PT-2024-2363 · Ivanti · Ivanti Itsm

Name of the Vulnerable Software and Affected Versions: Ivanti ITSM versions prior to 2023.4 Description: The issue is related to an file upload vulnerability, which allows an authenticated remote user to perform file writes to the server. This can lead to the execution of commands in the context ...

The vulnerability of the ColdFusion software platform, related to deficiencies in access control, allows attackers to gain access to confidential information.

The vulnerability of the ColdFusion software platform is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to confidential information—specifically, to read and write files...

GHSA-M95H-P4GG-WFW3 Allegro AI ClearML path traversal vulnerability

A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user’s system when interacted with...

CVE-2024-0402

An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace...

CVE-2024-0402

An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace...

The vulnerability of the application server for managing Hitachi Tuning Manager storage resources allows a hacker to read and write arbitrary files.

The vulnerability of the Hitachi Tuning Manager application server for managing data storage resources is related to the default access rights settings. Exploiting this vulnerability could allow attackers to read and write certain files...

CVE-2023-6457

Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Windows Hitachi Tuning Manager server component allows local users to read and write specific files.This issue affects Hitachi Tuning Manager: before 8.8.5-04...

Hitachi Tuning Manager Security Vulnerability

Hitachi Tuning Manager is a performance tuning and monitoring tool provided by Hitachi, Japan. A security vulnerability exists in Hitachi Tuning Manager versions prior to 8.8.5-04, which stems from incorrect default permissions that allow local users to read and write specific files...

CVE-2023-44278

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a path traversal vulnerability. A local high privileged attacker could potentially exploit this vulnerability, to gain unauthorized read and write access to the OS files stored on the server...

OpenHarmony 安全漏洞

OpenHarmony is a kind of hongmeng operating system open source project. A security vulnerability exists in OpenHarmony prior to version v3.2.2, which can be exploited by an attacker to read and write arbitrary files via improper privilege saving...

Telit Cinterion BGS5 Security Vulnerability

Telit Cinterion BGS5 is a mobile communication module from Telit Communications Telit. A security vulnerability exists in the Telit Cinterion BGS5 that stems from a relative path traversal vulnerability that could allow a local, low-privilege attacker to gain read/write access to protected files ...

Telit Cinterion BGS5 Security Vulnerability

Telit Cinterion BGS5 is a mobile communication module from Telit Communications Telit. A security vulnerability exists in Telit Cinterion that originates from allowing an attacker with physical access privileges to gain read and write access to any file and directory on the target system. Affecte...

CVE-2023-43070

Dell SmartFabric Storage Software v1.4 and earlier contains a Path Traversal Vulnerability in the HTTP interface. A remote authenticated attacker could potentially exploit this vulnerability, leading to modify or write arbitrary files to arbitrary locations in the license container...

TorchServe Server-Side Request Forgery vulnerability

Impact Remote Server-Side Request Forgery SSRF Issue: TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and...

GHSA-7X97-J373-85X5 Electron vulnerable to out-of-package code execution when launched with arbitrary cwd

Impact Apps that are launched as command line executables are impacted. E.g. if your app exposes itself in the path as myapp --help Specifically this issue can only be exploited if the following conditions are met: Your app is launched with an attacker-controlled working directory The attacker ha...

Electron Code Injection Vulnerability

Electron is a personal developer of a user to write cross-platform desktop application JavaScript framework. The framework is based on nodejs and Chromium and can be used to write cross-platform desktop applications using HTML, CSS. Electron has a code injection vulnerability. An attacker can use...

CVE-2023-4480 Arbitrary File Read in Fusion File Manager

Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the system accessible within the privileges of the running process. Additionally, they may write fil...

VMware Aria Operations 路径遍历漏洞

VMware Aria Operations is a unified, artificial intelligence-driven, self-driving IT operations management platform for private, hybrid and multi-cloud environments from VMware. Aria Operations for Networks contains a security vulnerability that originated from an arbitrary file write...

The administration panel of the Ivanti Sentry integrated mobile security firewall has vulnerabilities. These vulnerabilities allow a intruder to modify configurations, execute system commands, or write files to the system.

The vulnerability of the administration panel of the Ivanti Sentry integrated mobile security gateway is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to modify configurations, execute system commands, or write files to the syst...

The vulnerability of Blink’s web page rendering mechanism in Google Chrome browser allows a hacker to read and write arbitrary files in the system.

The vulnerability of Blink’s web page rendering mechanism in Google Chrome browsers is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to read and write arbitrary files on the system using a specially crafted HTML page...