Lucene search
K

6886 matches found

CNVD
CNVD
added 2019/05/09 12:0 a.m.4 views

Apache Karaf Arbitrary File Download Vulnerability

Apache Karaf is the United States Apache Apache Foundation for the deployment of applications and components of a lightweight OSGi Java Dynamic Modular System container. A security vulnerability exists in Apache Karaf versions prior to 4.2.5. An attacker could exploit the vulnerability to overwri...

5.5CVSS7.2AI score0.01836EPSS
Exploits0References1
OPENSUSE Linux
OPENSUSE Linux
added 2019/05/08 12:0 a.m.107 views

Security update for hostinfo, supportutils (important)

openSUSE Security Update: Security update for hostinfo, supportutils Announcement ID: openSUSE-SU-2019:1351-1 Rating: important References: 1054979 1099498 1115245 1117751 1117776 1118460 1118462 1118463 1125623 1125666 Cross-References: CVE-2018-19636 CVE-2018-19637 CVE-2018-19638 CVE-2018-19639...

7.8CVSS6.8AI score0.00503EPSS
Exploits0References10
Ubuntu
Ubuntu
added 2019/05/06 5:19 p.m.116 views

USN-3968-1: Sudo vulnerabilities

Florian Weimer discovered that Sudo incorrectly handled the noexec restriction when used with certain applications. A local attacker could possibly use this issue to bypass configured restrictions and execute arbitrary commands. CVE-2016-7076 It was discovered that Sudo did not properly parse the...

8.2CVSS7AI score0.00573EPSS
Exploits0
ArchLinux
ArchLinux
added 2019/05/06 12:0 a.m.19 views

[ASA-201905-1] munin: arbitrary file overwrite

Arch Linux Security Advisory ASA-201905-1 ========================================= Severity: High Date : 2019-05-06 CVE-ID : CVE-2017-6188 Package : munin Type : arbitrary file overwrite Remote : Yes Link : https://security.archlinux.org/AVG-953 Summary ======= The package munin before version...

5.5CVSS2.1AI score0.00421EPSS
Exploits0References5
NVD
NVD
added 2019/05/03 8:29 p.m.30 views

CVE-2019-6614

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully effective. An authenticated attacker with a high privilege level may be able to bypass protections implemented in appliance mode to overwrite...

6.5CVSS6.3AI score0.01435EPSS
Exploits0References2
OSV
OSV
added 2019/05/03 8:29 p.m.2 views

CVE-2019-6614

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully effective. An authenticated attacker with a high privilege level may be able to bypass protections implemented in appliance mode to overwrite...

6.5CVSS5.8AI score0.01435EPSS
Exploits0References2
Prion
Prion
added 2019/05/03 8:29 p.m.21 views

Design/Logic Flaw

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully effective. An authenticated attacker with a high privilege level may be able to bypass protections implemented in appliance mode to overwrite...

5.5CVSS6.4AI score0.01435EPSS
Exploits0References2Affected Software13
CVE
CVE
added 2019/05/03 7:9 p.m.60 views

CVE-2019-6614

CVE-2019-6614 affects F5 BIG-IP appliances in Appliance Mode. Vulnerability arises because internal protections against arbitrary file overwrites are not fully effective, allowing an authenticated attacker with high privileges to bypass appliance-mode protections and overwrite arbitrary system fi...

6.5CVSS6.3AI score0.01435EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/05/03 7:9 p.m.30 views

CVE-2019-6614

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully effective. An authenticated attacker with a high privilege level may be able to bypass protections implemented in appliance mode to overwrite...

6.3AI score0.01435EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2019/05/03 12:0 a.m.4 views

PT-2019-18196 · F5 · F5 Big-Ip

Name of the Vulnerable Software and Affected Versions: F5 BIG-IP versions 12.1.0 through 12.1.4 F5 BIG-IP versions 13.0.0 through 13.1.1.4 F5 BIG-IP versions 14.0.0 through 14.1.0.1 Description: The internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully...

6.5CVSS6.3AI score0.01435EPSS
Exploits0References4
Veracode
Veracode
added 2019/05/02 4:58 a.m.19 views

Directory Traversal

camel-core is vulnerable to directory traversal. The file producer does not validate file names before creating, allowing an attacker to write or overwrite files outside of the starting directory...

7.5CVSS7.5AI score0.08482EPSS
Exploits1References11Affected Software1
Veracode
Veracode
added 2019/05/02 4:58 a.m.28 views

Arbitrary File Overwrite

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

10CVSS7.6AI score0.10117EPSS
Exploits1References26Affected Software3
Veracode
Veracode
added 2019/05/02 4:52 a.m.36 views

Arbitrary File Overwrite

Red Hat OpenShift Enterprise is a cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. Refer to the Red Hat OpenShift Enterprise 1.1 Release Notes for information about the changes in this release. The Release Notes will be available shortly fr...

7.5CVSS6.7AI score0.04458EPSS
Exploits2References44Affected Software20
Veracode
Veracode
added 2019/05/02 2:32 a.m.20 views

Arbitrary File Overwrite

tar-fs is vulnerable to arbitrary file overwrite attacks. The attack is possible because it does not restrict the target of tarball containing hardlink from overwriting an existing file with an identical name as the hardlink, allowing arbitrary file overwrite attacks if an attacker gets control...

7.5CVSS7.4AI score0.02106EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2019/05/01 6:37 p.m.41 views

Arbitrary File Overwrite in tar

Versions of tar prior to 4.4.2 for 4.x and 2.2.2 for 2.x are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink will overwrite the system's file with the contents of the extracted file...

7.5CVSS3.1AI score0.03145EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2019/05/01 6:37 p.m.1 views

GHSA-J44M-QM6P-HP7M Arbitrary File Overwrite in tar

Versions of tar prior to 4.4.2 for 4.x and 2.2.2 for 2.x are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink will overwrite the system's file with the contents of the extracted file...

7.5CVSS7.1AI score0.03145EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2019/05/01 6:37 p.m.46 views

Improper Input Validation in tar-fs

A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the...

7.5CVSS1.5AI score0.02106EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2019/05/01 6:37 p.m.18 views

GHSA-X2MC-8FGJ-3WMR Improper Input Validation in tar-fs

A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the...

7.5CVSS7.3AI score0.02106EPSS
Exploits1References4
Prion
Prion
added 2019/04/30 10:29 p.m.19 views

Design/Logic Flaw

In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file...

5.5CVSS6.5AI score0.04872EPSS
Exploits1References9Affected Software1
NVD
NVD
added 2019/04/30 7:29 p.m.26 views

CVE-2018-20834

A vulnerability was found in node-tar before version 4.4.2 excluding version 2.2.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This...

7.5CVSS7.8AI score0.03145EPSS
Exploits1References7
Rows per page
Query Builder