CVE-2022-29062

Multiple relative path traversal vulnerabilities CWE-23 in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests...

CVE-2022-29062

Multiple relative path traversal vulnerabilities CWE-23 in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests...

CVE-2022-29062

Multiple relative path traversal vulnerabilities CWE-23 in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests...

PT-2022-19397 · Fortinet · Fortisoar

Name of the Vulnerable Software and Affected Versions: Fortinet FortiSOAR versions prior to 7.2.1 Description: The issue allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests, due to multiple relative path traversal vulnerabilities...

GO-2022-0190 Directory traversal via "go get" command in cmd/go

The "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly brace both '' and '' characters. Specifically, it is only vulnerable in GOPATH mode, but not in module mode the distinction is documented at...

CVE-2022-24897 Arbitrary filesystem write access from Velocity

APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Starting with version 2.3 and prior to 12.6.7, 12.10.3, and 13.0, the velocity scripts are not properly sandboxed against using the Java File API to perform read or write operations on the filesystem...

Moderate: Red Hat Security Advisory: Red Hat Quay v3.4.0 security update

Red Hat Quay 3.4.0 is now available with bug fixes and various enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

DEBIAN-CVE-2020-8131

Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package...

CVE-2020-8131

Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package...

Design/Logic Flaw

Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package...

CVE-2020-8131

Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package...

CVE-2019-19460

An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege. An attacker who is able to exploit CVE-2019-19458 or CVE-2019-19459 is basically able to write to...

openSUSE Security Update : go1.11 (openSUSE-2019-1018)

This new package for go1.11 fixes the following issues: Security issues fixed : - CVE-2018-16873: Fixed a remote code execution in go get, when executed with the -u flag bsc1118897 - CVE-2018-16874: Fixed an arbitrary filesystem write in go get, which could lead to code execution bsc1118898 -...

openSUSE: Security Advisory for go1.11 (openSUSE-SU-2018:4181-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : go1.11 (openSUSE-2018-1572)

This new package for go1.11 fixes the following issues: Security issues fixed : - CVE-2018-16873: Fixed a remote code execution in go get, when executed with the -u flag bsc1118897 - CVE-2018-16874: Fixed an arbitrary filesystem write in go get, which could lead to code execution bsc1118898 -...

Security update for go1.11 (important)

This new package for go1.11 fixes the following issues: Security issues fixed: - CVE-2018-16873: Fixed a remote code execution in go get, when executed with the -u flag bsc1118897 - CVE-2018-16874: Fixed an arbitrary filesystem write in go get, which could lead to code execution bsc1118898 -...

Directory traversal

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces both '' and '' characters. Specifically, it is only vulnerable in GOPATH mode, but not in module mode th...

CVE-2018-16874

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces both '' and '' characters. Specifically, it is only vulnerable in GOPATH mode, but not in module mode th...

CVE-2018-16874

Removed by vendor...

CVE-2018-5340

An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: database access using a superuser account specifically, an account with permission to write to the filesystem via SQL queries...