Lucene search
K

779 matches found

OSV
OSV
added 2021/04/14 8:4 p.m.34 views

GO-2020-0026 Arbitrary file write via archive extraction in github.com/openshift/source-to-image

Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...

6.5CVSS6.3AI score0.01338EPSS
Exploits0References2
OSV
OSV
added 2021/04/14 8:4 p.m.27 views

GO-2020-0042 Arbitrary File Write via Archive Extraction (Zip Slip) in github.com/sassoftware/go-rpmutils

Due to improper path sanitization, RPMs containing relative file paths can cause files to be written or overwritten outside of the target directory...

7.5CVSS7.5AI score0.01602EPSS
Exploits1References2
OSV
OSV
added 2021/04/14 8:4 p.m.33 views

GO-2020-0041 Path Traversal in github.com/unknwon/cae

Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...

7.5CVSS7.4AI score0.01332EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2018-9205

Vulnerability in avataruploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path...

7.5CVSS7.1AI score0.56924EPSS
Exploits6References1
OSV
OSV
added 2021/03/15 8:13 p.m.4 views

USN-4770-1 glusterfs vulnerabilities

It was discovered that GlusterFS incorrectly handled network requests. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM. CVE-2014-3619 It was discovered that GlusterFS incorrectly handled user permissions. An authenticated attacker...

8.8CVSS7AI score0.05374EPSS
Exploits1References23
Cvelist
Cvelist
added 2021/02/26 1:48 a.m.21 views

CVE-2021-23976

When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on...

5.9AI score0.01101EPSS
Exploits0References3
NVD
NVD
added 2021/01/21 5:15 p.m.20 views

CVE-2020-8567

Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods...

6.5CVSS5.5AI score0.0137EPSS
Exploits0References2
Prion
Prion
added 2021/01/21 5:15 p.m.15 views

Code injection

Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods...

4CVSS6.5AI score0.0137EPSS
Exploits0References2Affected Software3
Cvelist
Cvelist
added 2021/01/21 5:9 p.m.32 views

CVE-2020-8567 Kubernetes Secrets Store CSI Driver plugin directory traversals

Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods...

4.9CVSS6.5AI score0.0137EPSS
Exploits0References2
Veracode
Veracode
added 2021/01/15 6:4 a.m.26 views

Information Disclosure

apache tomcat is vulnerable to information disclosure. Security constraints can be bypassed to obtain and view JSP source code in certain configurations, when serving resources from a network location using the NTFS file system. The vulnerability is caused by the insufficient validation for the :...

5.9CVSS1.3AI score0.22852EPSS
Exploits0References18Affected Software5
OSV
OSV
added 2020/12/09 1:15 a.m.6 views

UBUNTU-CVE-2020-26954

When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on...

4.3CVSS6.8AI score0.00633EPSS
Exploits0References3
Kitploit
Kitploit
added 2020/11/15 8:30 p.m.83 views

Go_Parser - Yet Another Golang Binary Parser For IDAPro

Yet Another Golang Binary Parser For IDAPro  NOTE : This master branch is written in Python2 for IDAPython, and tested only on IDA7.2/IDA7.0. If you use IDAPython with Python3 and higher version of IDAPro, please use Python3 Branch for goparser. Inspired by golangloaderassist and...

7.2AI score
Exploits0References4
Ubuntu
Ubuntu
added 2020/10/05 6:20 p.m.64 views

USN-4571-1: rack-cors vulnerability

It was discovered that rack-cors did not properly handle relative file paths. An attacker could use this vulnerability to access arbitrary files...

5.3CVSS5.8AI score0.02462EPSS
Exploits0
OSV
OSV
added 2020/10/05 6:20 p.m.7 views

USN-4571-1 ruby-rack-cors vulnerability

It was discovered that rack-cors did not properly handle relative file paths. An attacker could use this vulnerability to access arbitrary files...

5.3CVSS6.1AI score0.02462EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/10/05 12:0 a.m.33 views

Ubuntu 16.04 LTS : rack-cors vulnerability (USN-4571-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4571-1 advisory. It was discovered that rack-cors did not properly handle relative file paths. An attacker could use this vulnerability to access arbitrary files. Tenable has...

5.3CVSS5.9AI score0.02462EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/10/02 12:0 a.m.5 views

PT-2020-14296 · Vapor · Vapor

Name of the Vulnerable Software and Affected Versions: Vapor versions prior to 4.29.4 Description: Attackers can access data at arbitrary filesystem paths on the same host as an application using FileMiddleware. This issue affects applications that use FileMiddleware. Recommendations: For version...

8.5CVSS6.5AI score0.0153EPSS
Exploits0References7
OSV
OSV
added 2020/09/01 7:3 p.m.14 views

GHSA-7X92-2J68-H32C Directory Traversal in featurebook

Affected versions of featurebook resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system. The...

7.1AI score
Exploits0References2
OSV
OSV
added 2020/09/01 6:54 p.m.11 views

GHSA-H372-W3XP-2JG3 Directory Traversal in section2.madisonjbrooks12

Affected versions of section2.madisonjbrooks12 resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable...

7.5CVSS7.4AI score0.02005EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2020/09/01 6:54 p.m.24 views

Directory Traversal in section2.madisonjbrooks12

Affected versions of section2.madisonjbrooks12 resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable...

7.5CVSS7.1AI score0.02005EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2020/09/01 6:48 p.m.15 views

GHSA-QH38-WRGF-CJ2C Directory Traversal in iter-server

Affected versions of iter-server resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system. Exampl...

7.5CVSS7.4AI score0.02005EPSS
Exploits1References3
Rows per page
Query Builder