2043 matches found
Denial Of Service (DoS)
libpng is vulnerable to denial of service. The vulnerability exists due to an absolute path in the export script that crashes when reading multiple zTXT chunks...
CVE-2021-20134
Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set an arbitrary file on the router's filesystem as the log file used by either Quagga service zebra or ripd. Subsequen...
CVE-2021-20133
Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set the "message of the day" banner to any file on the system, allowing them to read all or some of the contents of tho...
CVE-2021-20134
The CVE-2021-20134 entry concerns Quagga services on the D-Link DIR-2640 (firmware version
CVE-2021-38146
The File Download API in Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data...
Path traversal
The File Download API in Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data...
CVE-2021-38146
CVE-2021-38146 affects Wipro Holmes Orchestrator 20.4.1. The vulnerability is an unauthenticated, absolute path traversal in the File Download API (POST /home/download, SearchString parameter) that allows reading arbitrary server files. CVSS v3.1 base score 7.5 (HIGH) with network access, low att...
10 Unknown Security Pitfalls for Python
Python developers trust their applications to have a solid security state due to the use of standard libraries and common frameworks. However, within Python, just like in any other programming language, there are certain features that can be misleading or misused by developers. Often it is only a...
nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite
The npm package "tar" aka node-tar has an arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent extraction of absolute file paths by turning absolute paths into relative paths when the preservePaths flag is not set to true. This i...
nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite
The npm package "tar" aka node-tar has an arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent extraction of absolute file paths by turning absolute paths into relative paths when the preservePaths flag is not set to true. This i...
Oracle Linux 8 : nodejs:12 (ELSA-2021-3623)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-3623 advisory. - Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, CVE-2021-22940, - CVE-2021-23343, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672 - Resolves...
CentOS 8 : nodejs:12 (CESA-2021:3623)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:3623 advisory. - nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930, CVE-2021-22940 - nodejs: Improper handling of untypical characters in domai...
RHEL 8 : nodejs:12 (RHSA-2021:3639)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3639 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite
The npm package "tar" aka node-tar has an arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent extraction of absolute file paths by turning absolute paths into relative paths when the preservePaths flag is not set to true. This i...
nodejs:12 security and bug fix update
An update is available for nodejs-nodemon, nodejs, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform f...
RHEL 8 : nodejs:12 (RHSA-2021:3623)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3623 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...
nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite
The npm package "tar" aka node-tar has an arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent extraction of absolute file paths by turning absolute paths into relative paths when the preservePaths flag is not set to true. This i...
nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite
The npm package "tar" aka node-tar has an arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent extraction of absolute file paths by turning absolute paths into relative paths when the preservePaths flag is not set to true. This i...
openSUSE 15 Security Update : fastjar (openSUSE-SU-2021:1107-1)
The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2021:1107-1 advisory. - Absolute path traversal vulnerability in the extractjar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite...
SUSE SLES12 Security Update : fastjar (SUSE-SU-2021:2635-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2021:2635-1 advisory. - Absolute path traversal vulnerability in the extractjar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwri...