Unspecified vulnerability in mktexlsr (CNVD-2017-30561)

mktexlsr is a library for generating catalogs. A security vulnerability exists in mktexlsr revision 36855 and versions prior to revision 36626. A local attacker can overwrite arbitrary files with the help of symbolic links...

rubygems -- multiple vulnerabilities

Official blog of RubyGems reports: The following vulnerabilities have been reported: a DNS request hijacking vulnerability, an ANSI escape sequence vulnerability, a DoS vulnerability in the query command, and a vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary...

CVE-2017-13709

In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree...

Code injection

In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree...

CVE-2017-13709

In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree...

UBUNTU-CVE-2017-13709

In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree...

DEBIAN-CVE-2017-13709

In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree...

CVE-2017-13709

In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree...

CVE-2017-13709

In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree...

MGASA-2017-0301 Updated perltidy packages fix security vulnerability

perltidy relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink CVE-2016-10374...

Cyrus IMAP Arbitrary File Write Vulnerability

Cyrus IMAP is a free, open source Unix and Linux-based operating system for supporting IMAP Interactive Mail Access Protocol protocol mail server . A security vulnerability exists in Cyrus IMAP versions prior to 3.0.3. The vulnerability can be exploited by a remote attacker to overwrite arbitrary...

CVE-2016-4456

The "GNUTLSKEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem...

NTP.org 'ntpd' ':config' Command Arbitrary File Overwrite Vulnerability

NTP.org SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ntp:ntp"; ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.811253";...

UBUNTU-CVE-2017-1000026

Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries...

SUSE-SU-2017:1865-1 Security update for cryptctl

This update for cryptctl fixes an issue that could have allowed a malicious administrator to craft RPC requests to overwrite files outside of key database. bsc1041963 / CVE-2017-9270...

CVE-2017-1000026

CVE-2017-1000026 affects Chef Software’s Ruby library mixlib-archive (versions ≤ 0.3.0). A directory traversal flaw allows an attacker to overwrite arbitrary files by placing .. in tar archive entries. The vulnerability impact is demonstrated in multiple advisories; Debian fixed it in ruby-mixlib...

CVE-2017-11178

In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to write to arbitrary files via the contents and filename parameters in a route=style action. For example, this can be used to overwrite a .php file because the file extension is not checked...

Buffer Overflow Vulnerability in Multiple IBM DB2 Products

IBM DB2 Express Edition and so on are the products of the United States IBM Corporation. IBM DB2 Express Edition is a set of database server software; DB2 Connect Application Server Edition is a set of mainframe database system. A buffer overflow vulnerability exists in multiple IBM DB2 products....

CVE-2015-7888

Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. dot dot in the name of a file, compressed into a zipped file named cred.zip, and downloaded ...

Ubuntu: Security Advisory (USN-3304-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...