ROS-20251020-01

Vulnerability in open source external resource management software Terraform is associated with an incorrect restriction on the path name of a restricted directory. Exploitation of the vulnerability could allow an attacker to download arbitrary files...

The vulnerability of Starlette’s tools for creating asynchronous web services in Python lies in the improper restriction of the path name for a limited directory. This allows attackers to gain access to confidential information.

The vulnerability of Starlette’s tools for creating asynchronous web services in Python is related to an improper restriction on the path name of a limited directory. Exploiting this vulnerability could allow a malicious actor to gain access to confidential information...

PT-2024-9227 · 2N · 2N Access Commander

Name of the Vulnerable Software and Affected Versions: 2N Access Commander versions 3.1.1.2 and prior Description: The issue is related to incorrect restriction of a directory path with limited access. Exploitation of this issue may allow a remote attacker to execute arbitrary code. This can be...

The vulnerability of the rspamd_maps() function in the Docker-based email server deployment and management tool, mailcow:dockerized, allows a attacker to execute arbitrary code.

The vulnerability of the rspamdmaps function in the Docker-based email server deployment and management tool, mailcow:dockerized, is related to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...

PT-2024-5048 · Unknown · Deepjavalibrary

Name of the Vulnerable Software and Affected Versions: DeepJavaLibraryDJL versions 0.1.0 through 0.27.0 Description: The issue is related to the incorrect restriction of the directory path name with limited access. This can allow a remote attacker to overwrite system files. The estimated number o...

PT-2024-4728 · Ооо 'Кейсистемс' · Сервис Оправдательных Документов

Name of the Vulnerable Software and Affected Versions: Сервис оправдательных документов affected versions not specified Description: The issue is related to incorrect restriction of directory path names. It may allow a remote attacker to gain read and write access to local files. Recommendations:...

PT-2024-4720 · Microsoft · Net Core

Name of the Vulnerable Software and Affected Versions: .NET Core versions affected versions not specified Description: The issue is related to an incorrect restriction of directory path names in the .NET Core software component "Сервис обновлений". This could allow a remote attacker to gain read...

PT-2024-3202 · Microsoft · Defender For Iot

Name of the Vulnerable Software and Affected Versions: Microsoft Defender for IoT affected versions not specified Description: The issue is related to incorrect restriction of a directory path with limited access. Exploitation of this issue may allow a remote attacker to execute arbitrary code...

The vulnerability of the APC Easy UPS Online Monitoring Software lies in the incorrect limitation of the path to the restricted directory. This allows a hacker to delete any files they desire.

The vulnerability of the APC Easy UPS Online Monitoring Software relates to incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability could allow an attacker to delete arbitrary files...

PT-2023-7439 · Delta Electronics · Infrasuite Device Master

Name of the Vulnerable Software and Affected Versions: Delta Electronics InfraSuite Device Master version 1.0.7 Description: A vulnerability exists in Delta Electronics InfraSuite Device Master that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtai...

The vulnerability of the declarative delivery tool for GitOps on Kubernetes Argo CD, related to deficiencies in pathname restrictions for directories, allows attackers to gain unauthorized access to protected information.

The vulnerability of GitOps’ continuous delivery tool for Kubernetes Argo CD is related to shortcomings in pathname restrictions for directories. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...

PT-2023-7454 · Aruba · Aruba Edgeconnect Enterprise

Name of the Vulnerable Software and Affected Versions: Aruba EdgeConnect Enterprise affected versions not specified Description: The issue is related to vulnerabilities in the command line interface of the Aruba EdgeConnect Enterprise platform. These vulnerabilities allow remote authenticated use...

PT-2022-2849 · Cisco · Cisco Iox +1

Name of the Vulnerable Software and Affected Versions: Cisco IOx affected versions not specified Description: Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operati...

PT-2022-2299 · Cisco · Cisco Iox +1

Name of the Vulnerable Software and Affected Versions: Cisco IOx affected versions not specified Description: The issue exists due to incorrect restriction of the directory path name with limited access. An attacker could inject arbitrary commands into the underlying host operating system, execut...

PT-2022-2300 · Cisco · Cisco Iox +1

Name of the Vulnerable Software and Affected Versions: Cisco IOx affected versions not specified Description: The issue exists due to incorrect restriction of a directory path name with limited access. An attacker could inject arbitrary commands into the underlying host operating system, execute...

PT-2021-2764

Name of the Vulnerable Software and Affected Versions: SonicWall Email Security version 10.0.9.x Description: The issue is related to incorrect restriction of a directory path with limited access. This allows a remote attacker to gain unauthorized access to protected information. Specifically, it...

The vulnerability of the NGINX Controller Agent monitoring and management platform, related to deficiencies in path name restriction, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the NGINX Controller Agent monitoring and management platform is related to deficiencies in path name restriction for the directory. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected...

PT-2019-2819 · Mcafee · Mcafee Enterprise Security Manager

Name of the Vulnerable Software and Affected Versions: McAfee Enterprise Security Manager versions prior to 11.2.0 McAfee Enterprise Security Manager versions prior to 10.4.0 Description: The issue allows an authenticated user to execute arbitrary code via specially crafted parameters. This is du...