Lucene search
K

6886 matches found

NVD
NVD
added 2019/11/12 9:15 p.m.19 views

CVE-2010-3095

mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files. NOTE: this issue exists because of an incomplete fix for CVE-2008-5313...

4.7CVSS4.8AI score0.0034EPSS
Exploits0References4
Cvelist
Cvelist
added 2019/11/12 8:24 p.m.23 views

CVE-2010-3095

mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files. NOTE: this issue exists because of an incomplete fix for CVE-2008-5313...

5.1AI score0.0034EPSS
Exploits0References4
OSV
OSV
added 2019/11/12 7:15 p.m.1 views

CVE-2019-1422

An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1420, CVE-2019-1423...

7.8CVSS7.1AI score0.02076EPSS
Exploits0References2
CVE
CVE
added 2019/11/12 6:53 p.m.104 views

CVE-2019-1422

Technical details for CVE-2019-1422 are not provided in the connected documents. The sources mention Windows elevation-of-privilege context but do not specify affected components, versions, root cause, or fixes. Monitor for updates.

7.8CVSS8.5AI score0.02076EPSS
Exploits0References2Affected Software8
Prion
Prion
added 2019/11/09 3:15 a.m.18 views

Code injection

alsa-utils 1.0.19 and later versions allows local users to overwrite arbitrary files via a symlink attack via the /usr/bin/alsa-info and /usr/bin/alsa-info.sh scripts...

3.6CVSS6.8AI score0.00468EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2019/11/07 8:15 p.m.7 views

CVE-2010-2449

Gource through 0.26 logs to a predictable file name /tmp/gource-$UID.tmp, enabling attackers to overwrite an arbitrary file via a symlink attack...

6.5CVSS6.5AI score0.01749EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2019/11/07 8:15 p.m.24 views

CVE-2010-2449

Gource through 0.26 logs to a predictable file name /tmp/gource-$UID.tmp, enabling attackers to overwrite an arbitrary file via a symlink attack...

6.5CVSS6.7AI score0.01749EPSS
Exploits0References1
CVE
CVE
added 2019/11/07 7:46 p.m.42 views

CVE-2010-2449

CVE-2010-2449 affects Gource up to version 0.26. The vulnerability arises from logging to a predictable file name (/tmp/gource-$UID.tmp), enabling a symlink attack to overwrite an arbitrary file. Impact: potential file tampering with integrity risk; confidentiality/availability not indicated. No ...

6.5CVSS6.4AI score0.01749EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2019/11/06 3:27 p.m.2 views

Ansible: path traversal in the fetch module

A path traversal flaw was found in ansible. The fetch module allows copying and overwriting files outside of the specified destination in the local ansible controller host by not restricting an absolute path. The main threat from this vulnerability is to data confidentiality and integrity...

4.2CVSS7.1AI score0.00522EPSS
Exploits0References5
Veracode
Veracode
added 2019/11/06 12:21 a.m.52 views

Arbitrary File Overwrite

openssh is vulnerable to Arbitrary File Overwrite. Improper validation of object names allows a malicious server to overwrite files on the client-side via scp client...

5.9CVSS6AI score0.58204EPSS
Exploits9References40Affected Software1
RedHat Linux
RedHat Linux
added 2019/11/05 10:29 p.m.8 views

openssh: Improper validation of object names allows malicious server to overwrite files via scp client

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned only directory traversal attacks are prevented...

5.9CVSS7.4AI score0.58204EPSS
Exploits9References5
Veracode
Veracode
added 2019/10/29 9:34 a.m.35 views

Arbitrary File Overwrite

github.com/containers/libpod is vulnerable to arbitrary file overwrite. The vulnerability exists as it does not properly perform symlink processing and wild-card characters parsing, allowing for overwriting of existing files when an undesired glob operation occurs...

5.5CVSS3.9AI score0.0149EPSS
Exploits1References6Affected Software1
CNVD
CNVD
added 2019/10/29 12:0 a.m.9 views

rpcbind Input Validation Error Vulnerability

rpcbind is a server that translates RPC program numbers into generic addresses for use on Linux systems. An input validation error vulnerability in rpcbind version 0.2.0, which originates when the program fails to properly validate the /tmp/portmap.xdr and /tmp/rpcbind.xdr files created by an...

7.8CVSS7AI score0.0042EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/10/28 12:0 a.m.2 views

PT-2019-5382 · Red Hat +4 · Podman +5

Name of the Vulnerable Software and Affected Versions: Podman versions prior to 1.6.0 Description: The issue is related to the handling of symbolic links in the libpod library of Podman. It allows an attacker to create a container image with specific symlinks that, when copied to the host...

7.8CVSS7.7AI score0.83433EPSS
Exploits3References52
OSV
OSV
added 2019/10/23 9:15 p.m.4 views

CVE-2019-18370

An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can control the contents of the files in the decompressed directory. In addition, the application's sh...

9.8CVSS7.3AI score0.40295EPSS
Exploits2References1
Amazon
Amazon
added 2019/10/21 12:0 a.m.40 views

Medium: keepalived

Issue Overview: keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protectedsymlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data...

4.7CVSS5.4AI score0.00501EPSS
Exploits1
NVD
NVD
added 2019/10/16 7:15 p.m.27 views

CVE-2019-15273

Multiple vulnerabilities in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to overwrite arbitrary files. The vulnerabilities are due to insufficient permission enforcement. An attacker could exploit these vulnerabilities by...

6.6CVSS5.3AI score0.00271EPSS
Exploits0References1
CVE
CVE
added 2019/10/16 6:36 p.m.69 views

CVE-2019-15273

CVE-2019-15273 concerns Cisco TelePresence Collaboration Endpoint (CE) Software. The issue is in the CLI and stems from insufficient permission enforcement, allowing an authenticated local attacker (via a remote support user submitting malicious input) to overwrite arbitrary files on the underlyi...

6.6CVSS5.1AI score0.00271EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2019/10/16 6:36 p.m.5 views

CVE-2019-15273 Cisco TelePresence Collaboration Endpoint Software Arbitrary File Overwrite Vulnerabilities

Multiple vulnerabilities in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to overwrite arbitrary files. The vulnerabilities are due to insufficient permission enforcement. An attacker could exploit these vulnerabilities by...

6CVSS7AI score0.00271EPSS
Exploits0References1
Cisco
Cisco
added 2019/10/16 4:0 p.m.52 views

Cisco TelePresence Collaboration Endpoint Software Arbitrary File Overwrite Vulnerabilities

Multiple vulnerabilities in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to overwrite arbitrary files. The vulnerabilities are due to insufficient permission enforcement. An attacker could exploit these vulnerabilities by...

6CVSS1.7AI score0.00271EPSS
Exploits0References1
Rows per page
Query Builder