Oracle Linux 9 : libreoffice (ELSA-2023-6508)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6508 advisory. - Resolves: rhbz2210193 CVE-2023-0950 Array Index UnderFlow in Calc Formula Parsing - Resolves: rhbz2210197 CVE-2023-2255 libreoffice: Remote documents...

PyTorch TorchServe < 0.8.2 SSRF

The remote host contains a torchserve version that is prior to 0.8.2. It is, therefore, affected by a Server Side Request Forgery vulnerability. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the...

GHSA-VCVR-V426-3M3M org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter

Impact Triggering the office converter with a specially crafted file name allows writing the attachment's content to an attacker-controlled location on the server as long as the Java process has write access to that location. In particular in the combination with attachment moving, a feature...

org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter

Impact Triggering the office converter with a specially crafted file name allows writing the attachment's content to an attacker-controlled location on the server as long as the Java process has write access to that location. In particular in the combination with attachment moving, a feature...

CVE-2023-37913 org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 3.5-milestone-1 and prior to versions 14.10.8 and 15.3-rc-1, triggering the office converter with a specially crafted file name allows writing the attachment's content to a...

CVE-2023-37913 org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 3.5-milestone-1 and prior to versions 14.10.8 and 15.3-rc-1, triggering the office converter with a specially crafted file name allows writing the attachment's content to a...

CVE-2023-46122

CVE-2023-46122 affects sbt’s IO.unzip and can enable arbitrary file writes when extracting a crafted zip/JAR, with potential to overwrite the root SSH authorized_keys. Within sbt, IO.unzip is used in pullRemoteCache and Resolvers.remote, and many projects call IO.unzip directly. Root cause: archi...

CVE-2023-45685

Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal...

Fedora 38 : netatalk (2023-cec97f7b5d)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-cec97f7b5d advisory. 3.1.18 release Security fix for CVE-2022-22995 Tenable has extracted the preceding description block directly from the Fedora security advisory. Not...

Slackware Linux 15.0 / current netatalk Vulnerability (SSA:2023-279-01)

The version of netatalk installed on the remote host is prior to 3.1.18. It is, therefore, affected by a vulnerability as referenced in the SSA:2023-279-01 advisory. - The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By...

GHSA-8FXR-QFR9-P34W TorchServe Server-Side Request Forgery vulnerability

Impact Remote Server-Side Request Forgery SSRF Issue: TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and...

CVE-2023-43654

TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity...

IBM Security Directory Server Directory Traversal Vulnerability

IBM Security Directory Server is a suite of enterprise identity management software from International Business Machines IBM that uses the Lightweight Directory Access Protocol LDAP. The software provides a trusted identity data infrastructure for authentication. A directory traversal vulnerabili...

Design/Logic Flaw

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with...

CVE-2023-39956 Electron: Out-of-package code execution when launched with arbitrary cwd

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with...

PT-2023-22925 · Samsung · Samsung Health

Name of the Vulnerable Software and Affected Versions: Samsung Health versions prior to 6.24.2.011 Description: The issue is related to improper input validation, allowing attackers to write arbitrary files with Samsung Health privilege. Recommendations: For versions prior to 6.24.2.011, update t...

CVE-2023-38035 – API Authentication Bypass on Sentry Administrator Interface

A vulnerability has been discovered in Ivanti Sentry, formerly known as MobileIron Sentry. This vulnerability impacts versions 9.18 and prior. The vulnerability does not impact other Ivanti products, such as Ivanti EPMM or Ivanti Neurons for MDM. If exploited, this vulnerability enables an...

Design/Logic Flaw

An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration setting. GSQL querie...

CVE-2023-39957 Path traversal allows tricking the Talk Android app into writing files into it's root directory

Nextcloud Talk Android allows users to place video and audio calls through Nextcloud on Android. Prior to version 17.0.0, an unprotected intend allowed malicious third party apps to trick the Talk Android app into writing files outside of its intended cache directory. Nextcloud Talk Android versi...

CVE-2023-39957

CVE-2023-39957 affects Nextcloud Talk Android prior to 17.0.0, where an unprotected intent allowed malicious apps to trick Talk Android into writing files outside its intended cache directory (path traversal). A fix is available in version 17.0.0; no public workarounds are documented in the provi...