704 matches found
CVE-2022-22262
ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attacker can create an unexpected symbolic link to system file pat...
VulnCheck KEV: CVE-2020-14864
Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage function to get access to arbitrary system file...
CVE-2021-45442
A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security on prem only could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-2021-44024. Please note: an attacker must first obtain the...
CVE-2021-44024
A link following denial-of-service vulnerability in Trend Micro Apex One on-prem and SaaS and Trend Micro Worry-Free Business Security 10.0 SP1 and Services could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. Please note: an attacker must first obtain the ability t...
Unspecified Vulnerability in Huawei HarmonyOS (CNVD-2022-13181)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS 2.0, which stems from a samba server boundary overflow vulnerability in the system file management module...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS 2.0, which stems from a samba server boundary overflow vulnerability in the system file management module...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based distributed operating system. A security vulnerability exists in Huawei HarmonyOS, which stems from a samba server boundary overflow vulnerability in the system file management module. An...
Input validation
HwPCAssistant has a Improper Input Validation vulnerability.Successful exploitation of this vulnerability may create any file with the system app permission...
CVE-2021-44162
CVE-2021-44162 affects Chain Sea AI chatbot system. The root cause is a path traversal vulnerability in the file download function caused by improper filtering of special URL parameters, allowing an unauthenticated remote attacker to download arbitrary system files. Per the sources, this is a net...
Listary 安全漏洞
Listary is a revolutionary Windows search utility that allows regular and advanced users to quickly find files and launch applications. a security vulnerability exists in Listary, where if a user tries to access files on the system from Listary itself when Listary is configured as an administrato...
Vulnerability fixed in WIBU Codemeter Runtime
WIBU Systems has fixed a vulnerability in WIBU Codemeter Runtime. A local, authenticated malicious party could potentially exploit the vulnerability potentially exploit it to cause a denial-of-service cause, or manipulate data. The vulnerability can be exploited by creating a symbolic link using...
CVE-2021-42025
A vulnerability has been identified in Mendix Applications using Mendix 8 All versions V8.18.13, Mendix Applications using Mendix 9 All versions V9.6.2. Applications built with affected versions of Mendix Studio Pro do not properly control write access for certain client actions. This could allow...
CodeMeter 后置链接漏洞
PSSRCAPE is a transmission and distribution network protection simulation software. pssRE i is a power system simulation and analysis tool for transmission operation and planning. pssRODMS i is a transmission network modeling and analysis tool. sicam 230 is a scalable process control system for a...
CVE-2021-37127
There is a signature management vulnerability in some huawei products. An attacker can forge signature and bypass the signature check. During firmware update process, successful exploit this vulnerability can cause the forged system file overwrite the correct system file. Affected product version...
Design/Logic Flaw
There is a signature management vulnerability in some huawei products. An attacker can forge signature and bypass the signature check. During firmware update process, successful exploit this vulnerability can cause the forged system file overwrite the correct system file. Affected product version...
CVE-2021-37127
CVE-2021-37127 corresponds to a signature management vulnerability in Huawei iManager NetEco products. The issue allows forging a signature to bypass signature checks during firmware updates, potentially causing a forged system file to overwrite the legitimate one. Affected versions include iMana...
CVE-2021-0683
In runTraceIpcStop of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
Vulnerabilities fixed in Adobe Photoshop
Adobe has fixed vulnerabilities in Photoshop. A local malicious party could exploit the vulnerabilities to execute arbitrary code execute application privileges, or gain access to system files. Adobe has released updates to fix the vulnerabilities in Photoshop 2020 and 2021. For more information,...
CVE-2021-32463
An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One as a Service SaaS, Worry-Free Business Security 10.0 SP1 and Worry-Free Servgices could allow a local attacker to escalate privileges and delete files with system privileges on affected...
XML External Entitty (XXE)
silverstripe/framework is vulnerable to XML external entity XXE attacks. The loading of external entities and DTDs are not disabled and allows an attacker to perform server-side request forgery SSRF attacks or retrieve confidential system files via a malicious XML document...