Lucene search
K

6886 matches found

OSV
OSV
added 2018/07/19 7:39 a.m.5 views

SUSE-SU-2018:1992-1 Security update for perl

This update for perl fixes the following issues: - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files bsc1096718...

7.5CVSS7.7AI score0.08207EPSS
Exploits1References3
CVE
CVE
added 2018/07/18 11:0 p.m.57 views

CVE-2018-0349

Cisco SD-WAN Solution contains a vulnerability (CVE-2018-0349) where an authenticated, remote attacker could overwrite arbitrary files on the device by abusing improper input validation of the request admin-tech command in the CLI. A successful exploit could escalate privileges to root. Affected ...

10CVSS9.5AI score0.03046EPSS
Exploits0References2Affected Software5
Cisco
Cisco
added 2018/07/18 4:0 p.m.44 views

Cisco SD-WAN Solution Arbitrary File Overwrite Vulnerability

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the request admin-tech command in the CLI of the affected...

8.6CVSS2.6AI score0.03046EPSS
Exploits0References1
Veracode
Veracode
added 2018/07/17 6:21 a.m.28 views

Arbitrary File Overwrite

libarchive.so is vulnerable to arbitrary file overwrite attacks. The vulnerability exists as sandboxing restrictions can be evaded through hard links with data, causing file overwrites...

7.5CVSS8AI score0.04707EPSS
Exploits1References14Affected Software1
OSV
OSV
added 2018/07/17 2:29 a.m.10 views

CVE-2018-14329

In HTSlib 1.8, a race condition in cram/cramio.c might allow local users to overwrite arbitrary files via a symlink attack...

4.7CVSS6.7AI score
Exploits0References1
NVD
NVD
added 2018/07/17 2:29 a.m.10 views

CVE-2018-14329

In HTSlib 1.8, a race condition in cram/cramio.c might allow local users to overwrite arbitrary files via a symlink attack...

4.7CVSS4.6AI score0.00247EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/07/17 2:0 a.m.17 views

CVE-2018-14329

In HTSlib 1.8, a race condition in cram/cramio.c might allow local users to overwrite arbitrary files via a symlink attack...

4.6AI score0.00247EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2018/07/17 2:0 a.m.13 views

CVE-2018-14329

In HTSlib 1.8, a race condition in cram/cramio.c might allow local users to overwrite arbitrary files via a symlink attack...

4.7CVSS4.7AI score0.00247EPSS
Exploits1
CNVD
CNVD
added 2018/07/17 12:0 a.m.2 views

HTSlib Arbitrary File Overwrite Vulnerability

HTSlib is a library written in C for accessing high-throughput sequencing data such as SAM, CRAM and VCF. A competitive condition vulnerability exists in the cram/cramio.c file in HTSlib version 1.8. An attacker can exploit this vulnerability by performing a symbolic link attack to overwrite...

4.7CVSS5AI score0.00247EPSS
Exploits1References1
CNVD
CNVD
added 2018/07/12 12:0 a.m.4 views

Google Kubernetes Arbitrary File Overwrite Vulnerability

Google Kubernetes is an open source Docker container cluster management system from Google, Inc. The system provides resource scheduling, deployment and operation, service discovery and scaling up and down for containerized applications. Google Kubernetes has a security vulnerability that stems...

5.5CVSS5.5AI score0.0159EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2018/07/11 6:55 p.m.26 views

Security Bulletin: IBM® Db2® is affected by multiple file overwrite vulnerabilities (CVE-2018-1450, CVE-2018-1449, CVE-2018-1451, CVE-2018-1452)

Summary Db2 is affected by multiple file overwrite vulnerabilities. An unprivileged user can overwrite arbitrary files by creating a symlink that points to a file owned by the Db2 instance account. Vulnerability Details CVEID: CVE-2018-1450 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows include...

5.5CVSS0.5AI score0.00383EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2018/07/05 12:0 a.m.1 views

Microsoft Windows ADODB.Record Object File Overwrite Vulnerability

Microsoft Windows is a set of operating systems developed by Microsoft Corporation in the U.S. Windows uses a graphical mode GUI. An overwrite vulnerability exists in the Microsoft Windows ADODB.Record object file. An attacker can exploit the vulnerability to overwrite arbitrary files...

6.9AI score
Exploits0References1
Cvelist
Cvelist
added 2018/07/02 2:0 p.m.20 views

CVE-2018-13054

An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of for example other users' icon files in onfacebrowsemenuitemactivated and onfacemenuitemactivated. These icon files are written to the respective user's $HOME/.face...

7.9AI score0.02201EPSS
Exploits0References3
OSV
OSV
added 2018/06/29 7:29 p.m.6 views

CVE-2018-10860

perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary...

7.5CVSS7.4AI score0.48716EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2018/06/24 10:29 p.m.20 views

CVE-2018-12713

GIMP through 2.10.2 makes ggettmpdir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimpwriteandreadfile function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was...

9.1CVSS6.8AI score0.01947EPSS
Exploits0References1
NVD
NVD
added 2018/06/24 10:29 p.m.8 views

CVE-2018-12713

GIMP through 2.10.2 makes ggettmpdir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimpwriteandreadfile function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was...

9.1CVSS9AI score0.01947EPSS
Exploits0References2
CVE
CVE
added 2018/06/24 10:0 p.m.136 views

CVE-2018-12713

GIMP (up to version 2.10.2) is affected by CVE-2018-12713. The issue arises from g_get_tmp_dir usage to create temporary filenames, which may generate a name that already exists, enabling an attacker to overwrite files or read private content as demonstrated by test-xcf.c. The connected documents...

9.1CVSS8.8AI score0.01947EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2018/06/24 10:0 p.m.16 views

CVE-2018-12713

GIMP through 2.10.2 makes ggettmpdir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimpwriteandreadfile function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was...

9.1CVSS7.7AI score0.01947EPSS
Exploits0
Broadcom
Broadcom
added 2018/06/21 12:0 a.m.7 views

BSA-2018-662

Security Advisory ID : BSA-2018-662 Component : Zip Slip Revision : 1.1: update Snyk Security team discloses a widespread arbitrary file overwrite critical vulnerability, which typically results in remote command execution. The flaw which has been named Zip Slip affects numerous archive-extractio...

9.8CVSS7.4AI score0.15359EPSS
Exploits11
OSV
OSV
added 2018/06/17 9:26 p.m.7 views

MGASA-2018-0287 Updated freedink-dfarc package fixes security vulnerability

Sylvain Beucler and Dan Walma discovered several directory traversal issues in DFArc as well as in the RTsoft's Dink Smallwood HD / ProtonSDK version, allowing an attacker to overwrite arbitrary files on the user's system CVE-2018-0496. This release fixes it, and brings translation updates...

7.5CVSS7.5AI score0.02448EPSS
Exploits0References3
Rows per page
Query Builder