Astra Linux – Vulnerability in Git

Git GUI allows you to use Git source control management tools through a graphical interface. When a user clones an untrusted repository and is tricked into editing a file located in a directory with a malicious name in the repository, Git GUI can create and overwrite files for which the user has...

TencentOS Server 3: rsync (TSSA-2022:0153)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0153 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2025-36631

In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege...

CVE-2025-36506

External control of file name or path issue exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If an attacker sends a specially crafted request, arbitrary files in the file system can be overwritten with log data...

Salt vulnerable to directory traversal attack in minion file cache creation

Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory...

GHSA-R546-H3FF-Q585 Salt vulnerable to directory traversal attack in minion file cache creation

Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory...

CVE-2025-36506

External control of file name or path issue exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If an attacker sends a specially crafted request, arbitrary files in the file system can be overwritten with log data...

CVE-2025-36506

CVE-2025-36506 affects Ricoh Streamline NX V3 PC Client, versions 3.5.0 to 3.242.0. The issue is an external control of file name or path (CWE-73) that allows a crafted request to overwrite arbitrary files in the filesystem with log data. Exploitation details are not provided beyond the vulnerabi...

CVE-2025-36506

External control of file name or path issue exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If an attacker sends a specially crafted request, arbitrary files in the file system can be overwritten with log data...

Multiple vulnerabilities in RICOH Streamline NX PC Client

Overview RICOH Streamline NX PC Client provided by Ricoh Company, Ltd. contains multiple vulnerabilities listed below. External control of file name or path CWE-73 - CVE-2025-36506 Path traversal CWE-22 - CVE-2025-46783 Use of less trusted source CWE-348 - CVE-2025-48825 Ricoh Company, Ltd...

CVE-2025-22241 CVE-2025-22241 salt advisory

File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location a...

RICOH Streamline NX V3 PC Client 安全漏洞

RICOH Streamline NX V3 PC Client is a complete solution for large-scale, integrated management of devices from Ricoh RICOH Japan. A security vulnerability exists in RICOH Streamline NX V3 PC Client versions 3.5.0 through 3.242.0, which originates from a file name or path external control, and cou...

PT-2025-25418 · Tenable · Tenable Agent

Name of the Vulnerable Software and Affected Versions: Tenable Agent versions prior to 10.8.5 Description: A non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege on a Windows host. Recommendations: For Tenable Agent versions prior to 10.8.5,...

[R1] Nessus Agent Version 10.8.5 Fixes Multiple Vulnerabilities

R1 Nessus Agent Version 10.8.5 Fixes Multiple Vulnerabilities Arnie Cabral Thu, 06/12/2025 - 09:53 1. In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege. -...

Directory Traversal

tar-fs is vulnerable to Directory traversal. The vulnerability is due to improper path validation during tarball extraction, allowing attackers to write files outside the target directory and potentially overwrite system files or inject malicious content...

CVE-2025-49162

Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow file overwrite via TFTP because a remote filename with a space character allows an attacker to control the local filename...

SUSE: Security Advisory (SUSE-SU-2024:4295-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-49162

Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow file overwrite via TFTP because a remote filename with a space character allows an attacker to control the local filename...

PT-2025-23559 · Unknown +1 · Kreatv Sdk +1

Name of the Vulnerable Software and Affected Versions: Arris VIP1113 devices with KreaTV SDK through 2025-05-30 Description: The issue allows file overwrite via TFTP because a remote filename with a space character enables an attacker to control the local filename. Recommendations: For Arris...

CVE-2025-49162

Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow file overwrite via TFTP because a remote filename with a space character allows an attacker to control the local filename...