CVE-2021-1237

A vulnerability in the Network Access Manager and Web Security Agent components of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL injection attack. To exploit this vulnerability, the attacker would need to have valid credentials o...

Cisco AnyConnect Secure Mobility Client for Windows 代码问题漏洞

Cisco AnyConnect Secure Mobility Client for Windows is a Windows-based secure mobility client from Cisco that provides secure access to networks and applications from any device. A security vulnerability exists in the Cisco AnyConnect Secure Mobility Client for Windows that stems from insufficien...

CVE-2020-28672

MonoCMS Blog 1.0 is affected by incorrect access control that can lead to remote arbitrary code execution. At monofiles/category.php:27, user input can be saved to category/foldername/index.php causing RCE...

CVE-2020-25845

Multiple functions of NHIServiSignAdapter failed to verify the users’ file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential...

CVE-2020-25845

Multiple functions of NHIServiSignAdapter failed to verify the users’ file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential...

CVE-2020-25842

The encryption function of NHIServiSignAdapter fail to verify the file path input by users. Remote attacker can access arbitrary files through the flaw without privilege...

CVE-2020-25842

The encryption function of NHIServiSignAdapter fail to verify the file path input by users. Remote attacker can access arbitrary files through the flaw without privilege...

Design/Logic Flaw

The digest generation function of NHIServiSignAdapter has not been verified for source file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential...

Design/Logic Flaw

Multiple functions of NHIServiSignAdapter failed to verify the users’ file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential...

CVE-2020-25842

The CVE-2020-25842 entry concerns NHIServiSignAdapter, where the encryption function fails to verify the file path input by users, enabling a remote attacker to access arbitrary files without privileges. Root cause: improper input/path validation. Impact: potential arbitrary file disclosure. The ...

VulnCheck KEV: CVE-2010-3313

phpgwapi/js/fckeditor/editor/dialog/fckspellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary...

CVE-2020-26954

When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on...

Insecure Configuration

perl allows for insecure configuration. A race condition in the rmtree and removetree functions in the File-Path module allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic...

USN-4651-1 mysql-8.0 vulnerabilities

Tom Reynolds discovered that due to a packaging error, the MySQL X Plugin was listening to all network interfaces by default, contrary to expectations. This update changes the default MySQL configuration to bind the MySQL X Plugin to localhost only. This change may impact environments where the...

PT-2020-13490 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 8.12 through 13.3.8 GitLab EE versions 13.4 through 13.4.4 GitLab EE versions 13.5 through 13.5.1 Description: An issue has been discovered in GitLab EE where a regular expression related to a file path resulted in the...

Path Traversal

node-downloader-helper is vulnerable to path traversal. Lack of sanitization of user-provided file path allows malicious server to traverse the file path in victim machine and install an executable in the start up folder...

MGASA-2020-0407 Updated openldap packages fix a security vulnerability

A vulnerability in the handling of normalization with modrdn was discovered in OpenLDAP. An unauthenticated remote attacker can use this flaw to cause a denial of service slapd daemon crash via a specially crafted packet CVE-2020-25692. Also, the PID file path in the systemd service was fixed to...

Path traversal

A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw...

webkitgtk: Incorrect processing of file URLs

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed...

new module: perl:5.30

An update is available for perl-Pod-Perldoc, perl-DBI, perl-Pod-Escapes, perl-Devel-PPPort, perl-Pod-Usage, perl-Sub-Exporter, perl-perlfaq, perl-Object-HashBase, perl-CPAN-Meta-YAML, perl-Digest, perl-podlators, perl-bignum, perl-Text-ParseWords, perl-Text-Template, perl-DBD-MySQL, perl-Text-Glo...