Medium: libreoffice

Issue Overview: A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker. CVE-2023-1183 Affected Packages:...

Path Traversal

NATS nats-server is vulnerable to Path Traversal. The vulnerability is caused by a missing validation check while constructing filenames for account synchronization, which happens in the system account, allowing arbitrary file write as the user running NATS by anyone who can publish arbitrary...

Tenable Nessus < 10.5.5 Multiple Vulnerabilities (TNS-2023-31)

According to its self-reported version, the Tenable Nessus application running on the remote host is prior to 10.5.5. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2023-31 advisory. - A pass-back vulnerability exists where an authenticated, remote attacker with...

[R2] Nessus Version 10.5.5 Fixes Multiple Vulnerabilities

R2 Nessus Version 10.5.5 Fixes Multiple Vulnerabilities Arnie Cabral Thu, 09/21/2023 - 10:55 A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application. - CVE-2023-3251 An arbitrary fil...

DEBIAN-CVE-2023-4759

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

CVE-2023-4759 Improper handling of case insensitive filesystems in Eclipse JGit allows arbitrary file write

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

SUSE CVE-2023-4782

Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7...

Microsoft Exchange DumpDataReader Deserialization of Untrusted Data Arbitrary File Write Vulnerability

This vulnerability allows remote attackers to create arbitrary files on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the lack of protection against deserialization of the DumpDataReader class. The issue...

Terraform allows arbitrary file write during the `init` operation

Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7...

CVE-2023-4782

Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7...

CVE-2023-4782

Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7...

AZL-29705 CVE-2023-4782 affecting package terraform for versions less than 1.3.2-19

Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7...

CVE-2023-4782

Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7...

Code injection

Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7...

CVE-2023-4782 Terraform Allows Arbitrary File Write During Init Operation

Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7...

CVE-2023-4782 Terraform Allows Arbitrary File Write During Init Operation

Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7...

CVE-2023-4782

CVE-2023-4782 affects Terraform 1.0.8–1.5.6, enabling arbitrary file write during the init operation when running a maliciously crafted configuration. The root cause is within Terraform’s init phase, allowing local file writes with high impact (confidentiality, integrity, availability). The vulne...

PT-2023-6893 · Hashicorp · Terraform

Name of the Vulnerable Software and Affected Versions: Terraform versions 1.0.8 through 1.5.6 Description: The issue is related to arbitrary file write during the init operation when run on maliciously crafted Terraform configuration. This is due to incorrect restriction of the directory path nam...

CVE-2023-39956

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with...

CVE-2023-39956 Electron: Out-of-package code execution when launched with arbitrary cwd

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with...