Drupal 7.x < 7.75 / 8.x < 8.8.12 / 8.9.x < 8.9.10 / 9.0.x < 9.0.9 Multiple Vulnerabilities (SA-CORE-2020-013)

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.75, 8.x prior to 8.8.12, 8.9.x prior to 8.9.10, or 9.0.x prior to 9.0.9. It is, therefore, affected by multiple vulnerabilities: - ArchiveTar through 1.4.10 allows an unserialization...

CVE-2020-26078

A vulnerability in the file system of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API request...

CVE-2020-26078

A vulnerability in the file system of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API request...

CVE-2020-26078 Cisco IoT Field Network Director File Overwrite Vulnerability

A vulnerability in the file system of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API request...

CVE-2020-26078

The CVE-2020-26078 issue affects Cisco IoT Field Network Director (FND). Affected products: FND versions prior to 4.6.1. Root cause: insufficient file system protections allowing an authenticated, remote attacker to overwrite files via crafted API requests. Impact: potential file overwrites on th...

CVE-2020-26078 Cisco IoT Field Network Director File Overwrite Vulnerability

A vulnerability in the file system of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API request...

Code injection

Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code...

CVE-2020-15708

Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code...

Path Traversal

file-roller is vulnerable to path traversal. An attacker is able to overwrite arbitrary files during archive extraction using ../ characters in a filename in a TAR archive...

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2020-2376)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apple macOS Catalina Arbitrary File Overwrite Vulnerability

Apple macOS Catalina is a specialized operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS Catalina versions prior to 10.15.2, which stems from a parsing issue when handling directory paths. An attacker can exploit the vulnerability to...

CVE-2020-9782

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A remote attacker may be able to overwrite existing files...

CVE-2020-9782

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A remote attacker may be able to overwrite existing files...

CVE-2020-3915

A path handling issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to overwrite arbitrary files...

CVE-2020-16877

An elevation of privilege vulnerability exists when Microsoft Windows improperly handles reparse points. An attacker who successfully exploited this vulnerability could overwrite or delete a targeted file that would normally require elevated permissions. To exploit this vulnerability, an attacker...

TYPO3 Input Validation Error Vulnerability (CNVD-2021-26151)

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. An input validation error vulnerability exists in TYPO3 that originates from a network system or product that does not properly validate incoming data. A remote attacker could exploit the...

CVE-2020-3597

A vulnerability in the configuration restore feature of Cisco Nexus Data Broker software could allow an unauthenticated, remote attacker to perform a directory traversal attack on an affected device. The vulnerability is due to insufficient validation of configuration backup files. An attacker...

CVE-2020-21522

An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and finally get the permissions of the operating system...

CVE-2020-21522

An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and finally get the permissions of the operating system...

Huawei EulerOS: Security Advisory for keepalived (EulerOS-SA-2020-2123)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...