CVE-2019-1952

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid administrator privilege-level credentials. This vulnerability is due to improper input validation of CL...

Directory traversal

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid administrator privilege-level credentials. This vulnerability is due to improper input validation of CL...

Cisco Adaptive Security Appliance Software Input Validation Error Vulnerability (CNVD-2020-16479)

Cisco Adaptive Security Appliances Software ASA Software is a set of firewalls and network security platforms from the U.S. company Cisco Cisco. The platform provides highly secure access to data and network resources and other features. An input validation error vulnerability exists in the smart...

EulerOS 2.0 SP8 : gimp (EulerOS-SA-2019-1761)

According to the version of the gimp package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - GIMP through 2.10.2 makes ggettmpdir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by th...

CVE-2019-12571

A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v0.9.8 beta build 02099 for macOS could allow an authenticated, local attacker to overwrite arbitrary files. When the client initiates a connection, the XML /tmp/pia-watcher.plist file is created. If the file exists,...

Design/Logic Flaw

A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v0.9.8 beta build 02099 for macOS could allow an authenticated, local attacker to overwrite arbitrary files. When the client initiates a connection, the XML /tmp/pia-watcher.plist file is created. If the file exists,...

Design/Logic Flaw

A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v82 for Linux and macOS could allow an authenticated, local attacker to overwrite arbitrary files. The openvpnlauncher binary is setuid root. This binary supports the --log option, which accepts a path as an argument...

EulerOS 2.0 SP5 : gimp (EulerOS-SA-2019-1675)

According to the version of the gimp packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - GIMP through 2.10.2 makes ggettmpdir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by t...

Security Bulletin: Multiple Db2 vulnerabilities affect the IBM Spectrum Protect Server

Summary The IBM Spectrum Protect formerly Tivoli Storage Manager Server is affected by multiple IBM Db2 vulnerabilities that could allow local users to overwrite files owned by the Db2 instance owner, execution of arbitrary code on the system, or an elevation of privileges. UPDATED 1/16/2019:...

CVE-2019-12779

libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames under /dev/shm and /tmp without OEXCL...

CVE-2019-12779

libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames under /dev/shm and /tmp without OEXCL...

pulp: Improper path parsing leads to overwriting of iso repositories

A path traversal flaw was found in the ISO repository plugin for pulp. An attacker, with access to a repository feeding pulp can carefully craft his repository to overwrite arbitrary files owned by the Apache webserver...

Input Validation

RubyGems is vulnerable to input validation errors. A remote, unauthenticated attacker could create a specially crafted RubyGem that, when installed by the target user, will allow the attacker to overwrite arbitrary files on the target system...

pulp: Improper path parsing leads to overwriting of iso repositories

A path traversal flaw was found in the ISO repository plugin for pulp. An attacker, with access to a repository feeding pulp can carefully craft his repository to overwrite arbitrary files owned by the Apache webserver...

Directory Traversal

Apache Karaf is vulnerable to directory traversal. The vulnerability exists as it does not prevent the use of relative path in the installation of the config service or MBean, allowing an attacker to overwrite existing files...

CVE-2019-6616

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, administrative users with TMSH access can overwrite critical system files on BIG-IP which can result in bypass of whitelist / blacklist restrictions enforced by appliance mode...

CVE-2019-1725

A vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B-Series Blade Servers could allow an authenticated, local attacker to overwrite an arbitrary file on disk. It is also possible the attacker could inject CLI command parameters that should not be...

CVE-2018-17955

In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection...

openSUSE: Security Advisory for supportutils (openSUSE-SU-2019:0293-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Code injection

Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supplog, allowing local attackers to overwrite files on systems without symlink protection...