Lucene search
K

779 matches found

Cvelist
Cvelist
added 2022/12/27 9:13 p.m.17 views

CVE-2020-36560 Path traversal in github.com/artdarek/go-unzip

Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...

9.2AI score0.01249EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/12/27 9:13 p.m.21 views

CVE-2018-25046 Path traversal in code.cloudfoundry.org/archiver

Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...

9.2AI score0.01188EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/12/27 9:13 p.m.5 views

CVE-2018-25046 Path traversal in code.cloudfoundry.org/archiver

Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...

9.2AI score0.01188EPSS
Exploits0References3
OSV
OSV
added 2022/12/22 8:3 p.m.19 views

GHSA-6MV3-WM7J-H4W5 Tauri Filesystem Scope Glob Pattern is too Permissive

Impact The filesystem glob pattern wildcards , ?, and ... match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Example: The fs scope $HOME/.key would also allow $HOME/.ssh/secret.key to be read even though it is in a sub director...

6.8CVSS6.8AI score0.01006EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2022/12/21 12:0 a.m.6 views

PT-2022-27935 · Roxio · Roxio Creator Ljb

Name of the Vulnerable Software and Affected Versions: Roxio Creator LJB version 12.2 build number 106B62B Roxio Creator LJB version 12.2 build number 106B63A Roxio Creator LJB version 12.2 build number 106B69A Roxio Creator LJB version 12.2 build number 106B71A Roxio Creator LJB version 12.2 bui...

6.7CVSS6.4AI score0.00431EPSS
Exploits0References5
NVD
NVD
added 2022/12/15 7:15 p.m.22 views

CVE-2022-32833

An issue existed with the file paths used to store website data. The issue was resolved by improving how website data is stored. This issue is fixed in iOS 16. An unauthorized user may be able to access browsing history...

5.3CVSS0.00617EPSS
Exploits0References3
Prion
Prion
added 2022/12/15 7:15 p.m.12 views

Code injection

An issue existed with the file paths used to store website data. The issue was resolved by improving how website data is stored. This issue is fixed in iOS 16. An unauthorized user may be able to access browsing history...

5CVSS5.9AI score0.00617EPSS
Exploits0References3Affected Software3
Vulnrichment
Vulnrichment
added 2022/12/15 12:0 a.m.5 views

CVE-2022-32833

An issue existed with the file paths used to store website data. The issue was resolved by improving how website data is stored. This issue is fixed in iOS 16. An unauthorized user may be able to access browsing history...

4.6AI score0.00617EPSS
Exploits0References3
CVE
CVE
added 2022/12/15 12:0 a.m.89 views

CVE-2022-32833

CVE-2022-32833 describes an issue with the file paths used to store website data on Apple iOS. The root cause is an insecure handling of website data paths, which could allow an unauthenticated user to access browsing history. The vulnerability is mitigated by Apple’s fix in iOS 16. Connected sou...

5.3CVSS6.2AI score0.00617EPSS
Exploits0References3Affected Software3
Drupal
Drupal
added 2022/12/14 12:0 a.m.19 views

File (Field) Paths - Moderately critical - Access bypass - SA-CONTRIB-2022-065

The File Field Paths module extends the default functionality of Drupal's core File module, by adding the ability to use entity-based tokens in destination paths and file names. The module's default configuration could temporarily expose private files to anonymous visitors. Important note: to fix...

6.4AI score
Exploits0References12
CNNVD
CNNVD
added 2022/12/07 12:0 a.m.3 views

ILIAS 安全漏洞

ILIAS is an open source learning management system. A security vulnerability exists in ILIAS eLearning platform versions prior to 7.16 that stems from allowing external control over file names or paths...

6.5CVSS6.4AI score0.01178EPSS
Exploits3References5
OSV
OSV
added 2022/11/25 7:15 p.m.5 views

CVE-2022-41158

Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code...

9.8CVSS6.2AI score0.01837EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/11/25 12:0 a.m.21 views

CVE-2022-41158 eyoom builder Remote Code Execution Vulnerability

Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code...

7.2CVSS9.8AI score0.01837EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/11/25 12:0 a.m.3 views

PT-2022-25687 · Eyoom Co. +1 · Eyoom Builder

Name of the Vulnerable Software and Affected Versions: Builder program affected versions not specified Description: The issue allows for remote code execution by utilizing cookie values as paths to a file. This can be exploited by a remote attacker to execute or inject malicious code...

9.8CVSS9.6AI score0.01837EPSS
Exploits0References3
Veracode
Veracode
added 2022/10/27 4:34 a.m.14 views

Arbitrary Code Execution

jupytercore is vulnerable to arbitrary code execution. The vulnerability exists in the configfilepaths function in application.py which executes untrusted files in the current working directory, allowing one user to run code as another...

8.8CVSS8.8AI score0.01056EPSS
Exploits0References9Affected Software2
Prion
Prion
added 2022/10/25 5:15 p.m.21 views

Information disclosure

The Tasks.org Android app is an open-source app for to-do lists and reminders. The Tasks.org app uses the activity ShareLinkActivity.kt to handle "share" intents coming from other components in the same device and convert them to tasks. Those intents may contain arbitrary file paths as attachment...

1.7CVSS5.3AI score0.0025EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/12 12:0 a.m.3 views

PT-2022-21508 · Apple · Ios +1

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 16 Description: An issue existed with the file paths used to store website data, potentially allowing an unauthorized user to access browsing history. The issue was resolved by improving how website data is stored and by...

5.3CVSS5.8AI score0.00617EPSS
Exploits0References11
Veracode
Veracode
added 2022/08/02 2:54 p.m.21 views

Path Traversal

streamlit is vulnerable to path traversal. The vulnerability exists in get function in ComponentRequestHandler due to improper handling of component requests outside the root directory which allows an attacker to access and overwrite the files by sending a malicious URL with file paths...

6.5CVSS6.1AI score0.01323EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/08/01 9:25 p.m.30 views

CVE-2022-35918 Streamlit directory traversal vulnerability

Streamlit is a data oriented application development framework for python. Users hosting Streamlit apps that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially othe...

6.5CVSS6.5AI score0.01323EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/07/27 3:15 p.m.3 views

CVE-2022-36890

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

4.3CVSS5.8AI score0.00961EPSS
Exploits0References3
Rows per page
Query Builder