6891 matches found
CVE-2020-13833
An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 software. The system area allows arbitrary file overwrites via a symlink attack. The Samsung ID is SVE-2020-17183 June 2020...
Cisco IOx Application Framework Backlink Vulnerability
Cisco Iox is the U.S. Cisco Cisco a combination of Cisco IOS and Linux OS for secure network connectivity and the development of IOT applications for secure development environment. A backlink vulnerability exists in Cisco IOx Application Framework versions prior to 1.9.0, which arises from a...
Design/Logic Flaw
A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient path restriction...
CVE-2020-3237 Cisco IOx Application Framework Arbitrary File Overwrite Vulnerability
A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient path restriction...
CVE-2020-3237 Cisco IOx Application Framework Arbitrary File Overwrite Vulnerability
A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient path restriction...
CVE-2019-15709
An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI...
Design/Logic Flaw
The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the...
CVE-2020-12062
The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the...
CVE-2020-12062
CVE-2020-12062 affects the OpenSSH scp client (OpenSSH 8.2). The issue arises when a utimes system call fails, causing the scp client to send duplicate responses to the server. A malicious unprivileged user on the remote server can leverage this to overwrite arbitrary files in the client’s downlo...
Dell Dock Firmware Update Utilities Code Issue Vulnerability
Dell Dock Firmware Update Utilities is a firmware update utility for Dell Docking Station from Dell USA. A code issue vulnerability exists in the Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations. A local attacker could exploit this vulnerability by...
CVE-2020-5357
Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. The vulnerability is limited to the Dell Dock Firmware Update Utilities during the time window while being executed by an administrator. During this time...
CVE-2020-5357
Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. The vulnerability is limited to the Dell Dock Firmware Update Utilities during the time window while being executed by an administrator. During this time...
CVE-2020-5357
CVE-2020-5357 :Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. The flaw is exploitable during the administrator execution window via a symlink attack by a locally authenticated, low-privileged user, en...
Cisco Firepower Management Center File Overwrite (cisco-sa-fmcai-z5dQObVN)
File overwrite vulnerability exist in the web UI of Cisco Firepower Management Center due to insufficient input validation. An authenticated, remote attacker can exploit this by sending crafted input to the web UI in order to overwrite files on the file system of the affected device. Please see t...
Kata Containers Access Control Error Vulnerability
Kata Containers is an open source lightweight virtual machine builder from the Kata Containers community. An Access Control Error vulnerability exists in Kata Containers versions prior to 1.11.0 on Cloud Hypervisor, which can be exploited by an attacker to overwrite an image file and take control...
Ansible Tower 3.6.x =< 3.6.3 Archive Traversal Arbitrary File Overwrite Vulnerability
The version of Ansible Tower running on the remote web server is 3.6.x equal or prior to 3.6.3. It is, therefore, affected by an archive traversal arbitrary file overwrite vulnerability when extracting tar.gz archives. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Micro Star Dragon Center Security Vulnerability
Micro Star Dragon Center is an application for management control of MSI components, desktop systems, and peripherals from Micro Star Technology Micro Star of Taiwan, China. A security vulnerability exists in the "C:\%PROGRAMDATA\%MSIDragon Center" folder of Micro Star Dragon Center version...
Directory traversal
Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dragon Center before 2.6.2003.2401, shipped with Micro-Star MSI Gaming laptops, allows local authenticated users to overwrite system files and gain escalated privileges. One attack method is to change the Recommended App binary...
SRC-2020-0027 : Microsoft Exchange Server NewExchangeCertificate WriteRequest File Overwrite Denial of Service Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to cause a denial of service against affected installations of Exchange Server. Authentication with the “Exchange Server Certificates” role is required to exploit this vulnerability. The specific flaw exists within the processing o...
RHEL 7 : buildah (RHSA-2020:2116)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2116 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a...