ant: insecure temporary file vulnerability

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...

Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches 安全漏洞

Cisco NX-OS Software and so on are products of Cisco Corporation.Cisco NX-OS Software is a set of data center-grade operating system software used by switches.Cisco Nexus 3000 Series Switches is a 3000 series switch.Cisco Nexus 9000 Series Switches is a 9000 series switch. A security vulnerabilit...

CVE-2021-23876

Bypass Remote Procedure call in McAfee Total Protection MTP prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file modification as the SYSTEM user potentially causing Denial of Service via executing carefully constructed malware...

CVE-2021-23876 McAfee Total Protection (MTP) Bypass Remote Procedure call vulnerability

Bypass Remote Procedure call in McAfee Total Protection MTP prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file modification as the SYSTEM user potentially causing Denial of Service via executing carefully constructed malware...

PT-2021-15578 · Mcafee · Mcafee Total Protection

Name of the Vulnerable Software and Affected Versions: McAfee Total Protection versions prior to 16.0.30 Description: The issue allows a local user to bypass Remote Procedure Call in McAfee Total Protection, gaining elevated privileges and performing arbitrary file modification as the SYSTEM user...

JTopCMS Backend Logic Flaw Vulnerability of Hefei Mingjing Information Technology Co.

JTopCMS is based on the JavaEE standard , used to manage the site content of the open source web management system . Hefei Mingjing Information Technology Co., Ltd. JTopCMS back-end logic flaws exist in the vulnerability, attackers can use the vulnerability to modify the file suffix...

CVE-2020-10553

An issue was discovered in Psyprax before 3.2.2. The file %PROGRAMDATA%\Psyprax32\PPScreen.ini contains a hash for the lockscreen aka screensaver of the application. If that entry is removed, the lockscreen is no longer displayed and the app is no longer locked. All local users are able to modify...

Design/Logic Flaw

An issue was discovered in Psyprax before 3.2.2. The file %PROGRAMDATA%\Psyprax32\PPScreen.ini contains a hash for the lockscreen aka screensaver of the application. If that entry is removed, the lockscreen is no longer displayed and the app is no longer locked. All local users are able to modify...

CVE-2020-35513

A flaw incorrect umask during file or directory modification in the Linux kernel NFS network file system functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with...

CVE-2020-35513

A flaw incorrect umask during file or directory modification in the Linux kernel NFS network file system functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with...

1E Client Privilege Permission and Access Control Issues Vulnerability (CNVD-2021-02032)

1E Client is an agent-less endpoint management software from 1E 1E Client USA. A security vulnerability exists in 1E Client versions 5.0.0.745, 4.1.0.267, which originates in the %PROGRAMDATA%1EClient directory that allows remote authenticated and local users to create and modify files in...

CVE-2020-35948

An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xclonerrestore.php writefileaction could...

CVE-2020-27643

Affected product: 1E Client (versions 4.1.0.267 and 5.0.0.745). Root cause: MSI installer and related components allow creation of a junction point to a system directory via unreferenced paths, enabling remote authenticated or local users to create/modify files in protected directories. Result: p...

PT-2020-6829 · Unknown · C-Bus Toolkit

Name of the Vulnerable Software and Affected Versions: C-Bus Toolkit versions 1.15.9 and prior Description: A vulnerability exists that could allow remote code execution when an unprivileged user modifies a file. This issue is related to incorrect permission assignment for critical resources, whi...

CVE-2020-8258

Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files...

Input validation

Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files...

phpMyAdmin 4.0.x < 4.0.10.10 / 4.2.x < 4.2.13.3 / 4.3.x < 4.3.13.1 / 4.4.x < 4.4.6.1 Multiple Vulnerabilities (PMASA-2015-2, PMASA-2015-3)

According to its self-reported version, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.10, 4.2.x prior to 4.2.13.3, 4.3.x prior to 4.3.13.1, or 4.4.x prior to 4.4.6.1. It is, therefore, affected by multiple vulnerabilities. - Multiple cross-site request forger...

Kata Containers Security Vulnerability

Kata Containers is an open source lightweight virtual machine builder from the Kata Containers community. A security vulnerability exists in Kata Containers versions prior to 1.11.5 that stems from an improper file permission vulnerability affecting Kata containers. When using a Kubernetes hostPa...

SAP ERP Client E-Bilanz Access Control Error Vulnerability

SAP ERP is a series of software for ERP management from SAP in Germany. An Access Control Error vulnerability exists in SAP ERP Client E-Bilanz version 1.0, which stems from an installation setting incorrectly setting the default file system permissions in its installation folder, allowing anyone...

Security Update for Microsoft Office 2013 (KB4486725) 32-Bit Edition

A security vulnerability exists in Microsoft Office 2013 32-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...