Lucene search
K

6892 matches found

BDU FSTEC
BDU FSTEC
added 2020/09/11 12:0 a.m.6 views

The vulnerability of Cisco Enterprise NFV Infrastructure Software (NFVIS) relates to incorrect path name restrictions for access-limited directories, allowing a perpetrator to re-record arbitrary files in the operating system of the vulnerable device.

The vulnerability of Cisco Enterprise NFV Infrastructure Software NFVIS is related to incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor to re-record any files in the operating system of the vulnerable device remotely...

4.3CVSS6.6AI score0.01612EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2020/09/10 12:0 a.m.3 views

Microsoft OneDrive for Windows Elevation of Privilege Vulnerability (CNVD-2020-54060)

OneDrive is a file hosting service and synchronization service introduced by Microsoft as part of the Web version of Office. An elevation of privilege vulnerability exists in OneDrive for Windows. The vulnerability stems from the OneDrive for Windows desktop application not properly handling...

7.1CVSS7AI score0.00998EPSS
Exploits0References1
CNVD
CNVD
added 2020/09/10 12:0 a.m.3 views

Microsoft OneDrive for Windows Elevation of Privilege Vulnerability (CNVD-2020-54062)

OneDrive is a file hosting service and synchronization service introduced by Microsoft as part of the Web version of Office. An elevation of privilege vulnerability exists in OneDrive for Windows. The vulnerability stems from the OneDrive for Windows desktop application not properly handling...

7.1CVSS7AI score0.00975EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2020/09/09 12:0 a.m.22 views

Microsoft OneDrive Multiple Vulnerabilities (Sep 2020)

This host is missing an important security update according to Microsoft Security Updates for month of September SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

7.1CVSS6.9AI score0.00998EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2020/09/08 7:0 a.m.39 views

OneDrive for Windows Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevated status. To exploit this vulnerability, an attacker would...

7.1CVSS2.4AI score0.00998EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2020/09/08 12:0 a.m.4 views

PT-2020-4019 · Microsoft · Onedrive For Windows Desktop

Name of the Vulnerable Software and Affected Versions: OneDrive for Windows Desktop affected versions not specified Description: The issue arises from the improper handling of symbolic links by the OneDrive for Windows Desktop application, leading to a potential elevation of privilege. An attacke...

7.1CVSS7.2AI score0.00975EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2020/09/08 12:0 a.m.3 views

PT-2020-4024 · Microsoft · Onedrive For Windows

Name of the Vulnerable Software and Affected Versions: OneDrive for Windows affected versions not specified Description: The issue is related to the improper handling of symbolic links by the OneDrive for Windows Desktop application. This could allow an attacker to overwrite a targeted file with ...

7.1CVSS6.9AI score0.00942EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2020/09/07 2:21 p.m.64 views

CVE-2019-20916

A flaw was found in the pip package installer for Python when downloading or installing a remote package via a specified URL. Improper validation of the "Content-Disposition" HTTP response header makes a path traversal attack possible, leading to an arbitrary file overwrite. This flaw allows an...

8CVSS5.4AI score0.03028EPSS
Exploits1References3
OSV
OSV
added 2020/09/04 8:15 p.m.41 views

PYSEC-2020-192

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorizedkeys file. This occurs in downloadhttpurl in internal/download.py...

3.7AI score
Exploits0References6
Cvelist
Cvelist
added 2020/09/04 7:20 p.m.29 views

CVE-2019-20916

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorizedkeys file. This occurs in downloadhttpurl in internal/download.py...

7.8AI score0.03028EPSS
Exploits1References8
OSV
OSV
added 2020/09/04 3:15 a.m.4 views

CVE-2020-3478

A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an affected device. The vulnerability is due to insufficient authorization enforcement on an affected system...

8.1CVSS7.3AI score0.01213EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/09/04 2:25 a.m.16 views

CVE-2020-3478 Cisco Enterprise NFV Infrastructure Software File Overwrite Vulnerability

A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an affected device. The vulnerability is due to insufficient authorization enforcement on an affected system...

8.1CVSS8.1AI score0.01213EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2020/09/04 2:25 a.m.14 views

CVE-2020-3478 Cisco Enterprise NFV Infrastructure Software File Overwrite Vulnerability

A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an affected device. The vulnerability is due to insufficient authorization enforcement on an affected system...

8.1CVSS6.9AI score0.01213EPSS
Exploits0References1
CVE
CVE
added 2020/09/04 2:25 a.m.46 views

CVE-2020-3478

CVE-2020-3478 affects Cisco Enterprise NFV Infrastructure Software (NFVIS). The REST API vulnerability arises from insufficient authorization enforcement, allowing an authenticated remote attacker to upload a file via the REST API and overwrite restricted files, potentially degrading system funct...

8.1CVSS8.1AI score0.01213EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2020/09/04 12:0 a.m.1 views

Reload vulnerability in ZZCMS in***.php page

ZZCMS is a free website builder developed in asp language. A reinstallation vulnerability exists in the ZZCMS in.php page. An attacker can exploit the vulnerability to overwrite previous files resulting in a system reinstallation...

6.9AI score
Exploits0
Veracode
Veracode
added 2020/09/03 4:31 a.m.9 views

Arbitrary File Overwrite

decompress-zip is vulnerable to arbitrary file overwrite. The vulnerability exists as it does not verify that extract files can escape out of the extraction root directory...

3.5AI score
Exploits0
CNVD
CNVD
added 2020/09/03 12:0 a.m.1 views

Cisco Enterprise NFV Infrastructure Software File Overwrite Vulnerability

Cisco Enterprise NFV Infrastructure Software is a lightweight virtualization platform that integrates complete VM lifecycle management, monitoring, device programmability, and service chaining in one installable package. A file overwrite vulnerability exists in Cisco Enterprise NFV Infrastructure...

8.1CVSS6.8AI score0.01213EPSS
Exploits0References1
CISA
CISA
added 2020/09/03 12:0 a.m.10 views

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page. The Cybersecurity and...

7.8AI score
Exploits0References6
Cisco
Cisco
added 2020/09/02 4:0 p.m.27 views

Cisco Enterprise NFV Infrastructure Software File Overwrite Vulnerability

A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an affected device. The vulnerability is due to insufficient authorization enforcement on an affected system...

8.1CVSS8.1AI score0.01213EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/08/28 12:0 a.m.53 views

Oracle Linux 8 : nodejs:10 (ELSA-2020-0579)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-0579 advisory. - Rebase to 10.19.0 to fix CVE-2019-15604 to CVE-2019-15606 - Rebase to 10.16.3 to fix CVE-2019-9511 to CVE-2019-9518 Tenable has extracted the precedi...

9.8CVSS7.6AI score0.58373EPSS
Exploits2References7
Rows per page
Query Builder