EulerOS 2.0 SP3 : keepalived (EulerOS-SA-2020-2123)

According to the version of the keepalived package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This...

cp when running with an option to preserve symlinks on multiple OSes allows local user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination.

...

CVE-2020-3130

A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP...

Input validation

A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP...

Mozilla Firefox Input Validation Error Vulnerability (CNVD-2020-55000)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. An input validation error vulnerability exists in Mozilla Firefox. The vulnerability originates from a network system or product that does not properly validate input data. A remote attacker could...

Microsoft OneDrive for Windows Elevation of Privilege Vulnerability (CNVD-2020-54061)

OneDrive is a file hosting service and synchronization service introduced by Microsoft as part of the Web version of Office. An elevation of privilege vulnerability exists in OneDrive for Windows. The vulnerability stems from the OneDrive for Windows desktop application not properly handling...

CVE-2020-11117

u'In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arbitrary content resulting in remote code execution.' in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018,...

CVE-2020-3478

A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an affected device. The vulnerability is due to insufficient authorization enforcement on an affected system...

CVE-2020-3365

A vulnerability in the directory permissions of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to perform a directory traversal attack on a limited set of restricted directories. The vulnerability is due to a flaw in the logic that governs directo...

Authorization

A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an affected device. The vulnerability is due to insufficient authorization enforcement on an affected system...

Directory traversal

A vulnerability in the directory permissions of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to perform a directory traversal attack on a limited set of restricted directories. The vulnerability is due to a flaw in the logic that governs directo...

Advantech iView NetworkServlet backupDatabase Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the backupDatabase method of the NetworkServlet class...

Input validation

A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. The vulnerability is due to improper validation of URL parameters that are sent from a website to the affected application. An attack...

CVE-2020-3519 Cisco Data Center Network Manager Path Traversal Vulnerability

A vulnerability in a specific REST API method of Cisco Data Center Network Manager DCNM Software could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the API. An attack...

CVE-2020-5912

In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the restjavad process's dump command does not follow current best coding practices and may overwrite arbitrary files...

F5 Networks BIG-IP : BIG-IP restjavad vulnerability (K12936322)

The restjavad process dump command does not follow current best coding practices and may overwrite arbitrary files.CVE-2020-5912 Impact A locally authenticated attacker may exploit this vulnerability by overwriting arbitrary files on the file system. C Tenable Network Security, Inc. The descripti...

CVE-2020-15650

Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings but not access the previous profile. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects...

CVE-2020-15650

Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings but not access the previous profile. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects...

Marked-tree path traversal vulnerability

Marked-tree is a Markdown viewer. A path traversal vulnerability exists in fs.readFile in the index.js file in marked-tree all versions, which stems from the program's failure to clean up paths, and can be exploited by an attacker to gain unauthorized access and overwrite or read arbitrary files...

The vulnerability of the CLI component of Cisco Enterprise NFV Infrastructure Software allows a attacker to gain access to the basic operating system and rewrite or read any files they desire.

The vulnerability of the CLI component of Cisco Enterprise NFV Infrastructure Software exists due to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a attacker to gain access to the underlying operating system and overwrite or read...