The vulnerability of the application deployment automation tool in Kubernetes ArgoCD, related to writing beyond the buffer in memory, allows a malicious actor to write or modify any YAML file.

The vulnerability of the Kubernetes ArgoCD application deployment automation tool relates to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to write or modify any YAML file...

GHSA-Q874-G24W-4Q9G Jupyter server Token bruteforcing

Affects: Notebook and Lab between 6.4.0?potentially earlier and 6.4.11 currently latest. Jupyter Server =1.16.0. If I am correct about the responsible code it will affect Jupyter-Server 1.17.0 and 2.0.0a0 as well. Description: If notebook server is started with a value of rootdir that contains th...

Jupyter Server 安全漏洞

Jupyter Server is a Jupyter community application used to provide back-end services for Jupyter web applications. A security vulnerability exists in Jupyter Server versions prior to 1.17.1. An attacker could exploit this vulnerability to disclose access tokens to a malicious third party and modif...

MGASA-2022-0216 Updated webmin packages fix security vulnerability

Less privileged Webmin users excluding those created by Virtualmin and Cloudmin can modify arbitrary files with root privileges, and so run commands as root CVE-2022-30708...

The vulnerability of the CLI component of Cisco SD-WAN microprogramming software allows a hacker to enhance their privileges.

The vulnerability of the CLI component of Cisco SD-WAN microprogramming software is related to access control deficiencies. Exploiting this vulnerability can allow attackers to enhance their privileges by modifying certain files on the vulnerable device...

CVE-2022-26688

An issue in the handling of symlinks was addressed with improved validation. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious app with root privileges may be able to modify the contents of system files...

Apple macOS Monterey 后置链接漏洞

Apple macOS Monterey is the 18th major release of Apple's macOS for the Macintosh desktop operating system. A security vulnerability exists in Apple macOS Monterey version 12.3. An attacker has exploited the vulnerability to modify the contents of system files...

Improper Privilege Management in Spring Framework

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by recreating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFl...

GHSA-6VC8-3XF2-QRXX Magento 2 Community Edition RCE Vulnerability

In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, and Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an authenticated user with administrative privileges for the import feature can execute arbitrary code through a race condition that allows webserver configuration file...

GHSA-3H69-4FRW-G2JM Magento 2 Community Unrestricted File Upload

A file upload restriction bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to the import feature can make modifications to a configuration file, resulting in potentially unauthorized removal o...

GHSA-R7C8-HGHC-2MP8 Apache Tomcat Allows Replacing of XML Parser

Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the 1 web.xml, 2 context.xml, or 3 tld files of arbitrary web applications via a crafted application that is loaded earlier than the targ...

Apache Tomcat Allows Replacing of XML Parser

Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the 1 web.xml, 2 context.xml, or 3 tld files of arbitrary web applications via a crafted application that is loaded earlier than the targ...

GHSA-5PJJ-7M4P-WFH2 ocrodjvu is vulnerable to Arbitrary File Modification via symlink attack

ocrodjvu 0.4.6-1 on Debian GNU/Linux allows local users to modify arbitrary files via a symlink attack on temporary files that are generated when Cuneiform is invoked as the OCR engine...

ocrodjvu is vulnerable to Arbitrary File Modification via symlink attack

ocrodjvu 0.4.6-1 on Debian GNU/Linux allows local users to modify arbitrary files via a symlink attack on temporary files that are generated when Cuneiform is invoked as the OCR engine...

Fidelis Network Deception 安全漏洞

Fidelis Network Deception is a security product from Fidelis USA, Inc. It is used to detect threats and prevent data loss, with features such as detecting malicious behavior, identifying traffic anomalies, and automatically responding to advanced threats.A security vulnerability exists in version...

GHSA-4R2W-W73W-36JM eyeD3 is vulnerable to arbitrary file modification via symlink attack

tag.py in eyeD3 aka python-eyed3 0.7.5 and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file...

Mercurial missing symlink check

Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository...

VulnCheck KEV: CVE-2022-30525

A command injection vulnerability in the CGI program of some Zyxel firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device...

CVE-2022-30525

A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100W firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1,...

The vulnerability of the iControl REST API for BIG-IP application protection interfaces allows a attacker to execute arbitrary commands, modify or delete files.

The vulnerability of the iControl REST API for BIG-IP application protection interfaces is related to the lack of authentication checks for a critical function. Exploiting this vulnerability allows an attacker to execute arbitrary commands, modify or delete files remotely...