kubernetes: Incomplete fix for CVE-2019-1002101 allows for arbitrary file write via `kubectl cp`

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is...

Comodo Antivirus / Internet Security Multiple Vulnerabilities

The version of the Comodo security product installed on the remote Windows host is affected by multiple vulnerabilities: - A Local Privilege Escalation due to CmdAgent's handling of COM clients. A local process can bypass the signature check enforced by CmdAgent via process hollowing which can th...

Code execution vulnerability in zblog php system

zblogphp is an open source program. A code execution vulnerability exists in the zblogphp system. An attacker can exploit the vulnerability to write files and gain server privileges...

Comodo Security Solutions Antivirus Arbitrary File Write Vulnerability

Comodo Security Solutions Antivirus is a suite of antivirus software from the American company Comodo Security Solutions. The software is mainly used to protect against computer viruses, malware and other Internet threats. A security vulnerability exists in Comodo Security Solutions Antivirus...

b3log Wide Arbitrary File Read/Write Vulnerability

b3log Wide is a set of Web-based Go language integrated development environment IDE . An arbitrary file read/write vulnerability exists in versions of b3log Wide prior to 1.6.0, which can be exploited by an attacker to access arbitrary files...

CVE-2019-3970

Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Arbitrary File Write due to Cavwp.exe handling of Comodo's Antivirus database. Cavwp.exe loads Comodo antivirus definition database in unsecured global section objects, allowing a local low privileged process to modify this data direct...

CVE-2019-3970

Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Arbitrary File Write due to Cavwp.exe handling of Comodo's Antivirus database. Cavwp.exe loads Comodo antivirus definition database in unsecured global section objects, allowing a local low privileged process to modify this data direct...

Code injection

Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Arbitrary File Write due to Cavwp.exe handling of Comodo's Antivirus database. Cavwp.exe loads Comodo antivirus definition database in unsecured global section objects, allowing a local low privileged process to modify this data direct...

CVE-2019-3970

CVE-2019-3970 affects Comodo Antivirus up to 12.0.0.6810. The vulnerability arises from Cavwp.exe loading the antivirus definition database into unsecured global section objects, enabling a local, low-privileged process to modify the in-memory data and alter virus signatures. Impact described in ...

CVE-2019-3970

Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Arbitrary File Write due to Cavwp.exe handling of Comodo's Antivirus database. Cavwp.exe loads Comodo antivirus definition database in unsecured global section objects, allowing a local low privileged process to modify this data direct...

CVE-2019-10352

A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary fil...

CVE-2019-10352

A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary fil...

Path traversal

A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary fil...

EUVD-2022-5019

A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary fil...

CVE-2019-10352

A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary fil...

CVE-2019-10352

CVE-2019-10352 describes a path-traversal flaw in Jenkins core up to version 2.185 and LTS up to 2.176.1, in FileParameterValue.java, allowing attackers with Job/Configure permission to define a file parameter whose name escapes the intended directory. This can lead to arbitrary file writes on th...

File Write Vulnerability in Ziggy's Fortress

Zhejiang Qiji Technology Co., Ltd. is a company mainly engaged in computer hardware and software, network products, technology development and other projects. A file write vulnerability exists in Qiji Fortress, which can be exploited by an attacker to gain control of a web server...

Unspecified vulnerability in deepin-clone (CNVD-2019-23972)

deepin-clone is a disk and partition backup/recovery tool. A security vulnerability exists in deepin-clone versions prior to 1.1.3. An attacker can exploit the vulnerability to create or overwrite files at arbitrary locations on the file system...

Unspecified vulnerability in deepin-clone (CNVD-2019-23981)

deepin-clone is a disk and partition backup/recovery tool. A security vulnerability exists in deepin-clone versions prior to 1.1.3. An attacker can exploit the vulnerability to create or overwrite files anywhere on the file system...

CVE-2019-1894 Cisco Enterprise NFV Infrastructure Software Arbitrary File Read and Write Vulnerability

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker with administrator privileges to overwrite or read arbitrary files on the underlying operating system OS of an affected device. The vulnerability is due to improper input validation...