6892 matches found
Yokogawa CENTUM (Update A)
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Yokogawa Equipment: CENTUM Vulnerabilities: Improper Authentication, Path Traversal 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-224-01...
Code injection
Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings but not access the previous profile. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects...
CVE-2020-15650
CVE-2020-15650 affects Firefox ESR
Libre Office Multiple Vulnerabilities (Jun 2020) - Linux
Libre Office is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:libreoffice:libreoffice";...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2020-1796)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-15593
SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC Inter-Process Communicati...
openSUSE Security Update : curl (openSUSE-2020-908)
This update for curl fixes the following issues : - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option bsc1173027. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security...
Amazon Linux 2 : curl (ALAS-2020-1451)
The version of curl installed on the remote host is prior to 7.61.1-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1451 advisory. command line arguments lead to local file overwrite CVE-2020-8177 Tenable has extracted the preceding description block directly fro...
Medium: curl
Issue Overview: command line arguments lead to local file overwrite CVE-2020-8177 Affected Packages: curl Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update...
Cisco Firepower Device Manager On-Box Software Arbitrary File Overwrite (cisco-sa-fdmfo-HvPWKxDe)
According to its self-reported version, Cisco Firepower Device Manager FDM On-Box software is affected by an arbitrary file overwrite vulnerability due to improper input validation. An authenticated, remote attacker can exploit this by uploading a malicious file to an affected device in order to...
Red Hat curl local file overwrite (CVE-2020-8177) (deprecated)
This plugin has been deprecated by the RedHat distribution specific plugins 142705 and 142414. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2020/11/16. Deprecated by redhat-RHSA-2020-4599.nasl and redhat-RHSA-2020-5002.nasl. include'compat.inc'; if description scriptid138374;...
The vulnerability of the PuTTY encryption protection mechanism, related to key management errors, allows a hacker to overwrite files in the system.
The vulnerability of the PuTTY encryption protection tool is related to key management errors. Exploiting this vulnerability could allow a malicious actor to re-record files within the system remotely...
SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2020:1733-1)
This update for curl fixes the following issues : CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option bsc1173027. CVE-2020-8169: Fixed an issue where could have led to partial password leak over DNS on HTTP...
SUSE SLES12 Security Update : curl (SUSE-SU-2020:1732-1)
This update for curl fixes the following issues : CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option bsc1173027. Note that Tenable Network Security has extracted the preceding description block directly from th...
SUSE SLES12 Security Update : curl (SUSE-SU-2020:1735-1)
This update for curl fixes the following issues : CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option bsc1173027. Note that Tenable Network Security has extracted the preceding description block directly from th...
CVE-2020-12062
The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the...
MGASA-2020-0282 Updated curl packages fix security vulnerability
Updated curl packages fix security vulnerabilities: libcurl can be tricked to prepend a part of the password to the host name before it resolves it, potentially leaking the partial password over the network and to the DNS servers CVE-2020-8169. curl can be tricked by a malicious server to overwri...
openSUSE: Security Advisory for curl (openSUSE-SU-2020:0908-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2020:0908-1 Security update for curl
This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option bsc1173027. This update was imported from the SUSE:SLE-15:Update update project...
CVE-2019-3681
A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that c...