CVE-2023-35845

Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many files are installed as world-writable on Linux, ignoring umask, even when these files are installed as root. Miniconda i...

The vulnerability of the CryptoService function in software for monitoring the status of devices connected to a network allows a hacker to modify arbitrary files.

The vulnerability of the CryptoService function in software for monitoring the status of devices connected to a network, Cisco Duo Device Health, is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow an attacker to modify...

Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification Vulnerability

Cisco ThousandEyes Enterprise Agent Virtual Appliance version thousandeyes-va-64-18.04 0.218 suffers from an unpatched vulnerability in sudoedit, allowed by sudo configuration, which permits a low-privilege user to modify arbitrary files as root and subsequently execute arbitrary commands as root...

Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification

KL-001-2023-003: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit Title: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit Advisory ID: KL-001-2023-003 Publication Date: 2023.08.17 Publication URL:...

Dell PowerScale OneFS License Issue Vulnerability (CNVD-2023-64215)

Dell PowerScale OneFS is an operating system from Dell USA. PowerScale OneFS operating system that provides horizontal scaling of NAS. Dell PowerScale OneFS suffers from an authorization issue vulnerability that stems from incorrect default permissions. An attacker could exploit this vulnerabilit...

Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit

Vulnerability Details Affected Vendor: ThousandEyes Affected Product: ThousandEyes Enterprise Agent Virtual Appliance Affected Version: thousandeyes-va-64-18.04 0.218 Platform: Linux / Ubuntu 18.04 CWE Classification: CWE-1395: Dependency on Vulnerable Third-Party Component CVE ID:...

CVE-2023-32492

Dell PowerScale OneFS 9.5.0.x contains an incorrect default permissions vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to information disclosure or allowing to modify files...

CVE-2023-32492

Dell PowerScale OneFS 9.5.0.x contains an incorrect default permissions vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to information disclosure or allowing to modify files...

CVE-2023-32492

Dell PowerScale OneFS 9.5.0.x has an incorrect default permissions vulnerability due to a faulty permission model. The issue could allow a low-privileged local attacker to disclose information or modify files. Affected component: OneFS operating system; root cause: incorrect default permissions. ...

Dell PowerScale OneFS 安全漏洞

Dell PowerScale OneFS is an operating system from Dell USA. PowerScale OneFS operating system that provides horizontal scaling of NAS. Dell PowerScale OneFS suffers from an authorization issue vulnerability that stems from incorrect default permissions. An attacker could exploit this vulnerabilit...

The vulnerability of the Manage Journal Entry Template component of the SAP S/4HANA software platform allows a malicious individual to gain access to read, modify, or delete files.

The vulnerability of the Manage Journal Entry Template component of the SAP S/4HANA software platform is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain read, modify, or delete access to files...

Pleasanter 路径遍历漏洞

Pleasanter is a free OSS no-code/low-code development tool from Pleasanter. A security vulnerability exists in Pleasanter 1.3.39.2 and earlier versions, which can be exploited by an attacker to alter arbitrary files on the server...

CVE-2023-31437

An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."...

CVE-2023-31439

CVE-2023-31439 : Affects systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file so that integrity checking shows no error, despite modifications. The Initial Description notes the vendor replied denying that this finding is a security vulnera...

CVE-2023-31437

An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."...

CVE-2023-29401

The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of...

CVE-2023-32540

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system including system files, inject code into an XLS file, and modify the file extension, which could lead to arbitrary code...

CVE-2023-32628

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution...

CVE-2023-32540

Affected product: Advantech WebAccess/SCADA (versions 9.1.3 and prior). The vulnerability is an arbitrary file overwrite in the software that could allow overwriting any OS file, injecting code into an XLS file, and changing file extensions, potentially enabling arbitrary code execution. Impact i...

CVE-2023-32628

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution...