GHSA-364Q-W7VH-VHPC OliveTin's unsafe parsing of UniqueTrackingId can be used to write files

When the saveLogs feature is enabled, OliveTin persists execution log entries to disk. The filename used for these log files is constructed in part from the user-supplied UniqueTrackingId field in the StartAction API request. This value is not validated or sanitized before being used in a file...

CVE-2025-61731

Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a...

CVE-2023-24484

A malicious user can cause log files to be written to a directory that they do not have permission to write to...

CVE-2020-3307

A vulnerability in the web UI of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to write arbitrary entries to the log file on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability...

CVE-2020-3307 Cisco Firepower Management Center Arbitrary Log File Write Vulnerability

A vulnerability in the web UI of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to write arbitrary entries to the log file on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability...

CVE-2020-3307 Cisco Firepower Management Center Arbitrary Log File Write Vulnerability

A vulnerability in the web UI of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to write arbitrary entries to the log file on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability...

SUSE-SU-2019:0805-1 Recommended update for adcli, sssd

This update for adcli and sssd provides the following improvement: Security vulnerability fixed: - CVE-2019-3811: Fix fallbackhomedir returning '/' for empty home directories bsc1121759 Other fixes: - Add an option to disable checking for trusted domains in the subdomains provider bsc1125617 -...

VMware AirWatch Console Security Bypass Vulnerability

VMware AirWatch is a console application for the VMware AirWatch Console, a suite of enterprise mobility management solutions from VMware. A security bypass vulnerability exists in VMware AirWatch Console version 9.x prior to 9.2.0. A remote attacker could exploit the vulnerability to write...

DEBIAN-CVE-2011-0017

The openlog function in log.c in Exim 4.72 and earlier does not check the return value from 1 setuid or 2 setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack...

CVE-2002-1869

Heysoft EventSave 5.1 and 5.2 and Heysoft EventSave+ 5.1 and 5.2 does not check whether the log file can be written to, which allows attackers to prevent events from being recorded by opening the log file using an application such as Microsoft's Event Viewer...