Lucene search
K

6886 matches found

Cvelist
Cvelist
added 2018/11/09 12:0 a.m.18 views

CVE-2018-1799

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 could allow a local unprivileged user to overwrite files on the system which could cause damage to the database. IBM X-Force ID: 149429...

6.2CVSS6.1AI score0.00428EPSS
Exploits0References4
CNVD
CNVD
added 2018/11/09 12:0 a.m.1 views

IBM DB2 Privilege Mobilization Vulnerability (CNVD-2018-22924)

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBM i, z/OS, and Windows server versions. A lift vulnerability exists in all revision packages of several versions of IBM DB2 including DB2...

6.2CVSS6AI score0.00428EPSS
Exploits0References1
CNVD
CNVD
added 2018/11/09 12:0 a.m.1 views

Cisco Prime Collaboration Assurance Arbitrary File Overwrite Vulnerability

Cisco Prime Collaboration Assurance PCA is the United States Cisco Cisco a set of enterprise collaboration network management solutions. The program supports a unified management console to simplify the management of unified communications and video collaboration network, as well as rapid...

6.5CVSS6.6AI score0.02538EPSS
Exploits0References1
CVE
CVE
added 2018/11/09 12:0 a.m.48 views

CVE-2018-1799

Summary : IBM DB2 for Linux/UNIX/Windows (DB2 Connect Server) versions 9.7, 10.1, 10.5, and 11.1 are affected by CVE-2018-1799 due to a symbolic-link/privilege escalation path. A local unprivileged user could overwrite files, potentially damaging the database; some entries describe escalation to ...

6.2CVSS6AI score0.00428EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2018/11/08 8:29 p.m.1 views

CVE-2018-15450

A vulnerability in the web-based UI of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to overwrite files on the file system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a specific UI input fiel...

6.5CVSS5.8AI score0.02538EPSS
Exploits0References2
OSV
OSV
added 2018/11/08 8:29 p.m.24 views

CVE-2018-19044

keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protectedsymlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or...

4.7CVSS6.5AI score
Exploits0References5
Cvelist
Cvelist
added 2018/11/08 8:0 p.m.19 views

CVE-2018-15450 Cisco Prime Collaboration Assurance File Overwrite Vulnerability

A vulnerability in the web-based UI of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to overwrite files on the file system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a specific UI input fiel...

6.5CVSS6.4AI score0.02538EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2018/11/08 8:0 p.m.10 views

CVE-2018-15450 Cisco Prime Collaboration Assurance File Overwrite Vulnerability

A vulnerability in the web-based UI of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to overwrite files on the file system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a specific UI input fiel...

6.5CVSS6.8AI score0.02538EPSS
Exploits0References2
CVE
CVE
added 2018/11/08 8:0 p.m.145 views

CVE-2018-19044

CVE-2018-19044 applies to keepalived 2.0.8, where improper pathname validation allows local users to overwrite arbitrary files via symlinks when writing to a temporary file (examples: /tmp/keepalived.data or /tmp/keepalived.stats symlinked to /etc/passwd) if fs.protected_symlinks is 0. Connected ...

4.7CVSS4.8AI score0.00501EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2018/11/08 8:0 p.m.51 views

CVE-2018-15450

Cisco Prime Collaboration Assurance (PCA) web-based UI is affected by a vulnerability that allows an authenticated, remote attacker to overwrite files on the filesystem due to insufficient input validation. The issue arises when a crafted value is supplied in a UI input field to specify a path lo...

6.5CVSS6.3AI score0.02538EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/10/31 10:0 p.m.28 views

CVE-2018-15705

WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code...

6.5AI score0.12236EPSS
Exploits5References2
BDU FSTEC
BDU FSTEC
added 2018/10/31 12:0 a.m.4 views

The vulnerability of the X.Org Server software arises from errors in processing and checking command-line parameters, allowing an attacker to gain root privileges and overwrite any file in the operating system.

Vulnerability of the X.Org Server software, caused by errors in processing and checking command-line parameters. Exploiting this vulnerability can allow a remote attacker to gain root privileges and rewrite any file in the operating system using the modulepath and logfile parameters when running...

7.2CVSS7.3AI score0.2704EPSS
Exploits39References7Affected Software1
ThreatPost
ThreatPost
added 2018/10/29 4:13 p.m.527 views

X.Org Flaw Allows Privilege Escalation in Linux Systems

A local privilege-escalation and file-overwrite vulnerability in X.Org X server opens the door to trivial compromise in Linux systems that use the open-source software. The X server is a core graphics and windowing technology that can be found in most Linux and BSD distributions that use a...

7.2CVSS2.2AI score0.2704EPSS
Exploits39References14
Tenable Nessus
Tenable Nessus
added 2018/10/29 12:0 a.m.58 views

Debian DSA-4328-1 : xorg-server - security update

Narendra Shinde discovered that incorrect command-line parameter validation in the Xorg X server may result in arbitary file overwrite, which can result in privilege escalation. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

7.2CVSS7.2AI score0.2704EPSS
Exploits39References4
OSV
OSV
added 2018/10/25 2:42 p.m.7 views

SUSE-SU-2018:3456-1 Security update for xorg-x11-server

This update for xorg-x11-server provides the following fix: Security issue fixed: - CVE-2018-14665: Local attackers could overwrite system files in any directory using the -logfile option and gain privileges bsc1111697 Non security issues fixed: - Do not write past the allocated buffer. bsc107838...

7.2CVSS6.8AI score0.2704EPSS
Exploits39References4
OSV
OSV
added 2018/10/18 12:47 p.m.11 views

SUSE-SU-2018:1972-2 Security update for perl

This update for perl fixes the following issues: These security issue were fixed: - CVE-2018-6913: Fixed space calculation issues in pppack.c bsc1082216. - CVE-2018-6798: Fixed heap buffer overflow in regexec.c bsc1082233. - CVE-2018-6797: Fixed sharp-s regexp overflow bsc1082234. - CVE-2018-1201...

9.8CVSS8.2AI score0.10866EPSS
Exploits1References10
OSV
OSV
added 2018/10/17 7:54 p.m.8 views

GHSA-RHQ2-2574-78MC Unzip function in ZipUtil.java in Hutool allows remote attackers to overwrite arbitrary files via directory traversal

The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive...

7.5CVSS7.2AI score0.02674EPSS
Exploits0References4
Check Point Advisories
Check Point Advisories
added 2018/10/02 12:0 a.m.3 views

Perl Archive Tar Arbitrary File Overwrite (CVE-2018-12015)

An arbitrary file overwrite vulnerability exists in the Perl Tar Archive module. The vulnerability is due to improper handling of a tar archive. Successful exploitation could result in arbitrary file overwrite in the target user's system...

6.4CVSS2.1AI score0.08207EPSS
Exploits1
NVD
NVD
added 2018/10/01 8:29 a.m.13 views

CVE-2018-17828

Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. dot dot in a zip file, because of the function unzzipcat in the bins/unzzipcat-mem.c file...

5.8CVSS5.3AI score0.01538EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2018/10/01 8:29 a.m.19 views

CVE-2018-17828

Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. dot dot in a zip file, because of the function unzzipcat in the bins/unzzipcat-mem.c file...

5.8CVSS6.4AI score0.01538EPSS
Exploits1References1
Rows per page
Query Builder