CVE-2021-36288

Dell VNX2 for File version 8.1.21.266 and earlier, contain a path traversal vulnerability which may lead unauthenticated users to read/write restricted files...

Insecure temporary file usage in SWHKD

SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service...

CVE-2021-30497

Ivanti Avalanche Premise 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive...

Jenkins Continuous Integration with Toad Edge Plugin访问控制错误漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An access control error vulnerability exis...

Barco Control Room Management Suite Directory Traversal

I. SUMMARY Title: CVE-2022-2623 Barco Control Room Management Suite File Path Traversal Vulnerability Product: Barco Control Room Management Suite before 2.9 build 0275 and all prior versions Vulnerability Type: File Path Traversal Credit by/Researcher: Murat Aydemir from Accenture Cyber Security...

AZL-9292 CVE-2022-28356 affecting package kernel for versions less than 5.15.37.1-2

In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/afllc.c...

IdeaRe SpA IdeaRE RefTree path traversal vulnerability

IdeaRe SpA IdeaRE RefTree is a web application for managing complex real estate situations from IdeaRe SpA, Italy. path traversal vulnerability exists in versions of IdeaRe SpA IdeaRE RefTree prior to 2021.09.17. The vulnerability stems from the failure of a web system or product to properly filt...

Jenkins Tests Selector Plugin跨站脚本漏洞

Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.A cross-site scripting vulnerability exists in Jenkins Tests Selector Plugin 1.3.3 and earlier versions, which stems from an unescaped...

GHSA-8HH2-RXM8-7FJ8 Missing permission check in Jenkins Continuous Integration with Toad Edge Plugin

A missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

SWHKD 后置链接漏洞

SWHKD is a display protocol independent hotkey daemon made in Rust. A denial of service vulnerability exists in SWHKD version 1.1.5, which stems from the insecure use of the /tmp/swhks.pid pathname and can be exploited by an attacker to potentially cause a denial of service...

CVE-2022-28159

Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-28147

A missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

Jenkins Continuous Integration with Toad Edge Plugin 访问控制错误漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An access control error vulnerability exis...

PT-2022-18846 · Jenkins +1 · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins Continuous Integration with Toad Edge Plugin versions 2.3 and earlier Description: A missing permission check allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins...

Design/Logic Flaw

The parsing mechanism that processes certain file types does not provide input sanitization for file paths. This may allow an attacker to craft malicious files that, when opened by Rockwell Automation Connected Components Workbench v12.00.00 and prior, can traverse the file system. If successfull...

CVE-2021-27471

The CVE-2021-27471 vulnerability affects Rockwell Automation Connected Components Workbench (CCW) v12.00.00 and earlier, arising from a parsing mechanism that does not sanitize file-path inputs, enabling path traversal when opening crafted files. This could allow an attacker to overwrite existing...

Exploit for CVE-2021-21983

CVE-2021-21975 VMware vRealize Operations vROps Manager API...

Denial Of Service (DoS)

nicotine-plus is vulnerable to denial of service. The fileisshared function of shares.py does not properly handle invalid file paths in the file download requests, allowing an attacker to crash the application by providing null characters to the file path...

Nicotine+ DoS on Null Character in Download Request

Denial of service DoS vulnerability in Nicotine+ starting with version 3.0.3 and prior to version 3.2.1 allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character...

CVE-2021-45848

Denial of service DoS vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character...