Paessler PRTG Network Monitor Command Injection Vulnerability

Paessler PRTG Network Monitor is a full-featured network monitoring and management software from Paessler, Germany. A command injection vulnerability exists in Paessler PRTG Network Monitor version 23.2.83.1760, which stems from command line parameter injection and undocumented debug feature flag...

SUSE CVE-2017-0359

diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive...

SUSE CVE-2020-6490

Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page...

SUSE CVE-2022-45417

Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not have persisted them in a state where they would run again, but it would have leaked Private...

CVE-2022-31004 Potential secrets being logged to disk in CVE Services

CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If this method were call...

Virtuozzo Hybrid Infrastructure 4.6 Update 1

This update provides new features, as well as bug fixes and improvements. Vulnerability id: VSTOR-45315 The MDS service may be unstable under a high load condition. Vulnerability id: VSTOR-43126 A deadlock is possible between atomic and non-atomic commands in the iSCSI kernel module. Vulnerabilit...

CVE-2021-33576

An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk...

chromium-browser: Insufficient data validation in loader

Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page...

DEBIAN-CVE-2020-6490

Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page...

UBUNTU-CVE-2020-6490

Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page...

CVE-2020-6490

Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page...

Code injection

FireGPG before 0.6 handle user’s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users’s private key...

kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence

A flaw was found in the Linux kernel's NFS implementation. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the...

kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence

A flaw was found in the Linux kernel's NFS implementation. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the...

CVE-2019-5601

In FreeBSD 12.0-STABLE before r347474, 12.0-RELEASE before 12.0-RELEASE-p7, 11.2-STABLE before r347475, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the FFS implementation causes up to three bytes of kernel stack memory to be written to disk as uninitialized directory entry padding...

DEBIAN-CVE-2017-0359

diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive...

CVE-2017-0359

diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive...

Kimai v0.9.2 'db_restore.php' SQL Injection Vulnerability

Exploit for php platform in category remote exploits require 'msf/core' class Metasploit3 "Kimai v0.9.2 'dbrestore.php' SQL Injection", 'Description' = %q This module exploits a SQL injection vulnerability in Kimai version 0.9.2.x. The 'dbrestore.php' file allows unauthenticated users to execute...

Amazon Linux AMI : kernel (ALAS-2012-34)

The Linux kernel before 3.2.2 does not properly restrict SGIO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to 1 a partition block device or 2 an LVM volume. C Tenable Network Security, Inc. The descriptive text a...

CVE-2011-4127

The Linux kernel before 3.2.2 does not properly restrict SGIO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to 1 a partition block device or 2 an LVM volume...