SUSE SLED15 / SLES15 Security Update : gzip (SUSE-SU-2022:1617-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:1617-1 advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's...

RHEL 8 : gzip (RHSA-2022:1665)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:1665 advisory. The gzip packages contain the gzip GNU zip data compression utility. gzip is used to compress regular files. It replaces them with files containing t...

Important: Red Hat Security Advisory: gzip security update

An update for gzip is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

gzip security update

An update is available for gzip. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gzip packages contain the gzip GNU zip data compression utility. gzip is use...

ALSA-2022:1537 Important: gzip security update

The gzip packages contain the gzip GNU zip data compression utility. gzip is used to compress regular files. It replaces them with files containing the .gz extension, while retaining ownership modes, access, and modification times. Security Fixes: gzip: arbitrary-file-write vulnerability...

FANTEC MWiD25-DS 安全漏洞

The FANTEC MWiD25-DS is a wireless extender from FANTEC Germany. A security vulnerability exists in the FANTEC MWiD25-DS that allows an attacker to write to a file and reset a user's password without a valid session cookie...

Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current gzip Vulnerability (SSA:2022-104-02)

The version of gzip installed on the remote host is prior to 1.12. It is, therefore, affected by a vulnerability as referenced in the SSA:2022-104-02 advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name f...

SUSE SLED15 / SLES15 Security Update : xz (SUSE-SU-2022:1158-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1158-1 advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's...

Debian: Security Advisory (DLA-2977-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-2976-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-26627

The CVE-2022-26627 entry concerns Online Project Time Management System v1.0, where an arbitrary file write vulnerability exists that enables an attacker to execute arbitrary code through a crafted HTML file. The connected Red Hat entry reiterates the same description, confirming that the flaw is...

CVE-2021-21968

A file write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to arbitrary file overwrite. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...

Arbitrary file deletion

A file write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to arbitrary file overwrite. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...

CVE-2021-21968

CVE-2021-21968 affects Sealevel Systems SeaConnect 370W v1.3.34. The OTA update task allows a specially crafted MQTT payload to overwrite arbitrary files due to improper input validation in the OTA download logic (notably the dest field can create/open any file). This can enable a MITM attacker t...

Sealevel Systems SeaConnect 370W 安全漏洞

Sealevel Systems SeaConnect 370W is an Industrial Internet of Things Iiot edge device from Sealevel Systems, Inc. The Sealevel Systems SeaConnect 370W is vulnerable to a file-write vulnerability, which stems from the fact that the product's OTA update task feature does not effectively restrict...

CVE-2021-37128

HwPCAssistant has a Path Traversal vulnerability .Successful exploitation of this vulnerability may write any file...

The vulnerability of the “BKBCopyD.exe” service in Yokogawa’s software products allows a hacker to read arbitrary files using the RETR operation, write to arbitrary files using the STOR operation, or obtain confidential database location information using the PMODE operation.

The vulnerability of the “BKBCopyD.exe” service in Yokogawa’s software products is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to read arbitrary files using the RETR operation, write to arbitrary files using the STOR operation, or obtain...

YouPHPTube 代码注入漏洞

YouPHPTube is a PHP-based video website system. YouPHPTube has a security vulnerability that originates from an administrator privileged user being able to write files on the file system using flags and code variables in file save.php...

PYSEC-2021-374

Cobbler before 3.3.0 allows arbitrary file write operations via uploadlogdata...

rConfig <= 3.9.6 Multiple Vulnerabilities

rConfig is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...