Lucene search
K

164 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:47 a.m.1 views

SUSE CVE-2017-7500

It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory ...

7.3CVSS8.3AI score0.00415EPSS
Exploits0References47
SUSE CVE
SUSE CVE
added 2023/02/15 4:13 a.m.3 views

SUSE CVE-2019-10161

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use...

7.8CVSS9AI score0.00516EPSS
Exploits0References15
SUSE CVE
SUSE CVE
added 2023/02/15 3:38 a.m.6 views

SUSE CVE-2021-39135

@npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder...

8.1CVSS8.1AI score0.00553EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2023/02/15 3:30 a.m.3 views

SUSE CVE-2022-4223

The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to...

8.8CVSS6.8AI score0.79933EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.3 views

SUSE CVE-2022-37703

In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use opendir as root directly without checking the path, letting the attacker provide an...

4CVSS6.4AI score0.00703EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/01/30 12:0 a.m.38 views

EulerOS Virtualization 3.0.2.2 : sudo (EulerOS-SA-2023-1296)

According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by...

7.8CVSS6.6AI score0.01066EPSS
Exploits2References3
OSV
OSV
added 2023/01/27 10:15 p.m.2 views

CVE-2022-39812

Italtel NetMatch-S CI 5.2.0-20211008 allows Absolute Path Traversal under NMSCI-WebGui/SaveFileUploader. An unauthenticated user can upload files to an arbitrary path. An attacker can change the uploadDir parameter in a POST request not possible using the GUI to an arbitrary directory. Because th...

7.5CVSS5.9AI score0.00961EPSS
Exploits1References1
Prion
Prion
added 2023/01/27 10:15 p.m.19 views

Path traversal

Italtel NetMatch-S CI 5.2.0-20211008 allows Absolute Path Traversal under NMSCI-WebGui/SaveFileUploader. An unauthenticated user can upload files to an arbitrary path. An attacker can change the uploadDir parameter in a POST request not possible using the GUI to an arbitrary directory. Because th...

5CVSS7.4AI score0.00961EPSS
Exploits1References1Affected Software1
OpenVAS
OpenVAS
added 2022/12/21 12:0 a.m.26 views

SUSE: Security Advisory (SUSE-SU-2022:4593-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.2CVSS6.6AI score0.01525EPSS
Exploits0References4
OSV
OSV
added 2022/12/20 3:55 p.m.8 views

SUSE-SU-2022:4593-1 Security update for cni-plugins

This update for cni-plugins fixes the following issues: - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration bsc1181961...

7.2CVSS7.5AI score0.01525EPSS
Exploits0References3
OSV
OSV
added 2022/12/20 3:52 p.m.9 views

SUSE-SU-2022:4592-1 Security update for cni

This update for cni fixes the following issues: - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration bsc1181961...

7.2CVSS7.4AI score0.01525EPSS
Exploits0References3
Prion
Prion
added 2022/11/29 9:15 p.m.14 views

Directory traversal

The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the 'template' attribute used in shortcodes. This makes it possible for attackers with administrative privileges to supply arbitrary paths...

4CVSS5.4AI score0.02484EPSS
Exploits1References4Affected Software1
OpenVAS
OpenVAS
added 2022/11/22 12:0 a.m.26 views

SUSE: Security Advisory (SUSE-SU-2022:4150-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.2CVSS7.4AI score0.01525EPSS
Exploits0References2
OSV
OSV
added 2022/11/21 12:21 p.m.7 views

SUSE-SU-2022:4151-1 Security update for cni-plugins

This update for cni-plugins fixes the following issues: - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration bsc1181961...

7.2CVSS6.8AI score0.02428EPSS
Exploits1References5
OSV
OSV
added 2022/11/21 12:21 p.m.8 views

SUSE-SU-2022:4150-1 Security update for cni

This update for cni fixes the following issues: - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration bsc1181961...

7.2CVSS7.4AI score0.01525EPSS
Exploits0References3
OSV
OSV
added 2022/11/01 8:15 p.m.3 views

CVE-2022-32938

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. A shortcut may be able to check the existence of an arbitrary path on the file system...

5.3CVSS5.7AI score0.00721EPSS
Exploits0References2
NVD
NVD
added 2022/11/01 8:15 p.m.21 views

CVE-2022-32938

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. A shortcut may be able to check the existence of an arbitrary path on the file system...

5.3CVSS0.00721EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/10/24 12:0 a.m.4 views

Apple iOS 和 iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for the iPad tablet computer. A security vulnerability exists in Apple iOS and iPadOS, which stems from a shortcut that may be able to check...

5.3CVSS6.9AI score0.00721EPSS
Exploits0References7
NVD
NVD
added 2022/09/13 8:15 p.m.21 views

CVE-2022-37703

In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use opendir as root directly without checking the path, letting the attacker provide an...

3.3CVSS0.00703EPSS
Exploits0References9
Prion
Prion
added 2022/09/13 8:15 p.m.20 views

Design/Logic Flaw

In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use opendir as root directly without checking the path, letting the attacker provide an...

1.7CVSS4.8AI score0.00703EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder