Circle with Disney Backlink Vulnerability

Circle with Disney is a set of network monitoring and management devices for monitoring children's online behavior from Circle Media, Inc. in the United States. A backlink vulnerability exists in the /api/CONFIG/restore function in Circle with Disney version 2.0.1. An attacker can exploit this...

Amazon Linux AMI : ruby24 (ALAS-2017-915)

Arbitrary heap exposure during a JSON.generate call Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte,...

Medium: ruby24

Issue Overview: Arbitrary heap exposure during a JSON.generate call Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a...

Unauthorized File Overwrite

Apache Derby is vulnerable to unauthorized file overwrites. The library accepts the file:// protocol in the url, allowing a malicious user to overwrite existing files when exporting files...

CVE-2010-2232

In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file...

Design/Logic Flaw

In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file...

CVE-2010-2232

CVE-2010-2232 (Apache Derby) is an export-processing flaw affecting Derby versions 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3. A remote attacker could exploit the export functionality to overwrite an existing file. This is documented across multiple sources (NVD entry and related advisories) and ...

CVE-2010-2232

In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file...

Huawei FusionSphere OpenStack Path Checksum Vulnerability

Huawei FusionSphere and FusionSphere OpenStack FSO are both Huawei products. The former is a cloud operating system product developed based on the OpenStack framework, and the latter is FusionSphere's cloud platform software in ICT scenarios. A path checking vulnerability exists in Huawei...

Pidgin MXIT Splash Image Arbitrary File Overwrite Vulnerability(CVE-2016-4323)

DESCRIPTION A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splas...

Microsoft Windows CVE-2017-11829 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to overwrite files with elevated privileges in the context of the affected system. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft...

MGASA-2017-0362 Updated flightgear packages fix security vulnerability

In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree. Mageia provides 2017.3.1 version as a security and bugfix update, allowing to connect to latest multiplayer serve...

Updated flightgear packages fix security vulnerability

In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree. Mageia provides 2017.3.1 version as a security and bugfix update, allowing to connect to latest multiplayer serve...

CVE-2017-1301

IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the...

USN-3439-1 ruby1.9.1 vulnerabilities

It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. CVE-2017-0898 Yusuke Endoh discovered that Ruby incorrectly handled certain files. An attacker could use this to execute terminal escape sequences. CVE-2017-0899 Yusuke Endoh...

Amazon Linux AMI : ruby22 / ruby23 (ALAS-2017-906)

SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM commands in Net::SMTP A SMTP command injection flaw was found in the way Ruby's Net::SMTP module handled CRLF sequences in certain SMTP commands. An attacker could potentially use this flaw to inject SMTP commands in a SMTP session...

Chef Software Directory Traversal Vulnerability

Chef Software is a set of server application configuration tools written in Ruty and Erlang by Chef Software. mixlib-archive is one of the gem extraction archive tools. A directory traversal vulnerability exists in Chef Software in versions 0.3.0 and earlier of mixlib-archive. A remote attacker c...

CVE-2017-7549

A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploi...

Moderate: Red Hat Security Advisory: instack-undercloud security, bug fix, and enhancement update

An update for instack-undercloud is now available for Red Hat OpenStack Platform 11.0 Ocata. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2017-1452

IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 includes DB2 Connect Server could allow a local user to obtain elevated privilege and overwrite DB2 files. IBM X-Force ID: 128180...