The vulnerability of the REST API interface of the Cisco Data Center Network Manager system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the REST API interface of the Cisco Data Center Network Manager DCNM system exists due to an incorrect restriction on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and...

The vulnerabilities of the xAPI microprogramming software components of Cisco TelePresence Collaboration Endpoint (CE), Cisco TelePresence Codec (TC), and the operating system Cisco RoomOS allow attackers to gain unauthorized access to protected information and write arbitrary files to the device’s file system.

The vulnerability of the xAPI microprogramming software components of Cisco TelePresence Collaboration Endpoint, Cisco TelePresence Codec, and the operating system Cisco RoomOS exists due to an incorrect limitation on the path name to the restricted directory. Exploiting this vulnerability can...

The vulnerability of the “/absolute/pathname/here” component of the McAfee Advanced Threat Defense security tool, which allows a perpetrator to gain access to files in the local file system.

The vulnerability of the “/absolute/pathname/here” component of the McAfee Advanced Threat Defense security tool exists due to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to...

The vulnerability of the command-line tools for package managers NPM and Yarn allows a hacker to write arbitrary files.

The vulnerability of the command-line tools for package managers NPM and Yarn exists due to an incorrect limitation on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to write arbitrary files by creating symbolic links to files outside the module...

The vulnerability of the command-line tools for package managers NPM and Yarn allows a attacker to re-record any files in the target directory.

The vulnerability of the command-line tools for package managers NPM and Yarn exists due to an incorrect limitation on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to rewrite any files in the target directory remotely...

The vulnerability of the Dir.mktmpdir method in the tmpdir library of the Ruby interpreter allows a malicious actor to write arbitrary files to the file system.

The vulnerability of the Dir.mktmpdir method in the tmpdir library of the Ruby interpreter exists due to an incorrect restriction on the path name of the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to write arbitrary files to the file...

The vulnerability in the newsrc.c component of the NeoMutt email client allows a hacker to compromise the integrity of the protected information.

The vulnerability in the newsrc.c component of the NeoMutt email client exists due to an incorrect limitation on the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor to compromise the integrity of the protected information...

The vulnerability of the `install_location` function in the RubyGems package management system allows a hacker to gain access to arbitrary files.

The vulnerability of the installlocation function in the RubyGems package management system exists due to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to arbitrary files...

The vulnerability of the Intl component in the Symfony software development and web application management platform allows attackers to disclose sensitive information that should be protected.

The vulnerability of the Intl component in the Symfony software development and web application management platform exists due to an incorrect path name limitation for the restricted access directory. Exploiting this vulnerability allows a malicious actor to disclose sensitive information by...

The vulnerability of the RubyGems package management system lies in the incorrect limitation of the path to the restricted access catalog, which allows an attacker to compromise data integrity.

The vulnerability of the RubyGems package management system is related to an incorrect limitation on the path to the restricted-access catalog. Exploiting this vulnerability could allow a malicious actor to compromise data integrity...

CVE-2019-11737

If a wildcard '' is specified for the host in Content Security Policy CSP directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly applied to content. This vulnerability affects Firefox 69...

CVE-2019-11737

CVE-2019-11737 affects Firefox prior to version 69. If a wildcard '*' is used for the host in Content Security Policy directives, any port or path restriction of the directive is ignored, causing CSP directives not to be properly enforced on content. The issue is a CSP host wildcard handling flaw...

The vulnerability of the SSL VPN web portal of the operating system FortiOS allows a hacker to gain access to system files.

The vulnerability of the SSL VPN web portal of the operating system FortiOS exists due to an incorrect path limitation to the restricted access directory. Exploiting this vulnerability could allow a malicious actor to gain access to system files by sending a specially crafted HTTP request...

The vulnerability of the McAfee Enterprise Security Manager system arises from an incorrect restriction on the path to the restricted directory. This allows attackers to elevate their privileges.

The vulnerability of the McAfee Enterprise Security Manager critical threat detection system exists due to an incorrect restriction on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...

PT-2019-2819 · Mcafee · Mcafee Enterprise Security Manager

Name of the Vulnerable Software and Affected Versions: McAfee Enterprise Security Manager versions prior to 11.2.0 McAfee Enterprise Security Manager versions prior to 10.4.0 Description: The issue allows an authenticated user to execute arbitrary code via specially crafted parameters. This is du...

The vulnerability in the web interface for managing Cisco Video Surveillance Manager allows a perpetrator to disclose protected information.

The vulnerability in the web interface for managing Cisco Video Surveillance Manager exists due to an incorrect restriction on the path to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to disclose protected information by sending specially crafted requests...

The vulnerability in the IBM SDK development tools arises from an incorrect limitation on the path name to the restricted access catalog. This allows attackers to compromise the integrity of the protected information.

The vulnerability of the IBM SDK development tools exists due to an incorrect limitation on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor, operating remotely, to compromise the integrity of protected information during the extraction o...

CVE-2019-3828

Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path...

The vulnerability of the Cisco Wireless LAN Controller’s web interface allows a perpetrator to disclose protected information.

The vulnerability of the Cisco Wireless LAN Controller web interface is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability can allow a malicious actor to disclose protected information...

PT-2018-3182 · Neomutt +4 · Neomutt +4

Name of the Vulnerable Software and Affected Versions: NeoMutt versions prior to 2018-07-16 Description: An issue exists due to the improper restriction of '/' characters in the newsrc.c component, potentially leading to unsafe interactions with cache pathnames. This could allow a remote attacker...