GHSA-WJW6-2CQR-J4QR Client metadata path-traversal

Impact In both clients tuf/client and tuf/ngclient, there is a path traversal vulnerability that in the worst case can overwrite files ending in .json anywhere on the client system on a call to getonevalidtargetinfo. It occurs because the rolename is used to form the filename, and may contain pat...

Directory traversal

Directory traversal in the Compress feature in Pydio Cells 2.2.9 allows remote authenticated users to overwrite personal files, or Cells files belonging to any user, via the format parameter...

CVE-2021-41323

CVE-2021-41323 concerns a directory traversal in the Compress feature of Pydio Cells 2.2.9. The issue allows remote authenticated users to overwrite personal files or others’ files via the format parameter. The vulnerability is documented with CVSS metrics (base score 6.5 CVSS-3.1; 4.0 CVSS-2.0) ...

Abstrium Pydio Cells 路径遍历漏洞

Abstrium Pydio Cells is a next-generation file sharing platform developed in the Go language by Abstrium France. A path traversal vulnerability exists in Pydio Cells 2.2.9, which allows a remote authenticated user to overwrite personal files or Cells files belonging to any user via the format...

Improper access control

A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system. This vulnerability is due to improper access controls on files within the local file system. An attacker could exploit this vulnerability by placi...

CVE-2021-41316

The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. An attacker with permissions to add or edit jobs run by this utility can inject an extra argument to overwrite arbitrary files as the root user on the Remote Collector...

CVE-2021-30738

A malicious application may be able to overwrite arbitrary files. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Mojave. An issue with path validation logic for hardlinks was addressed with improved path sanitization...

Cisco IOS XR 数据伪造问题漏洞

Cisco IOS XR is an operating system developed by Cisco for its network devices. A data forgery vulnerability exists in Cisco IOS XR Software that could allow an authenticated, remote attacker to overwrite and read files on an arbitrary local device...

KiteCMS 路径遍历漏洞

KiteCMS is a website CMS. A security vulnerability exists in KiteCMS 1.1.1, the source of which allows remote attackers to overwrite arbitrary files...

CVE-2021-1092

NVIDIA GPU Display Driver for Windows contains a vulnerability in the NVIDIA Control Panel application where it is susceptible to a Windows file system symbolic link attack where an unprivileged attacker can cause the applications to overwrite privileged files, resulting in potential denial of...

Advisory ROSA-SA-2021-1828

Software: emacs 24.3 OS: Cobalt 7.9 CVE-ID: CVE-2014-3421 CVE-Crit: CRITICAL CVE-DESC: lisp / gnus / gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files using a symbolic link attack on the temporary file /tmp/gnus.face.ppm. CVE-STATUS: default CVE-REV: defaul...

CVE-2021-35958

TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.getfile is used with extract=True. NOTE: the vendor's position is that tf.keras.utils.getfile is not intended for untrusted archives...

PT-2021-21079 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.1 Description: The issue allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get file is used with extract=True. It's noted that the vendor's position is that...

CVE-2020-4945

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5 could allow an authenticated user to overwrite arbirary files due to improper group permissions. IBM X-Force ID: 191945...

Input validation

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5 could allow an authenticated user to overwrite arbirary files due to improper group permissions. IBM X-Force ID: 191945...

Path traversal

A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files...

Vulnerability fixed in WhatsApp

A vulnerability has been fixed in the Android versions of WhatsApp and WhatsApp Business. It involves a path-traversal vulnerability which could potentially be exploited remotely to overwrite files used by WhatsApp. There few substantive details of the vulnerability have been made publicly...

PT-2021-3400 · Unknown · Spring Framework

Name of the Vulnerable Software and Affected Versions: Spring Framework versions 5.2.x prior to 5.2.15 Spring Framework versions 5.3.x prior to 5.3.7 Description: The issue is caused by privilege management errors in the Spring Framework platform. Exploitation of this issue may allow an attacker ...

DEBIAN-CVE-2020-28007

Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory owned by a non-root user, a symlink or hard link attack allows overwriting critical root-owned files anywhere on the filesystem...

CVE-2021-1256

A vulnerability in the CLI of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to overwrite files on the file system of an affected device by using directory traversal techniques. A successful exploit could cause system instability if important system files...