Astra Linux - уязвимость в rsync

A vulnerability was discovered in rsync prior to version 3.2.5. This vulnerability allows malicious remote servers to write arbitrary files into the directories of connecting peers. The server determines which files/directories are sent to the client. However, the rsync client lacks sufficient...

EUVD-2026-25944

OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote attackers to write arbitrary files. Attackers can exploit this by uploading tar archives containing symlinks to escape the sandbox and overwrite files on the remote host...

PT-2026-20754

Dell Unisphere for PowerMax, versions 10.2, contains an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files...

MiracleLinux 8 : curl-7.61.1-14.el8 (AXSA:2021-1144:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1144:01 advisory. curl: Incorrect argument check can allow remote servers to overwrite local files CVE-2020-8177 Tenable has extracted the preceding description block directly...

SUSE CVE-2025-68920

C-Kermit aka ckermit through 10.0 Beta.12 aka 416-beta12 before 244644d allows a remote Kermit system to overwrite files on the local system, or retrieve arbitrary files from the local system...

UBUNTU-CVE-2025-68920

C-Kermit aka ckermit through 10.0 Beta.12 aka 416-beta12 before 244644d allows a remote Kermit system to overwrite files on the local system, or retrieve arbitrary files from the local system...

CVE-2025-68398

Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue...

CVE-2025-68398

Weblate is affected by a remote Git configuration overwrite vulnerability in versions prior to 5.15.1. The issue allows an attacker to overwrite Git config remotely and override behavior, with SNYK detailing an Arbitrary File Upload via GIT_SSH_COMMAND that can lead to remote code execution; Red ...

Weblate 代码问题漏洞

Weblate is a Copyleft open source web-based continuous localization system for free software. A code issue vulnerability exists in Weblate versions prior to 5.15.1 that stems from being able to remotely overwrite Git configuration...

PT-2025-52375

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.15.1 Description Weblate is a web-based localization tool. Versions prior to 5.15.1 allowed remote overwriting of the Git configuration, potentially overriding its behavior. This could lead to remote code execution...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2020-12062)

The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the...

EUVD-2010-3099

Malware in sbrugna...

CVE-2025-26356

A CWE-35 "Path Traversal" in maxtime/api/database/database.lua setActive endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests...

CVE-2024-36492

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5, 9.8.x = 9.8.1 fail to disallow the modification of local users when syncing users in shared channels. which allows a malicious remote to overwrite an existing local user...

CVE-2024-36492

Mattermost Server CVE-2024-36492 affects versions 9.9.x ≤ 9.9.0, 9.5.x ≤ 9.5.6, 9.7.x ≤ 9.7.5, and 9.8.x ≤ 9.8.1. The vulnerability is a failure to disallow modification of local users when syncing users in shared channels, enabling a malicious remote to overwrite an existing local user. No explo...

PT-2024-5048 · Unknown · Deepjavalibrary

Name of the Vulnerable Software and Affected Versions: DeepJavaLibraryDJL versions 0.1.0 through 0.27.0 Description: The issue is related to the incorrect restriction of the directory path name with limited access. This can allow a remote attacker to overwrite system files. The estimated number o...

SUSE CVE-2006-3178

Directory traversal vulnerability in extractchmLib example program in CHM Lib chmlib before 0.38 allows remote attackers to overwrite arbitrary files via a CHM archive containing files with a .. dot dot in their filename...

SUSE CVE-2010-0012

Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. dot dot in a pathname within a .torrent file...

SUSE CVE-2010-2452

Directory traversal vulnerability in the DCC functionality in KVIrc 3.4 and 4.0 allows remote attackers to overwrite arbitrary files via unknown vectors...

SUSE CVE-2014-5120

gdctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the 1 imagegd, 2 imagegd2, 3 imagegif, 4 imagejpeg, 5...