CVE-2024-1142

Path Traversal in Sonatype IQ Server from version 143 allows remote authenticated attackers to overwrite or delete files via a specially crafted request. Version 171 fixes this issue...

PT-2024-21009 · Delta Electronics · Diaenergie

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A path traversal attack is possible, allowing writes outside of the intended directory and potentially accessing sensitive information. If a file name i...

Sonatype IQ Server 安全漏洞

Sonatype IQ Server is an open source governance and policy management tool from Sonatype USA. It is used to provide compliance metadata for open source components stored in the Nexus repository. A security vulnerability exists in Sonatype IQ Server versions 143 through 170, which stems from the...

Path traversal

Path Traversal in Sonatype IQ Server from version 143 allows remote authenticated attackers to overwrite or delete files via a specially crafted request. Version 171 fixes this issue...

Apple macOS Monterey Security Vulnerability

Apple macOS Monterey is the 18th major release of Apple's macOS for the Macintosh desktop operating system. A security vulnerability exists in Apple macOS Monterey version 12.7.4, which stems from an application that may be able to overwrite arbitrary files...

CVE-2024-1142 Sonatype IQ Server - Path Traversal

Path Traversal in Sonatype IQ Server from version 143 allows remote authenticated attackers to overwrite or delete files via a specially crafted request. Version 171 fixes this issue...

PT-2024-16978 · Sonatype · Sonatype Iq Server

Name of the Vulnerable Software and Affected Versions: Sonatype IQ Server versions 143 through 170 Description: The issue allows remote authenticated attackers to overwrite or delete files via a specially crafted request. Recommendations: For Sonatype IQ Server versions 143 through 170, update to...

RHEL 8 : python-pip (RHSA-2024:0587)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0587 advisory. pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package...

RHEL 8 : python-pip (RHSA-2024:0374)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0374 advisory. pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package...

EulerOS 2.0 SP11 : python3 (EulerOS-SA-2023-2663)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote...

CVE-2023-23433

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file...

CVE-2023-49788 Improper handling of browser-side provided input in richdocuments path handling

Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server richdocumentscode is run without chroot sandboxing. Vulnerable versions of the richdocumentscode app can be susceptible to attac...

Dell DM5500 Path Traversal Vulnerability

The Dell DM5500 is an integrated solution from Dell, Inc. It provides industry-leading deduplication, data protection solutions and multi-cloud capabilities. The Dell DM5500 suffers from a path traversal vulnerability that stems from a failure to properly filter special elements in the path of a...

Fuji Electric Tellus Lite V-Simulator Improper Access Control Vulnerability

Fuji Electric Tellus Lite V-Simulator is a remote monitoring software for industrial environments developed by FujiElectric Japan, which is mainly used to collect real-time data from PLCs Programmable Logic Controllers, temperature controllers, inverters, and other devices. Fuji Electric Tellus...

CVE-2023-29069

A maliciously crafted DLL file can be forced to install onto a non-default location, and attacker can overwrite parts of the product with malicious DLLs. These files may then have elevated privileges leading to a Privilege Escalation vulnerability...

CVE-2023-5299

A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system...

CVE-2023-5299 Fuji Electric Tellus Lite V-Simulator Improper Access Control

A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system...

Race condition

An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial of service condition...

PT-2023-7204 · Nessus · Nessus

Name of the Vulnerable Software and Affected Versions: Nessus affected versions not specified Description: The issue is related to an arbitrary file write vulnerability. An authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus Rules variables to...

python: tarfile module directory traversal

A flaw was found in the Python tarfile module. Extracting a crafted TAR archive with the tarfile.extract or tarfile.extractall functions could lead to a directory traversal vulnerability, resulting in overwrite of arbitrary files...