1458 matches found
Apple Security Advisory 03-31-2025-2
Apple Security Advisory 03-31-2025-2 - Xcode 16.3 addresses issues where a malicious app could access private information or overwrite arbitrary files...
hornetq-core-client: Arbitrarily overwrite files or access sensitive information
A flaw was found in the createTempFile method of hornetq. Affected version of hornetq allows attackers to arbitrarily overwrite files or access sensitive information...
Hewlett Packard Enterprise Aruba Networking Virtual Intranet Access 安全漏洞
Hewlett Packard Enterprise Aruba Networking Virtual Intranet Access HPE Aruba Networking VIA is a Hewlett Packard Enterprise solution for remote workers and Hewlett Packard Enterprise Aruba Networking VIA is part of Hewlett Packard Enterprise's remote networking solution for remote workers and...
Medium: python-pip
Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...
Medium: python3.11-pip
Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...
Aim External Control of File Name or Path vulnerability
A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the tarfile.extractall function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control repo.path and runhash to bypass directory existence checks and...
Aim 安全漏洞
Aim is an easy-to-use and high-performance open source experiment tracker from Aim Open Source USA. A security vulnerability exists in Aim version 3.19.3, which stems from an unvalidated path to the tarfile.extractall function and could lead to arbitrary file extraction and overwriting...
CVE-2025-20119
CVE-2025-20119 references describe a vulnerability in the Cisco APIC system responsible for handling system file permissions. The root cause is a race condition during system-file operations, which an authenticated, local attacker with valid administrative credentials could exploit to overwrite c...
RaspberryMatic unauthenticated Remote Code Execution vulnerability through HMServer File Upload.
RaspberryMatic / OCCU contains a unauthenticated remote code execution RCE vulnerability, caused by multiple issues within the Java based HMIPServer.jar component. The webui allows for Firmware uploads which can be reached through the URL /pages/jpages/system/DeviceFirmware/addFirmware. This allo...
Security update for google-osconfig-agent
This update for google-osconfig-agent fixes the following issues: CVE-2024-45339: github.com/golang/glog: a privileged process' log file path can be easily predicted and used to overwrite other sensitive files in a system. bsc1236560 Patch Instructions: To install this SUSE update use the SUSE...
hornetq-core-client: Arbitrarily overwrite files or access sensitive information
A flaw was found in the createTempFile method of hornetq. Affected version of hornetq allows attackers to arbitrarily overwrite files or access sensitive information...
CVE-2025-26354
A CWE-35 "Path Traversal" in maxtime/api/database/database.lua copy endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests...
CVE-2025-26349
A CWE-23 "Relative Path Traversal" in the file upload mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite arbitrary files via crafted HTTP requests...
Q-Free MAXTIME Suite 安全漏洞
Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions. An attacker could exploit the vulnerability to overwrite sensitive files via a specially crafted HTTP request...
Dell PowerProtect Data Domain 安全漏洞
DELL PowerProtect DD is a family of data protection storage appliances from Dell, built on the Data Domain platform and designed for enterprise-level users. The DELL PowerProtect DD suffers from a path traversal vulnerability that can be exploited by an attacker to illegally overwrite operating...
Contec Health CMS8000 Patient Monitor 安全漏洞
Contec Health CMS8000 Patient Monitor is a vital signs patient monitor from Contec Japan. A security vulnerability exists in the Contec Health CMS8000 Patient Monitor. An attacker could exploit the vulnerability to upload and overwrite files on the device...
CVE-2024-45672
IBM Security Verify Bridge 1.0.0 through 1.0.15 could allow a local privileged user to overwrite files due to excessive privileges granted to the agent. which could also cause a denial of service...
hornetq-core-client: Arbitrarily overwrite files or access sensitive information
A flaw was found in the createTempFile method of hornetq. Affected version of hornetq allows attackers to arbitrarily overwrite files or access sensitive information...
PT-2025-49806
Name of the Vulnerable Software and Affected Versions Robocode version 1.9.3.6 Description An insecure temporary file creation issue exists in the AutoExtract component. The createTempFile method does not securely create temporary files, potentially allowing attackers to exploit race conditions...
The vulnerability of the Nix packet manager in Unix operating systems arises from improper restrictions on the path name of the restricted access directory. This allows a malicious user to re-record any files in the system.
The vulnerability of the Nix packet manager in Unix operating systems is related to an improper limitation on the path name of the restricted access directory. Exploiting this vulnerability allows a remote attacker to re-record any files in the system...