CVE-2023-28483

An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration setting. GSQL querie...

net-snmp: NULL Pointer Exception when handling ipDefaultTTL

A vulnerability was found in Net-SNMP. This issue occurs because the handleipDefaultTTL function in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP has a NULL Pointer Exception flaw that allows a remote attacker who has to write access to cause the instance to crash via a crafted UDP packet,...

SUSE CVE-2004-0426

rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path...

SUSE CVE-2014-9356

Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an 1 image or 2 build in a Dockerfile...

SUSE CVE-2014-9447

Directory traversal vulnerability in the readlongnames function in libelf/elfbegin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / slash in a crafted archive, as demonstrated using the ar program...

SUSE CVE-2014-9512

rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path...

SUSE CVE-2015-1038

p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive...

SUSE CVE-2015-1194

pax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archive...

SUSE CVE-2015-1196

GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file...

SUSE CVE-2015-1395

Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. dot dot in a diff file name...

SUSE CVE-2015-7662

Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allow remote attackers to bypass intended access restrictions and writ...

SUSE CVE-2015-8860

The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive...

SUSE CVE-2016-9958

game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations...

SUSE CVE-2018-6062

Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page...

SUSE CVE-2018-19623

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain negative values...

handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet resulting in Denial of Service.

...

ALPINE-CVE-2022-44792

handleipDefaultTTL in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker who has write access to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service...

CVE-2022-36990

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products. An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from...

CVE-2021-30028

SOOTEWAY Wi-Fi Range Extender v1.5 is affected by an authorization issue caused by default admin credentials for the TELNET service, enabling remote erasure/reading/writing of firmware. Impact: unauthorized firmware access and modification. Root cause: use of default admin password for TELNET. Af...

Input validation

Dell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Handling of Insufficient Permissions vulnerability. An remote malicious user could potentially exploit this vulnerability, leading to gaining write permissions on read-only files...