7249 matches found
MGASA-2019-0249 Updated sigil packages fix security vulnerability
Updated sigil package fixes security vulnerability: Mike Salvatore discovered that Sigil mishandled certain malformed EPUB files. An attacker could use this vulnerability to write arbitrary files to the filesystem CVE-2019-14452...
MGASA-2019-0250 Updated mercurial packages fix security vulnerability
It was discovered that Mercurial mishandled symlinks in subrepositories. An attacker could use this vulnerability to write arbitrary files to the target’s filesystem CVE-2019-3902...
USN-4123-1 npm/fstream vulnerability
It was discovered that npm/fstream incorrectly handled certain crafted tarballs. An attacker could use this vulnerability to write aritrary files to the filesystem...
OPENSUSE-SU-2019:2050-1 Security update for httpie
This update for httpie fixes the following issues: httpie was updated to version 1.0.3: Fix CVE-2019-10751 HTTPie is volnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a...
UBUNTU-CVE-2019-11246
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.1 jenkins security update
An update for jenkins is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
DEBIAN-CVE-2019-10751
All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control...
UBUNTU-CVE-2019-10751
All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control...
CVE-2019-10751
All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control...
PYSEC-2019-23
All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control...
PYSEC-2019-23
All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control...
CVE-2019-10751
All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control...
CVE-2019-10751
All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control...
Jspxcms has an arbitrary file write vulnerability
Jspxcms is a scalable enterprise-class open source web content management system CMS. Jspxcms has an arbitrary file write vulnerability that can be exploited by attackers to gain server privileges...
PYSEC-2019-106
NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ dot dot slash in an NLTK package ZIP archive that is mishandled during extraction...
PYSEC-2019-36
NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ dot dot slash in an NLTK package ZIP archive that is mishandled during extraction...
PYSEC-2019-106
NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ dot dot slash in an NLTK package ZIP archive that is mishandled during extraction...
CVE-2019-1984 Cisco Enterprise Network Functions Virtualization Infrastructure Software Arbitrary File Write Vulnerability
A vulnerability in Cisco Enterprise Network Functions Virtualization Infrastructure Software NFVIS could allow an authenticated, remote attacker with administrator privileges to overwrite files on the underlying operating system OS of an affected device. The vulnerability is due to improper input...
CVE-2019-1984 Cisco Enterprise Network Functions Virtualization Infrastructure Software Arbitrary File Write Vulnerability
A vulnerability in Cisco Enterprise Network Functions Virtualization Infrastructure Software NFVIS could allow an authenticated, remote attacker with administrator privileges to overwrite files on the underlying operating system OS of an affected device. The vulnerability is due to improper input...
CVE-2019-12622
A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging i...