Lucene search
K

178 matches found

RedHat Linux
RedHat Linux
added 2021/05/11 12:43 p.m.3 views

kernel: SCSI target (LIO) write to any block on ILO backstore

A flaw was found in the Linux kernel’s implementation of the Linux SCSI target host, where an authenticated attacker could write to any block on the exported SCSI device backing store. This flaw allows an authenticated attacker to send LIO block requests to the Linux system to overwrite data on t...

8.1CVSS6.8AI score0.06563EPSS
Exploits0References4
OSV
OSV
added 2021/04/09 6:15 p.m.3 views

CVE-2021-25361

An improper access control vulnerability in stickerCenter prior to SMR APR-2021 Release 1 allows local attackers to read or write arbitrary files of system process via untrusted applications...

8.8CVSS5.9AI score0.00167EPSS
Exploits0References2
OSV
OSV
added 2021/03/24 8:15 p.m.3 views

CVE-2021-1385

A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write files on the underlying operating system or host system. This vulnerability occurs because the devic...

6.5CVSS7AI score0.02671EPSS
Exploits1References2
CNNVD
CNNVD
added 2020/12/30 12:0 a.m.6 views

Umbraco 路径遍历漏洞

Umbraco is an open source content management system CMS based on ASP.NET technology. A path traversal vulnerability exists in Umbraco 8.9.1 and earlier versions during package installation. An attacker can use this vulnerability to write arbitrary files outside of the site home directory and...

6.5CVSS5.9AI score0.09369EPSS
Exploits4References5
OSV
OSV
added 2020/12/11 3:15 a.m.3 views

CVE-2020-9301

Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within the orca container...

8.8CVSS5.9AI score0.01504EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2020/11/03 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-25337

Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerability was chained with CVE-2021-25369 and CVE-2021-25370...

7.1CVSS6.4AI score0.02831EPSS
Exploits0References1
OSV
OSV
added 2020/09/16 2:15 p.m.6 views

CVE-2020-25412

comline in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy that may lead to arbitrary code execution...

9.8CVSS7.3AI score
Exploits0References1
EUVD
EUVD
added 2020/07/22 7:17 p.m.3 views

EUVD-2020-30469

Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution...

8.8CVSS8.9AI score0.03482EPSS
Exploits0References1
NVD
NVD
added 2020/06/01 5:15 p.m.22 views

CVE-2014-7175

FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbitrary data to fsUI.xyz via fsSaveUIPersistence.php...

9.8CVSS9.5AI score0.01295EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2019/10/29 12:0 a.m.4 views

The numerous vulnerabilities in the API interface of the WADashboard component of the Advantech WebAccess software allow a perpetrator to write or overwrite any files in the file system.

The multiple vulnerabilities of the API interface of the WADashboard component in the Advantech WebAccess remote monitoring software are related to deficiencies in path validation before its use in file operations. Exploiting these vulnerabilities could allow a malicious actor to read arbitrary...

6.8CVSS5.7AI score0.32367EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2019/10/03 9:15 p.m.5 views

CVE-2019-15766

The KSLABS KSWEB aka ru.kslabs.ksweb application 3.93 for Android allows authenticated remote code execution via a POST request to the AJAX handler with the configFile parameter set to the arbitrary file to be written to and the configtext parameter set to the content of the file to be created...

8.8CVSS7.9AI score0.03126EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2019/09/10 12:0 a.m.3 views

The vulnerability of the Cisco RoomOS operating system, related to permission handling errors, allows a intruder to write arbitrary files to the device’s file system.

The vulnerability of the Cisco RoomOS operating system is related to permission handling errors. Exploiting this vulnerability allows an attacker to write arbitrary files to the device’s file system with root privileges...

7.2CVSS5.6AI score0.00262EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2019/03/22 8:29 p.m.3 views

CVE-2019-1765

A vulnerability in the web-based management interface of Session Initiation Protocol SIP Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem. The vulnerability is due to insufficient input validation and file-level...

6.5CVSS7AI score0.01391EPSS
Exploits0References1
CNVD
CNVD
added 2019/02/21 12:0 a.m.1 views

Cisco HyperFlex Authorization Control Vulnerability

Cisco HyperFlex Software is a scalable, distributed file system. Cisco HyperFlex has an authorization control vulnerability in the Graphite interface, which can be exploited by a local attacker to write arbitrary data to Graphite and display invalid statistics in that interface by connecting to t...

4CVSS6.8AI score0.00174EPSS
Exploits0References1
Veracode
Veracode
added 2019/01/15 8:59 a.m.30 views

Authorization Bypass

Linux kernel-rt is vulnerable to authorization bypass. The default SCSI command filter block/scsiioctl.c does not accommodate commands that overlap across device classes, allowing local users to bypass intended access restrictions to write arbitrary data to a read-only LUN via an SGIO ioctl call...

4.6CVSS8.1AI score0.00349EPSS
Exploits0References12Affected Software2
Cvelist
Cvelist
added 2018/07/20 7:0 p.m.16 views

CVE-2018-5059

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user...

9.4AI score0.08106EPSS
Exploits0References3
Prion
Prion
added 2018/06/26 4:29 p.m.27 views

Directory traversal

rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file...

7.5CVSS9.3AI score0.04499EPSS
Exploits1References4Affected Software3
Cvelist
Cvelist
added 2018/06/26 4:0 p.m.21 views

CVE-2018-1000544

rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file...

9.3AI score0.04499EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2018/03/28 12:0 a.m.7 views

The vulnerability of the dbman service of the HPE Intelligent Management Center PLAT software platform allows a perpetrator to write arbitrary files and execute arbitrary code.

The vulnerability of the dbman service of the HPE Intelligent Management Center PLAT software platform is related to the improper processing of the Opcode 10010 request. Exploiting this vulnerability allows a remote attacker to write arbitrary files and execute arbitrary code...

7.8CVSS8.2AI score0.12166EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2017/12/08 4:29 p.m.5 views

CVE-2017-15894

Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager DSM 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the destfolderpath parameter...

6.5CVSS5.9AI score0.01974EPSS
Exploits0References1
Rows per page
Query Builder