Lucene search
K

70 matches found

NVD
NVD
added 2024/05/14 4:16 p.m.19 views

CVE-2024-25965

Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an external control of file name or path vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to denial of service...

6.1CVSS6.2AI score0.00218EPSS
Exploits0References1
OSV
OSV
added 2024/04/24 8:56 p.m.15 views

GHSA-9F8C-PFVV-P4GM Buffer Overflow in gitea

Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service crash via vectors related to a file path...

7CVSS7.3AI score0.01787EPSS
Exploits0References3
OSV
OSV
added 2024/04/10 1:51 p.m.5 views

CVE-2024-31492

An external control of file name or path vulnerability CWE-73 in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process...

7.8CVSS6.3AI score0.00324EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/10 1:24 p.m.11 views

CVE-2024-31492

An external control of file name or path vulnerability CWE-73 in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process...

8.2CVSS7.8AI score0.00324EPSS
Exploits0References1
NVD
NVD
added 2024/02/15 10:15 p.m.10 views

CVE-2024-25123

MSS Mission Support System is an open source package designed for planning atmospheric research flights. In file: index.py, there is a method that is vulnerable to path manipulation attack. By modifying file paths, an attacker can acquire sensitive information from different resources. The filena...

7.5CVSS7.1AI score0.00493EPSS
Exploits0References2
NVD
NVD
added 2023/08/04 6:15 p.m.17 views

CVE-2023-38695

cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has been patched in...

6.5CVSS6.4AI score0.00795EPSS
Exploits1References4
Prion
Prion
added 2023/08/04 6:15 p.m.13 views

Design/Logic Flaw

cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has been patched in...

4CVSS6.4AI score0.00795EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/08/04 5:25 p.m.25 views

CVE-2023-38695 cypress-image-snapshot vulnerable to insecure snapshot file names

cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has been patched in...

6.5CVSS6.3AI score0.00795EPSS
Exploits1References6
OSV
OSV
added 2023/08/01 4:59 p.m.25 views

GHSA-VXJG-HCHX-CC4G @simonsmith/cypress-image-snapshothas fix for insecure snapshot file names

Impact It's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. Example: js cy.get'h1'.matchImageSnapshot'../../../ignore-relative-dirs' The above will create an ignore-relative-dirs.png three levels ...

6.5CVSS6.3AI score0.00795EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2023/05/16 4:0 p.m.8 views

CVE-2023-32985

Jenkins Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

6.9AI score0.72358EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/05/16 12:0 a.m.6 views

PT-2023-24118 · Jenkins · Jenkins Sidebar Link Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Sidebar Link Plugin versions 2.2.1 and earlier Description: The issue allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. This is due to th...

4.3CVSS4.3AI score0.72358EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/01/17 4:19 p.m.7 views

CVE-2022-2893

RONDS EPM version 1.19.5 does not properly validate the filename parameter, which could allow an unauthorized user to specify file paths and download files...

8.2CVSS7.1AI score0.00701EPSS
Exploits0References1
Prion
Prion
added 2022/07/27 3:15 p.m.23 views

Design/Logic Flaw

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

4CVSS4.4AI score0.00961EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2022/06/02 2:15 p.m.11 views

CVE-2022-24241

ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp...

7.5CVSS0.01107EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/04/26 9:15 p.m.2 views

CVE-2022-28058

Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\filecontroller.php...

8.1CVSS6AI score0.01171EPSS
Exploits1References3
Prion
Prion
added 2021/12/15 8:15 p.m.21 views

Design/Logic Flaw

Gradio is an open source framework for building interactive machine learning models and demos. In versions prior to 2.5.0 there is a vulnerability that affects anyone who creates and publicly shares Gradio interfaces. File paths are not restricted and users who receive a Gradio link can access an...

3.5CVSS7.3AI score0.03794EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2021/11/15 5:36 p.m.20 views

GHSA-43G8-79X3-J898 Unrestricted access to predictable file paths in hov/jobfair

An issue was discovered in the jobfair aka Job Fair extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded...

7.5CVSS7.4AI score0.00997EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2021/07/14 4:38 p.m.2 views

CVE-2021-23407

This affects the package elFinder.Net.Core from 0 and before 1.2.4. The user-controlled file name is not properly sanitized before it is used to create a file system path...

7.5CVSS5.4AI score0.01997EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2021/06/09 12:0 a.m.13 views

The vulnerability of the module for creating and saving structured information about company departments in the “LOCMAN Reference Guide for Structural Departments” system, which manages engineering data and the product lifecycle of LOCMAN:PLM, arises from the possibility of unlimited loading of dangerous files. This vulnerability allows attackers to execute arbitrary code.

The vulnerability of the module responsible for creating and saving structured information about company departments in the “LOCZMAN Reference Guide for Structural Departments” system, which manages engineering data and the product lifecycle of LOCZMAN:PLM, relates to the unlimited loading of...

6.8CVSS6AI score
Exploits0Affected Software1
Prion
Prion
added 2021/02/05 4:15 p.m.12 views

Stack overflow

Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service crash via vectors related to a file path...

5CVSS7.4AI score0.01787EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder