CVE-2020-1904

A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlsx, and pptx files as attachments to messages...

librepo: missing path validation in repomd.xml may lead to directory traversal

A flaw was found in librepo. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This fl...

Arbitrary Files Overwrites

firefox is vulnerable to arbitrary file overwrites. Overwriting Firefox settings is possible if there is an installed malicious file picker application as it allows an attacker to overwrite local files...

The vulnerability of the Secdo security incident investigation software arises from incorrect default access settings, which allow attackers to elevate their privileges and re-write system files.

The vulnerability of the Secdo security incident investigation software is related to incorrect default access settings for the folder C:\Programdata\Secdo\Logs. Exploiting this vulnerability allows an attacker to increase their privileges and overwrite system files...

CVE-2020-13833

An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 software. The system area allows arbitrary file overwrites via a symlink attack. The Samsung ID is SVE-2020-17183 June 2020...

CVE-2020-13833

An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 software. The system area allows arbitrary file overwrites via a symlink attack. The Samsung ID is SVE-2020-17183 June 2020...

The vulnerability of the Connected User Experience and Telemetry Service services for Windows operating systems allows a hacker to overwrite files at will.

The vulnerability of the Connected User Experience and Telemetry Service services in Windows operating systems is related to insecure management of privileges. Exploiting this vulnerability could allow an attacker to re-record files at arbitrary locations using a specially created application...

openSUSE Security Update : openssh (openSUSE-2019-1602)

This update for openssh fixes the following issues : Security vulnerabilities addressed : - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers bsc1121816. -...

Medium: openssh

Issue Overview: An issue was discovered in OpenSSH. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned only directory traversal attacks a...

Updated openssh packages fix security vulnerabilities

Updated openssh packages fix security vulnerabilities: Due to missing character encoding in the progress display, the object name can be used to manipulate the client output, for example to employ ANSI codes to hide additional files being transferred CVE-2019-6109. Due to scp client insufficient...

F5 Networks BIG-IP : Appliance mode vulnerability (K46524395)

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully effective. An authenticated attacker with a high privilege level may be able to bypass protections implemented in appliance mode to overwrite...

SUSE SLES11 Security Update : openssh (SUSE-SU-2019:14030-1)

This update for openssh fixes the following issues : Security vulnerabilities addressed : CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers bsc1121816. CVE-2019-611...

SUSE SLES12 Security Update : openssh (SUSE-SU-2019:0941-1)

This update for openssh fixes the following issues : Security vulnerabilities addressed : CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers bsc1121816. CVE-2019-611...

openSUSE Security Update : openssh (openSUSE-2019-307)

This update for openssh fixes the following issues : Security vulnerabilities addressed : - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers bsc1121816 -...

Arbitrary File Overwrite

libarchive.so is vulnerable to arbitrary file overwrite attacks. The vulnerability exists as sandboxing restrictions can be evaded through hard links with data, causing file overwrites...

Node.js third-party modules: Arbitrary file overwrites in `node-tar`

Background I was looking for vulnerabilities in a different tar library, tar-fs, and discovered a bug that allowed me to overwrite arbitrary files on the host system using its default extraction method. After reporting the bug to the maintainer of tar-fs, Mathias Buus, he realized that node-tar w...

openSUSE Security Update : tomcat (openSUSE-2017-1299)

This update for tomcat fixes the following issues : Security issues fixed : - CVE-2017-5664: A problem in handling error pages was fixed, to avoid potential file overwrites during error page handling. bsc1042910. - CVE-2017-7674: A CORS Filter issue could lead to client and server side cache...

openSUSE Security Update : rubygem-rubyzip (openSUSE-2017-900)

This update for rubygem-rubyzip fixes the following issues : - CVE-2017-5946: A directory traversal vulnerability could lead to access and overwrite files that are outside of the restricted directory boo1027050 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

DLA-729-1 tomcat7 - security update

Bulletin has no description...

Debian DSA-3721-1 : tomcat7 - security update

Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in possible timing attacks to determine valid user names, bypass of the SecurityManager, disclosure of system properties, unrestricted access to global resources, arbitrary file overwrite...