779 matches found
GO-2020-0026 Arbitrary file write via archive extraction in github.com/openshift/source-to-image
Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...
GO-2020-0042 Arbitrary File Write via Archive Extraction (Zip Slip) in github.com/sassoftware/go-rpmutils
Due to improper path sanitization, RPMs containing relative file paths can cause files to be written or overwritten outside of the target directory...
GO-2020-0041 Path Traversal in github.com/unknwon/cae
Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...
VulnCheck KEV: CVE-2018-9205
Vulnerability in avataruploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path...
USN-4770-1 glusterfs vulnerabilities
It was discovered that GlusterFS incorrectly handled network requests. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM. CVE-2014-3619 It was discovered that GlusterFS incorrectly handled user permissions. An authenticated attacker...
CVE-2021-23976
When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on...
CVE-2020-8567
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods...
Code injection
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods...
CVE-2020-8567 Kubernetes Secrets Store CSI Driver plugin directory traversals
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods...
Information Disclosure
apache tomcat is vulnerable to information disclosure. Security constraints can be bypassed to obtain and view JSP source code in certain configurations, when serving resources from a network location using the NTFS file system. The vulnerability is caused by the insufficient validation for the :...
UBUNTU-CVE-2020-26954
When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on...
Go_Parser - Yet Another Golang Binary Parser For IDAPro
Yet Another Golang Binary Parser For IDAPro NOTE : This master branch is written in Python2 for IDAPython, and tested only on IDA7.2/IDA7.0. If you use IDAPython with Python3 and higher version of IDAPro, please use Python3 Branch for goparser. Inspired by golangloaderassist and...
USN-4571-1: rack-cors vulnerability
It was discovered that rack-cors did not properly handle relative file paths. An attacker could use this vulnerability to access arbitrary files...
USN-4571-1 ruby-rack-cors vulnerability
It was discovered that rack-cors did not properly handle relative file paths. An attacker could use this vulnerability to access arbitrary files...
Ubuntu 16.04 LTS : rack-cors vulnerability (USN-4571-1)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4571-1 advisory. It was discovered that rack-cors did not properly handle relative file paths. An attacker could use this vulnerability to access arbitrary files. Tenable has...
PT-2020-14296 · Vapor · Vapor
Name of the Vulnerable Software and Affected Versions: Vapor versions prior to 4.29.4 Description: Attackers can access data at arbitrary filesystem paths on the same host as an application using FileMiddleware. This issue affects applications that use FileMiddleware. Recommendations: For version...
GHSA-7X92-2J68-H32C Directory Traversal in featurebook
Affected versions of featurebook resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system. The...
GHSA-H372-W3XP-2JG3 Directory Traversal in section2.madisonjbrooks12
Affected versions of section2.madisonjbrooks12 resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable...
Directory Traversal in section2.madisonjbrooks12
Affected versions of section2.madisonjbrooks12 resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable...
GHSA-QH38-WRGF-CJ2C Directory Traversal in iter-server
Affected versions of iter-server resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system. Exampl...