251 matches found
Certain HP and Samsung printer software - Potential elevation of privileges
Certain HP and Samsung Printer software packages may potentially be vulnerable to elevation of privilege due to Uncontrolled Search Path Element. Update the printer software...
curl: SFTP path ~ resolving discrepancy
A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...
PT-2023-14052 · Intel · Intel Vtune Profiler
Name of the Vulnerable Software and Affected Versions: IntelR VTuneTM Profiler versions prior to 2023.0 Description: The issue is related to an uncontrolled search path element in the IntelR VTuneTM Profiler software. This may allow an authenticated user to potentially enable escalation of...
Intel VTune Profiler 代码问题漏洞
Intel VTune Profiler is a performance testing tool for optimized software from Intel USA. The software performs performance testing of IoT embedded applications, media software, Java applications, and high-performance computing applications. A security vulnerability exists in Intel VTune Profiler...
CVE-2022-34755
A CWE-427 - Uncontrolled Search Path Element vulnerability exists that could allow an attacker with a local privileged account to place a specially crafted file on the target machine, which may give the attacker the ability to execute arbitrary code during the installation process initiated by a...
CVE-2022-34755
CVE-2022-34755 affects Schneider Electric Easergy Builder Installer (versions ≤ 1.7.23). It is caused by an uncontrolled search path element, allowing a locally privileged attacker to place a crafted file and potentially execute arbitrary code during the installation process initiated by a valid ...
A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.
...
DEBIAN-CVE-2023-27534
A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...
CVE-2022-26062
Uncontrolled search path element in the IntelR Trace Analyzer and Collector before version 2021.6 for IntelR oneAPI HPC Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2022-26032
Uncontrolled search path element in the IntelR Distribution for Python programming language before version 2022.1 for IntelR oneAPI Toolkits may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2022-26076
Uncontrolled search path element in the IntelR oneAPI Deep Neural Network oneDNN before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access...
PT-2023-12852 · Intel · Intel Distribution For Python
Name of the Vulnerable Software and Affected Versions: IntelR Distribution for Python versions prior to 2022.1 for IntelR oneAPI Toolkits Description: The issue is related to an uncontrolled search path element in the IntelR Distribution for Python programming language, which may allow an...
SUSE CVE-2013-0767
The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary...
Code injection
Uncontrolled Search Path Element in Checkmk Agent in Tribe29 Checkmk before 2.1.0p1, before 2.0.0p25 and before 1.6.0p29 on a Checkmk server allows the site user to escalate privileges via a manipulated unixcat executable...
The vulnerability of Zoom video conferencing software relates to an uncontrolled search path element, allowing attackers to elevate their privileges to that of the SYSTEM user.
The vulnerability of Zoom video conferencing software is related to an uncontrolled element in the search process. Exploiting this vulnerability can allow a hacker to elevate their privileges to that of the SYSTEM user...
Code injection
Uncontrolled Search Path Element in GitHub repository bits-and-blooms/bloom prior to 3.3.1...
CVE-2023-0247
CVE-2023-0247 affects the Go library bits-and-blooms/bloom, with versions prior to 3.3.1 vulnerable to an Uncontrolled Search Path Element. The issue originates from how the application resolves search paths, enabling potential path hijacking. Affected product/version: bits-and-blooms/bloom befor...
AVEVA Edge
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: Edge Vulnerabilities: Uncontrolled Search Path Element, Exposure of Sensitive Information to an Unauthorized Actor, Uncontrolled Resource Consumption, Improper Access Control, Windows...
NEC Expresscluster X 代码问题漏洞
NEC Expresscluster X is a specialized high availability cluster software from Nippon Electric NEC. It is used to enable fast restore functions and continuously protect critical applications and data. A security vulnerability exists in NEC Expresscluster X 5.0 for Windows and prior versions,...
CVE-2022-2006 AutomationDirect C-more EA9 HMI Uncontrolled Search Path Element
AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL versions prior to...