PT-2022-20772 · Orchest · Orchest

Name of the Vulnerable Software and Affected Versions: orchest/orchest versions prior to 2022.05.0 Description: The issue allows absolute path traversal due to the unsafe use of the Flask send file function. Recommendations: For versions prior to 2022.05.0, update to version 2022.05.0 or later to...

Harveyzyh Python 路径遍历漏洞

Harveyzyh Python is a private codebase. A security vulnerability exists in GitHub's Harveyzyh/Python version 2022-05-04 and earlier, which stems from an incorrect call to Flask's sendfile function that results in absolute path traversal...

Python-Recipe-Database 路径遍历漏洞

Python-Recipe-Database is a recipe storage and retrieval system using Python and Mongo. A path traversal vulnerability exists in Python-Recipe-Database version 2021-03-31 and earlier, which stems from an incorrect call to Flask's sendfile function that results in absolute path traversal...

PythonWeb 路径遍历漏洞

PythonWeb is a repository. A security vulnerability exists in PythonWeb version 2018-10-31 and earlier, which stems from an incorrect call to Flask's sendfile function resulting in absolute path traversal...

golem 路径遍历漏洞

golem is a git continuous integration, testing, and release tool by Dennis Kaarsemaker, an individual developer in the Netherlands. A security vulnerability exists in golem version 2016-05-17 and earlier, which stems from an incorrect call to Flask's sendfile function that results in absolute pat...

ytdl-sync 路径遍历漏洞

The ytdl-sync repository is a web interface for YTDL by Jake Garza, an individual developer in the United States. A security vulnerability exists in ytdl version 2021-01-02 and earlier, which stems from an incorrect call to Flask's sendfile function that results in absolute path traversal...

nursequest 路径遍历漏洞

nursequest is a management system for nurses' tasks by Romain Vincent, an individual developer in France. A security vulnerability exists in nursequest version 2018-02-22 and earlier versions, which stems from an incorrect call to Flask's sendfile function resulting in absolute path traversal...

KG-fashion-chatbot 路径遍历漏洞

KG-fashion-chatbot is a multi-modal chatbot for online shopping assistant by youzhou individual developer. KG-fashion-chatbot has a security vulnerability in versions 2018-05-22 and earlier, which stems from an unsafe use of Flask's sendfile function that allows absolute path traversal...

PT-2022-3468 · Cisco · Cisco Telepresence Video Communication Server +1

Name of the Vulnerable Software and Affected Versions: Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS affected versions not specified Description: The issue is related to multiple vulnerabilities in the API and the web-based management interface of the affected...

go -- multiple vulnerabilities

The Go project reports: crypto/rand: rand.Read hangs with extremely large buffers On Windows, rand.Read will hang indefinitely if passed a buffer larger than 1 32 - 1 bytes. crypto/tls: session tickets lack random ticketageadd Session tickets generated by crypto/tls did not contain a randomly...

USN-5390-2: Linux kernel (Raspberry Pi) vulnerabilities

David Bouman discovered that the netfilter subsystem in the Linux kernel did not properly validate passed user register indices. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2022-1015 David Bouman discovered that the netfilter subsystem in t...

CVE-2022-28792

DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking...

Spoofing

DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking...

CVE-2022-28792

DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking...

Gear IconX PC Manager 代码问题漏洞

Samsung Gear IconX PC Manager is used to transfer music files from PC to Gear IconX by Samsung South Korea. A security vulnerability exists in Gear IconX PC Manager versions prior to 2.1.220405.51, which stems from a DLL hijacking vulnerability in Gear IconX PC Manager versions prior to...

Alkacon OpenCMS Absolute Path Traversal via pathname in filePath.0 parameter

Absolute path traversal vulnerability in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote authenticated administrators to read arbitrary files via a full pathname in the filePath.0 parameter...

Alkacon OpenCMS Absolute Path Traversal via pathname in filePath parameter

Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter...

CVE-2022-24900 Absolute Path Traversal due to incorrect use of `send_file` call in Piano LED Visualizer

Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to a path traversal attack. The os.path.join call is unsafe for use with untrusted input. When the os.path.join call encounters an absolute...

CVE-2021-30497

Ivanti Avalanche Premise 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive...

Path traversal

Ivanti Avalanche Premise 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive...