Lucene search
+L

231 matches found

Cloud Foundry
Cloud Foundry
added 2022/05/23 12:0 a.m.39 views

USN-5378-1: Gzip vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Cleemy Desu Wayo discovered that Gzip incorrectly handled certain filenames. If a user or automated system were tricked into performing zgrep operations with specially crafted filenames, a remote attacker...

8.8CVSS9.1AI score0.04271EPSS
Exploits0Affected Software3
OSV
OSV
added 2022/05/17 5:17 a.m.9 views

GHSA-6GX4-29V9-G9Q5 MoinMoin Multiple vulnerable to directory traversal

Multiple directory traversal vulnerabilities in the 1 twikidraw action/twikidraw.py and 2 anywikidraw action/anywikidraw.py actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged wi...

5.3CVSS7.1AI score0.18563EPSS
Exploits2References12
OSV
OSV
added 2022/04/13 12:45 p.m.3 views

USN-5378-2 xz-utils vulnerability

Cleemy Desu Wayo discovered that XZ Utils incorrectly handled certain filenames. If a user or automated system were tricked into performing xzgrep operations with specially crafted filenames, a remote attacker could overwrite arbitrary files...

8.8CVSS6.9AI score0.04271EPSS
Exploits0References2
OSV
OSV
added 2022/04/13 12:37 p.m.2 views

USN-5378-1 gzip vulnerability

Cleemy Desu Wayo discovered that Gzip incorrectly handled certain filenames. If a user or automated system were tricked into performing zgrep operations with specially crafted filenames, a remote attacker could overwrite arbitrary files...

8.8CVSS6.9AI score0.04271EPSS
Exploits0References2
OSV
OSV
added 2022/02/26 5:15 a.m.6 views

CVE-2022-25359

On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote attackers can overwrite, delete, or create files...

9.1CVSS5.8AI score0.37295EPSS
Exploits5References2
BDU FSTEC
BDU FSTEC
added 2021/06/25 12:0 a.m.8 views

The vulnerability of IBM DB2 database management systems, including IBM DB2 Connect, stems from privilege management errors, allowing attackers to overwrite arbitrary files.

The vulnerability of IBM DB2 database management systems and IBM DB2 Connect is related to privilege management errors. Exploiting this vulnerability can allow a malicious actor to re-record arbitrary files remotely...

6.8CVSS7AI score0.0104EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2021/04/22 12:25 a.m.25 views

CVE-2021-29465 Remote file overwrite on discord-recon can result in DoS and Remote Code Execution

Discord-Recon is a bot for the Discord chat service. Versions of Discord-Recon 0.0.3 and prior contain a vulnerability in which a remote attacker is able to overwrite any file on the system with the command results. This can result in remote code execution when the user overwrite important files ...

8.3CVSS10AI score0.01958EPSS
Exploits0References1
CNVD
CNVD
added 2021/03/25 12:0 a.m.8 views

Unspecified Vulnerability in MikroTik RouterOS

MikroTik RouterOS is a Linux-based router operating system developed by the Latvian company MikroTik. The system can be deployed in a PC to enable it to provide router functionality. A security vulnerability exists in MikroTik RouterOS version 6.47.9 that allows remote authenticated ftp users to...

8.5CVSS6.6AI score0.04494EPSS
Exploits1References1
OSV
OSV
added 2021/01/21 5:15 p.m.24 views

CVE-2020-8570

Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process...

9.1CVSS6.8AI score
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2020/12/23 12:0 a.m.7 views

The vulnerability of the REST API implementation of the network management system’s data center management module allows a attacker to re-record any files on the device.

The vulnerability of the REST API interface of the Cisco Data Center Network Manager DCNM system is related to errors in processing input data. Exploiting this vulnerability allows an attacker to re-record any files on the device remotely...

5.5CVSS6.2AI score0.00969EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2020/12/15 2:37 p.m.5 views

curl: Incorrect argument check can allow remote servers to overwrite local files

A flaw was found in curl. Overwriting local files is possible when using a certain combination of command line options. Requesting content from a malicious server could lead to overwriting local files with compromised files leading to unknown effects. The highest threat from this vulnerability is...

7.8CVSS7.1AI score0.01236EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2020/11/05 12:0 a.m.22 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2020-2456)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8AI score0.01236EPSS
Exploits1References2
OSV
OSV
added 2020/10/27 9:15 p.m.6 views

CVE-2020-9782

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A remote attacker may be able to overwrite existing files...

7.5CVSS6.3AI score0.01241EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/09/11 12:0 a.m.9 views

The vulnerability of Cisco Enterprise NFV Infrastructure Software (NFVIS) relates to incorrect path name restrictions for access-limited directories, allowing a perpetrator to re-record arbitrary files in the operating system of the vulnerable device.

The vulnerability of Cisco Enterprise NFV Infrastructure Software NFVIS is related to incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor to re-record any files in the operating system of the vulnerable device remotely...

4.3CVSS6.6AI score0.01612EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2020/06/18 12:0 a.m.4 views

Cisco UCS Director Path Traversal Vulnerability (CNVD-2020-34295)

Cisco UCS Director is a heterogeneous platform for private cloud Infrastructure as a Service IaaS from Cisco. A path traversal vulnerability exists in the orchestration task in Cisco UCS Director Releases prior to 6.7.4.0, where the program fails to adequately validate user-submitted input. A...

8.5CVSS6.9AI score0.01982EPSS
Exploits0References1
OSV
OSV
added 2020/01/27 9:15 a.m.8 views

CVE-2018-12476

Relative Path Traversal vulnerability in obs-service-tarscm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise...

7.5CVSS5.8AI score0.01026EPSS
Exploits0References1
CNVD
CNVD
added 2018/07/26 12:0 a.m.5 views

Cisco SD-WAN Solution Remote File Overwrite Vulnerability

Cisco vBond Orchestrator Software are products of Cisco. vBond Orchestrator Software is a set of security network extension management software. vEdge 100 Series Routers is a 100 series router product. SD-WAN Solution is a set of network extension solutions running on it. A remote file overwrite...

10CVSS9.3AI score0.03046EPSS
Exploits0References1
EUVD
EUVD
added 2018/06/07 1:0 p.m.4 views

EUVD-2018-4007

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name...

7.5CVSS7.8AI score0.07343EPSS
Exploits1References16
OSV
OSV
added 2018/01/23 1:29 a.m.4 views

CVE-2017-16605

This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

6.5CVSS5.9AI score0.02436EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2018/01/23 1:29 a.m.4 views

CVE-2017-16601

This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

6.5CVSS6AI score0.02264EPSS
Exploits0References2
Rows per page
Query Builder