CVE-2020-36566

Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...

CVE-2021-4287

A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2. Affected is an unknown function of the file src/binwalk/modules/extractor.py of the component Archive Extraction Handler. The manipulation leads to symlink following. It is possible to launch the...

CVE-2021-4281

CVE-2021-4281 affects Brave UX for-the-badge. The vulnerability involves manipulation of an unknown functionality in the file .github/workflows/combine-prs.yml, leading to OS command injection. A patch is named 55b5a234c0fab935df5fb08365bc8fe9c37cf46b, with recommendations to apply the fix. Conne...

Design/Logic Flaw

A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshotsync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is...

CVE-2022-34483

An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from...

CVE-2022-34482

An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from...

CVE-2022-34483

The issue is CVE-2022-34483 affecting Firefox prior to version 102. A user engaging via drag-and-drop of an image to a filesystem could have resulted in a filename containing an executable extension, potentially leading to execution of malicious code. The Astra Linux advisories corroborate that F...

CVE-2022-4641

A vulnerability was found in pig-vector and classified as problematic. Affected by this issue is the function LogisticRegression of the file src/main/java/org/apache/mahout/pig/LogisticRegression.java. The manipulation leads to insecure temporary file. The attack needs to be approached locally. T...

Path Traversal

plexus-utils is vulnerable to Path Traversal. An attacker can access arbitrary files and directories stored on the file system through the extractFile function in Expand.java and manipulate files with dot-dot-slash ../ sequences and variations or by using absolute file paths...

CVE-2020-36620 Brondahl EnumStringValues EnumExtensions.cs GetStringValuesWithPreferences_Uncache resource consumption

A vulnerability was found in Brondahl EnumStringValues up to 4.0.0. It has been declared as problematic. This vulnerability affects the function GetStringValuesWithPreferencesUncache of the file EnumStringValues/EnumExtensions.cs. The manipulation leads to resource consumption. Upgrading to versi...

Delta Electronics DX-3021 命令注入漏洞

The Delta Electronics DX-3021 is a router from Delta Electronics China. A command injection vulnerability exists in the Delta Electronics DX-3021 prior to version 1.24, which stems from a command injection vulnerability in the web server via the web diagnostics page, which could allow an...

Delta 4G Router DX-3021

1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor : Delta Industrial Automation Equipment: 4G Router DX-3021 Vulnerabilities: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote unauthenticated user to...

CVE-2021-4255

A vulnerability was found in ctrlo lenio and classified as problematic. Affected by this issue is some unknown functionality of the file views/contractor.tt. The manipulation of the argument contractor.name leads to cross site scripting. The attack may be launched remotely. The name of the patch ...

CVE-2022-4595

A vulnerability classified as problematic has been found in django-openipam. This affects an unknown part of the file openipam/report/templates/report/exposedhosts.html. The manipulation of the argument description leads to cross site scripting. It is possible to initiate the attack remotely. The...

Path traversal

A vulnerability was found in jLEMS. It has been declared as critical. Affected by this vulnerability is the function unpackJar of the file src/main/java/org/lemsml/jlems/io/util/JUtil.java. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is...

Debian dla-3241 : firefox-esr - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3241 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3241-1 [email protected]...

CVE-2022-40264

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ICONICS/Mitsubishi Electric GENESIS64 versions 10.96 to 10.97.2 allows an unauthenticated attacker to create, tamper with or destroy arbitrary files by getting a legitimate user import a project package...

CVE-2022-40264

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ICONICS/Mitsubishi Electric GENESIS64 versions 10.96 to 10.97.2 allows an unauthenticated attacker to create, tamper with or destroy arbitrary files by getting a legitimate user import a project package...

Cross site scripting

A vulnerability was found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /blog/comment of the component Message Board. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has be...

CVE-2022-4347

A vulnerability was found in xiandafu beetl-bbs. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file WebUtils.java. The manipulation of the argument user leads to cross site scripting. The attack can be launched remotely. The exploit has bee...