Lucene search
K

6892 matches found

OSV
OSV
added 2020/10/22 7:15 p.m.1 views

CVE-2020-9994

A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to overwrite arbitrary files...

7.1CVSS7.2AI score0.00941EPSS
Exploits0References4
OSV
OSV
added 2020/10/22 7:15 p.m.5 views

CVE-2020-9920

A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A malicious mail server may overwrite arbitrary mail files...

9.1CVSS7.2AI score0.01837EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2020/10/20 4:3 p.m.4 views

python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py

A flaw was found in the pip package installer for Python when downloading or installing a remote package via a specified URL. Improper validation of the "Content-Disposition" HTTP response header makes a path traversal attack possible, leading to an arbitrary file overwrite. This flaw allows an...

7.5CVSS7.6AI score0.03028EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/10/19 6:8 p.m.0 views

python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py

A flaw was found in the pip package installer for Python when downloading or installing a remote package via a specified URL. Improper validation of the "Content-Disposition" HTTP response header makes a path traversal attack possible, leading to an arbitrary file overwrite. This flaw allows an...

7.5CVSS7.6AI score0.03028EPSS
Exploits1References4
OSV
OSV
added 2020/10/14 7:15 p.m.4 views

CVE-2020-3427

The Windows Logon installer prior to 4.1.2 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Windows Logon, cause Denia...

7.8CVSS7.2AI score
Exploits0References1
OSV
OSV
added 2020/10/14 7:15 p.m.27 views

CVE-2020-15229

Singularity an open source container platform from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within unsquashfs, it is possible to overwrite/create any files on the host filesystem during the extraction with a...

9.3CVSS6.6AI score
Exploits0References7
UbuntuCve
UbuntuCve
added 2020/10/14 7:15 p.m.36 views

CVE-2020-15229

Singularity an open source container platform from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within unsquashfs, it is possible to overwrite/create any files on the host filesystem during the extraction with a...

9.3CVSS7.1AI score0.02022EPSS
Exploits0References5
Cvelist
Cvelist
added 2020/10/14 6:55 p.m.17 views

CVE-2020-15229 Path traversal and files overwrite with unsquashfs

Singularity an open source container platform from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within unsquashfs, it is possible to overwrite/create any files on the host filesystem during the extraction with a...

8.2CVSS8.9AI score0.02022EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2020/10/14 6:55 p.m.24 views

CVE-2020-15229

Singularity an open source container platform from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within unsquashfs, it is possible to overwrite/create any files on the host filesystem during the extraction with a...

9.3CVSS8.6AI score0.02022EPSS
Exploits0
CNVD
CNVD
added 2020/10/09 12:0 a.m.7 views

Cisco Nexus Data Broker Software Path Traversal Vulnerability

Nexus Data Broker provides a simple, scalable and cost-effective monitoring solution for high volume and business-critical traffic. A path traversal vulnerability exists in the configuration recovery feature of Cisco Nexus Data Broker Software 3.90 and earlier. The vulnerability stems from...

5.8CVSS6.8AI score0.01408EPSS
Exploits0References1
CVE
CVE
added 2020/10/08 4:20 a.m.74 views

CVE-2020-3597

Cisco Nexus Data Broker Software is affected by CVE-2020-3597. A path traversal vulnerability exists in the configuration restore feature due to insufficient validation of configuration backup files. An unauthenticated, remote attacker could trick an administrator into restoring a crafted backup ...

5.8CVSS5.5AI score0.01408EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2020/09/28 12:0 a.m.2 views

cPanel File Management Vulnerability

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in cPanel versions prior to 90.0.10, which stems from a mail quota cache that allows overwriting ...

7.5CVSS7AI score0.00872EPSS
Exploits0References1
OSV
OSV
added 2020/09/25 6:15 a.m.2 views

CVE-2020-26112

The email quota cache in cPanel before 90.0.10 allows overwriting of files...

7.5CVSS5.8AI score0.00872EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/09/25 5:40 a.m.15 views

CVE-2020-26112

The email quota cache in cPanel before 90.0.10 allows overwriting of files...

7.6AI score0.00872EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2020/09/24 5:52 p.m.9 views

CVE-2020-3476 Cisco IOS XE Software Arbitrary File Overwrite Vulnerability

A vulnerability in the CLI implementation of a specific command of Cisco IOS XE Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying host file system. The vulnerability is due to insufficient validation of the parameters of a specific CLI command. A...

4.4CVSS6.8AI score0.00269EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/09/24 5:52 p.m.25 views

CVE-2020-3476 Cisco IOS XE Software Arbitrary File Overwrite Vulnerability

A vulnerability in the CLI implementation of a specific command of Cisco IOS XE Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying host file system. The vulnerability is due to insufficient validation of the parameters of a specific CLI command. A...

4.4CVSS6AI score0.00269EPSS
Exploits0References1
OSV
OSV
added 2020/09/23 1:15 a.m.1 views

CVE-2020-3130

A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP...

6.5CVSS6.4AI score0.0181EPSS
Exploits0References1
Prion
Prion
added 2020/09/22 6:15 p.m.14 views

Path traversal

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module's Script Name, an attacker may write to or overwrite arbitrary files, with arbitrary content, usually with NT AUTHORITY\SYSTEM privileges...

9CVSS7AI score0.01864EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/09/22 12:0 a.m.3 views

The vulnerability of the CAMS for HIS distributed control systems’ emergency message and event management components allows attackers to create or re-record arbitrary files and execute arbitrary commands through unspecified vectors.

The vulnerability of the CAMS for HIS distributed control systems’ emergency message and event management component is related to deficiencies in checking the path name to the restricted-access catalog. Exploiting this vulnerability could allow an attacker to create or re-record arbitrary files a...

8.1CVSS8.1AI score0.02065EPSS
Exploits0References5
NVD
NVD
added 2020/09/16 2:15 p.m.22 views

CVE-2020-2278

Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content...

6.5CVSS0.01414EPSS
Exploits0References2
Rows per page
Query Builder