GTKWave out-of-bounds write vulnerability (CNVD-2024-04854)

GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. An out-of-bounds write vulnerability exists in GTKWave version 3.3.115, which can be exploited by an attacker to cause arbitrary code execution via a specially crafted .lxt2 file...

CVE-2023-37282

An out-of-bounds write vulnerability exists in the VZT LZMARead dmem extraction functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability...

CVE-2023-39234

Multiple out-of-bounds write vulnerabilities exist in the VZT vztrdprocessblock autosort functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns...

PT-2023-31629 · Mindsdb · Mindsdb

Name of the Vulnerable Software and Affected Versions: MindsDB versions prior to 23.11.4.1 Description: The issue concerns a path injection vulnerability in the put method of mindsdb/mindsdb/api/http/namespaces/file.py. This vulnerability allows arbitrary file contents to be written due to the la...

The vulnerability of the Titan SFTP and Titan MFT NextGen server software lies in the improper restriction on the path name to the restricted directory. This allows attackers to write files to any location within the file system.

The vulnerability of the Titan SFTP and Titan MFT NextGen server software lies in improper restrictions on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to write files to any location within the file system...

The vulnerability of the Suricata intrusion detection and prevention system arises from an improper limitation on the path name to the restricted access catalog. This allows intruders to write arbitrary files into the file system.

The vulnerability of the Suricata intrusion detection and prevention system lies in the incorrect restriction on the path name to the restricted-access catalog. Exploiting this vulnerability allows a malicious actor to write arbitrary files into the file system...

The vulnerability of the Siemens RUGGEDCOM CROSSBOW access control system lies in the lack of authentication for a critical function, allowing attackers to write arbitrary files into the file system.

The vulnerability of the Siemens RUGGEDCOM CROSSBOW access control system lies in the absence of authentication for a critical function. Exploiting this vulnerability could allow an attacker, operating remotely, to write arbitrary files to the file system...

CVE-2023-35081

A path traversal vulnerability in Ivanti EPMM versions 11.10.x 11.10.0.3, 11.9.x 11.9.1.2 and 11.8.x 11.8.1.2 allows an authenticated administrator to write arbitrary files onto the appliance...

CVE-2023-35081

A path traversal vulnerability in Ivanti EPMM versions 11.10.x 11.10.0.3, 11.9.x 11.9.1.2 and 11.8.x 11.8.1.2 allows an authenticated administrator to write arbitrary files onto the appliance...

Ivanti EPMM Path Traversal Vulnerability

Ivanti EPMM is a mobile management software engine from Ivanti Corporation. A path traversal vulnerability exists in Ivanti EPMM versions prior to 11.10.0.3, prior to 11.9.1.2, and prior to 11.8.1.2, which could allow an authenticated administrator to write arbitrary files to the device...

Trend Micro Apex One 安全漏洞

Trend Micro Apex One is an endpoint protection software from Trend Micro. An elevation of privilege vulnerability exists in Trend Micro Apex One, which can be exploited by a local attacker to elevate privileges and write arbitrary values to specific entries on an affected installation...

Directory traversal

Directory traversal can occur in the Basecamp com.basecamp.bc3 application before 4.2.1 for Android, which may allow an attacker to write arbitrary files in the application's private directory. Additionally, by using a malicious intent, the attacker may redirect the server's responses containing...

Synology DiskStation Manager 代码问题漏洞

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology, a Chinese company. This operating system manages information such as data, files, photos, music, and more. A code issue vulnerability previously existed in Synology DiskStation Manager...

CVE-2023-32203 Horner Automation Cscape Out-of-bounds Write

Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files e.g., HMI. This could lead to an out-of-bounds write at CScapeEnvisionRV+0x2e374b. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the saveAs...

The vulnerability of the RAID Agent component of the Hitachi Ops Center Analyzer software, which allows a hacker to read and write arbitrary files.

The vulnerability of the RAID Agent component of the Hitachi Ops Center Analyzer software for data analysis and processing is related to incorrect default permissions. Exploiting this vulnerability could allow attackers to read and write arbitrary files...

CVE-2022-22582

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5, macOS Monterey 12.3. A local user may be able to write arbitrary files...

SUSE CVE-2010-2783

IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services...

SUSE CVE-2012-5376

The Inter-process Communication IPC implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging access to a renderer process, a different vulnerability than CVE-2012-5112...

CVE-2023-23696

Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain an Improper Authorization vulnerability. A locally authenticated malicious users could potentially exploit this vulnerability in order to write arbitrary files to the system...