996 matches found
DEBIAN-CVE-2021-28658
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability...
PYSEC-2021-6
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability...
CVE-2021-28658
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability...
CVE-2021-28658
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability...
UBUNTU-CVE-2021-28658
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability...
CVE-2020-13924
In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse to other directories to download files...
SUSE SLED15 / SLES15 Security Update : s390-tools (SUSE-SU-2021:0777-1)
This update for s390-tools fixes the following issues : Fixed an issue where IPL was not working when bootloader was installed on a SCSI disk with 4k physical blocksize without using a devicemapper target bsc1183041. CVE-2021-25316: Do not use predictable temporary file names bsc1182777. Made the...
SUSE SLES12 Security Update : s390-tools (SUSE-SU-2021:0776-1)
This update for s390-tools fixes the following issues : Fixed an issue where IPL was not working when bootloader was installed on a SCSI disk with 4k physical blocksize without using a devicemapper target bsc1183041. CVE-2021-25316: Do not use predictable temporary file names bsc1182777. Made the...
SUSE-SU-2021:0777-1 Security update for s390-tools
This update for s390-tools fixes the following issues: - Fixed an issue where IPL was not working when bootloader was installed on a SCSI disk with 4k physical blocksize without using a devicemapper target bsc1183041. - CVE-2021-25316: Do not use predictable temporary file names bsc1182777. - Mad...
SUSE-SU-2021:0776-1 Security update for s390-tools
This update for s390-tools fixes the following issues: - Fixed an issue where IPL was not working when bootloader was installed on a SCSI disk with 4k physical blocksize without using a devicemapper target bsc1183041. - CVE-2021-25316: Do not use predictable temporary file names bsc1182777. - Mad...
ZendTo 跨站脚本漏洞
ZendTo is a completely free web-based system that lets you conveniently send or receive files with no limit on file size and faster speeds. A cross-site scripting vulnerability exists in versions prior to ZendTo 6.06-4 Beta during the display of drop-down menus with file names containing unexpect...
NetApp Clustered Data ONTAP Information Disclosure Vulnerability (CNVD-2021-12093)
NetApp Clustered Data ONTAP is NetApp's proprietary operating system for storage disk arrays. An information disclosure vulnerability exists in NetApp Clustered Data ONTAP versions prior to 9.3P20, 9.5P15. An attacker could exploit this vulnerability to discover other storage virtual machines SVM...
The vulnerability of the Cisco Webex Teams collaboration software, related to errors in processing images of various symbols, allows a hacker to manipulate the names of files in the messaging interface.
The vulnerability of the Cisco Webex Teams collaboration software is related to errors in processing images of various symbols. Exploiting this vulnerability allows a malicious actor to remotely manipulate the names of files in the messaging interface...
CVE-2021-1242
A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to manipulate file names within the messaging interface. The vulnerability exists because the affected software mishandles character rendering. An attacker could exploit this vulnerability by sharing a file withi...
Design/Logic Flaw
A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to manipulate file names within the messaging interface. The vulnerability exists because the affected software mishandles character rendering. An attacker could exploit this vulnerability by sharing a file withi...
NewStart CGSL CORE 5.04 / MAIN 5.04 : lftp Vulnerability (NS-SA-2020-0068)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has lftp packages installed that are affected by a vulnerability: - It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local...
NewStart CGSL CORE 5.05 / MAIN 5.05 : lftp Vulnerability (NS-SA-2020-0103)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has lftp packages installed that are affected by a vulnerability: - It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local...
Escalation Of Privilege
generatedoygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges...
SUSE-SU-2020:3231-1 Security update for yast2-multipath
This update for yast2-multipath to version 3.2.2 fixes the following issues: - CVE-2018-17955: Use random file name instead of static names bsc1117592...
USN-4611-1 samba vulnerabilities
Steven French discovered that Samba incorrectly handled ChangeNotify permissions. A remote attacker could possibly use this issue to obtain file name information. CVE-2020-14318 Bas Alberts discovered that Samba incorrectly handled certain winbind requests. A remote attacker could possibly use th...