07 Description: The issue is related to the lack of an authentication procedure, allowing unauthenticated remote attackers to overwrite, delete, or create files on the device. This...

CVE-2022-24671

A link following privilege escalation vulnerability in Trend Micro Antivirus for Max 11.0.2150 and below could allow a local attacker to modify a file during the update process and escalate their privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on...

CVE-2022-24671

CVE-2022-24671 is a local privilege-escalation vulnerability in Trend Micro Antivirus for Mac. The flaw resides in the post-update handling (program_after_update) where an attacker can abuse symbolic links to modify a file during the update process, enabling privilege escalation to root if low-pr...

ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File Modification

!/usr/bin/env python3 -- coding: utf-8 -- ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File CRUD Vendor: Industrial Control Links, Inc. Product web page: http://www.iclinks.com Product datasheet:...

ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File Modification Exploit

ICL ScadaFlex II SCADA Controllers SC-1/SC-2 version 1.03.07 is vulnerable to unauthenticated file write/overwrite and deletion. This allows an attacker to execute critical file CRUD operations on the device that can potentially allow system access and impact availability. !/usr/bin/env python3 -...

CVE-2022-24312

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by adding at end of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a...

CVE-2022-24312

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by adding at end of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a...

The vulnerability of operating systems iPadOS, watchOS, iOS, tvOS, and Mac OS, related to security configuration errors, allows attackers to modify arbitrary files.

The vulnerabilities of operating systems iPadOS, watchOS, iOS, tvOS, and Mac OS are related to security configuration errors. Exploiting these vulnerabilities can allow attackers to modify arbitrary files...

CVE-2022-22789 Charactell - FormStorm Enterprise Account Take Over

Charactell - FormStorm Enterprise Account takeover – An attacker can modify add, remove and update passwords file for all the users. The xxusers.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existi...

The vulnerability of the Platinum Host Service (PtSvcHost.exe) implementation of Trend Micro Security’s antivirus protection allows a perpetrator to modify arbitrary files or cause service failures.

The vulnerability of the Platinum Host Service PtSvcHost.exe implementation of Trend Micro Security antivirus software is related to errors in handling symbolic links. Exploiting this vulnerability can allow an attacker to modify arbitrary files or cause service failures...

The vulnerability of the Crash Reporter component in operating systems such as Mac OS, tvOS, iOS, iPadOS, and watchOS allows a hacker to modify any files they desire.

The vulnerability of the Crash Reporter component in operating systems such as Mac OS, tvOS, iOS, iPadOS, and watchOS is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to modify arbitrary files...

CVE-2021-44023

A link following denial-of-service DoS vulnerability in the Trend Micro Security Consumer 2021 familiy of products could allow an attacker to abuse the PC Health Checkup feature of the product to create symlinks that would allow modification of files which could lead to a denial-of-service...

CVE-2021-29678

CVE-2021-29678 affects IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) versions 9.7, 10.1, 10.5, 11.1, and 11.5. A user with DBADM authority could access other databases and read or modify files, indicating an information disclosure vulnerability. The connected IBM bulletins en...

CVE-2021-43772

Trend Micro Security 2021 v17.0 Consumer contains a vulnerability that allows files inside the protected folder to be modified without any detection...