CVE-2024-55459

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile function...

CVE-2024-56514 Karmada Tar Slips in CRDs archive extraction

Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, both in karmadactl and karmada-operator, it is possible to supply a filesystem path, or an HTTPs URL to retrieve the custom resourc...

CVE-2024-47151

Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution...

CVE-2024-47151

Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution...

CVE-2024-47151

Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution...

CVE-2024-47151

Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution...

CVE-2024-47151

Honor MagicOS is affected by CVE-2024-47151 due to a file write vulnerability that could lead to code execution on successful exploitation. CNNVD describes the issue in MagicOS and notes a specific affected version: 8.0.0.135. The connected documents provide limited technical detail beyond the ex...

PT-2024-32439 · Honor · Honor Products

Name of the Vulnerable Software and Affected Versions: Honor products affected versions not specified Description: The issue concerns a file writing vulnerability in certain Honor products. Successful exploitation of this vulnerability could lead to code execution. Recommendations: At the moment,...

PlexTrac 安全漏洞

PlexTrac is a penetration test reporting and management platform from PlexTrac Inc. in the United States. A security vulnerability exists in PlexTrac versions prior to 1.61.3 through 2.8.1 that stems from an untrustworthy data deserialization vulnerability in the Runbook module, which allows obje...

USN-7153-1: PHP vulnerability

It was discovered that PHP incorrectly handled long string inputs in two database drivers. An attacker could possibly use this issue to write files in locations they would not normally have access to. CVE-2024-11236...

[SECURITY] [DLA 3968-1] netatalk security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3968-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz November 28, 2024 https://wiki.debian.org/LTS -...

Path Traversal

net.sf.mpxj, mpxj is vulnerable to Path Traversal. The vulnerability is due to an incomplete patch for CVE-2020-35460, which still allows the construction of malicious paths to write files to arbitrary locations...

PT-2024-38682 · Unknown · Sensei Mac Cleaner

Name of the Vulnerable Software and Affected Versions: Sensei Mac Cleaner affected versions not specified Description: The issue allows an attacker to perform multiple operations as the root user, including arbitrary file deletion and writing, loading and unloading daemons, manipulating file...

PT-2024-10704 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns a permissions bypass in DownloadManager.java, allowing for the possible read and write of arbitrary files. This could lead to local...

CVE-2024-45505 Apache HertzBeat: Exists Native Deser RCE and file writing vulnerabilities

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache HertzBeat incubating. This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat incubating: before 1.6.1. Users are recommended to upgrade to versi...

Remote Code Execution (RCE)

github.com/plentico/plenti is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of the /postLocal endpoint, which allows an attacker to write arbitrary files to the server when a Plenti user serves their website...

AZL-52452 CVE-2024-0134 affecting package nvidia-container-toolkit for versions less than 1.17.1-1

NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this...

Directory Traversal

github.com/0xJacky/Nginx-UI is vulnerable to Directory Traversal. The vulnerability is due to insufficient verification of values from the JSON field, allowing the construction of values in the form of ../../, which can lead to arbitrary file writing...

CVE-2024-45731

Summary: CVE-2024-45731 affects Splunk Enterprise for Windows prior to 9.3.1, 9.2.3, and 9.1.6. A low-privileged user (not admin/power roles) could write a file to the Windows system root (default System32 location) when Splunk is installed on a separate drive. Root cause / impact: arbitrary file...

USN-7030-1: py7zr vulnerability

It was discovered that py7zr was vulnerable to path traversal attacks. If a user or automated system were tricked into extracting a specially crafted 7z archive, an attacker could possibly use this issue to write arbitrary files outside the target directory on the host...