Lucene search
K

101 matches found

Ubuntu
Ubuntu
added 2020/11/04 12:7 p.m.66 views

USN-4616-2: AccountsService vulnerabilities

USN-4616-1 fixed several vulnerabilities in AccountsService. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Kevin Backhouse discovered that AccountsService incorrectly dropped privileges. A local user could possibly use this issue to cause...

6.5CVSS6.5AI score0.03086EPSS
Exploits3
OSV
OSV
added 2020/11/03 3:16 p.m.6 views

USN-4616-1 accountsservice vulnerabilities

Kevin Backhouse discovered that AccountsService incorrectly dropped privileges. A local user could possibly use this issue to cause AccountsService to crash or hang, resulting in a denial of service. CVE-2020-16126 Kevin Backhouse discovered that AccountsService incorrectly handled reading...

6.5CVSS6.7AI score0.03086EPSS
Exploits4References4
BDU FSTEC
BDU FSTEC
added 2020/10/14 12:0 a.m.6 views

The vulnerability of the process-interaction channel of the Cisco AnyConnect Secure Mobility Client software allows a perpetrator to execute arbitrary code.

The vulnerability of the process-interaction channel of the Cisco AnyConnect Secure Mobility Client software-related client software is related to errors in the mechanism for checking the path to dynamically attached libraries. Exploiting this vulnerability can allow an attacker to execute...

7.8CVSS7.5AI score0.10049EPSS
Exploits5References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/09/24 12:0 a.m.5 views

The vulnerability of the graphical programming extension for Dynamo BIM lies in errors during the checking of the paths for loading dynamic libraries. This allows attackers to execute arbitrary code.

The vulnerability of Dynamo BIM’s graphical programming interface relates to errors in checking the path of dynamically loaded libraries. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

7.8CVSS7.5AI score0.00376EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/12/26 12:0 a.m.6 views

The vulnerability of the Cisco Webex Meetings Client and Cisco Webex Team software-related programs is related to deficiencies in access control, allowing attackers to execute arbitrary code.

The vulnerability of the Cisco Webex Meetings Client and Cisco Webex Team software-related programs is related to errors in the mechanism for checking paths to dynamically linked libraries. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

5.3CVSS6.2AI score0.00377EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2019/11/25 12:0 a.m.3 views

The vulnerability of the RubyGems package management system’s installation mechanism allows a hacker to write any files into the device’s file system.

The vulnerability of the RubyGems package management system is related to errors in restricting the path name of the restricted directory. Exploiting this vulnerability could allow an attacker to write any files into the device’s file system...

5.5CVSS6.8AI score0.02876EPSS
Exploits0References13Affected Software5
BDU FSTEC
BDU FSTEC
added 2019/09/05 12:0 a.m.5 views

The vulnerability of the ServiceInstance.dll library in the Bitdefender Antivirus Free 2020 antivirus software allows a malicious actor to escalate their privileges.

The vulnerability of the ServiceInstance.dll library in the Bitdefender Antivirus Free 2020 antivirus tool is related to errors in checking the paths of dynamically loaded libraries. Exploiting this vulnerability can allow attackers to increase their privileges...

5.9CVSS5.5AI score0.01423EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2019/05/22 2:7 p.m.34 views

CVE-2019-12277

Blogifier 2.3 before 2019-05-11 does not properly restrict APIs, due to missing checks for .. in a pathname. This creates an unrestricted API exposure that could allow an unauthenticated remote attacker to perform unauthorized actions via the API. The issue is patched in the 2.4 branch, with 2.5....

9.8CVSS9.4AI score0.01879EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/04/22 4:29 p.m.3 views

DEBIAN-CVE-2019-3902

A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository...

5.9CVSS7.8AI score0.01413EPSS
Exploits0References1
OSV
OSV
added 2019/04/22 4:29 p.m.2 views

ALPINE-CVE-2019-3902

A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository...

5.9CVSS6.6AI score0.01413EPSS
Exploits0References1
OSV
OSV
added 2019/04/22 12:0 a.m.2 views

UBUNTU-CVE-2019-3902

A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository...

5.9CVSS6.4AI score0.01413EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2019/02/26 12:0 a.m.6 views

The vulnerability of the Zyxel VMG1312-B10D router’s microprogramming software arises from deficiencies in the checking of path names for access-limited directories. This vulnerability allows attackers to gain access to protected information.

The vulnerability of Zyxel VMG1312-B10D router microprogramming software is related to deficiencies in the checking of path names to restricted access directories. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to protected information by using a specially...

5.3CVSS7.2AI score0.09759EPSS
Exploits1References2
CNVD
CNVD
added 2018/08/20 12:0 a.m.1 views

File Upload Vulnerability in Servcorp Highway Project Management Information System

Servcorp Highway Project Management Information System is an engineering project management platform developed for project participants. A file upload vulnerability exists in the Servcorp Expressway Project Management Information System. The vulnerability stems from the failure to strictly restri...

7.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2018/08/03 12:0 a.m.13 views

The vulnerability of the extractDir function in the JICompress component of the QuaZIP library allows a hacker to execute arbitrary code.

The vulnerability of the extractDir function in the JICompress component JlCompress.cpp from the QuaZIP library is related to deficiencies in checking the path name of the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a...

10CVSS6AI score0.0595EPSS
Exploits0References8Affected Software1
Veracode
Veracode
added 2018/06/25 7:44 a.m.15 views

Arbitrary File Write

orientdb-core is vulnerable to arbitrary file writes. The application does not properly check on the file path during extraction, allowing arbitrary files to be written in other directories...

6.8AI score
Exploits0
CNVD
CNVD
added 2015/11/19 12:0 a.m.4 views

Sudo sudoedit Unauthorized Access Vulnerability

Sudo is a program developed by software developer Todd C. Miller for use on Unix-like operating systems that allows users to execute commands in a secure manner with special privileges. A security vulnerability exists in sudoedit in versions of Sudo prior to 1.8.15. Due to the program failing to...

7.2CVSS7.9AI score0.01458EPSS
Exploits5References1
Tenable Nessus
Tenable Nessus
added 2015/07/07 12:0 a.m.64 views

openSUSE Security Update : php5 (openSUSE-2015-471)

The PHP script interpreter was updated to receive various security fixes : - CVE-2015-4602 bnc935224: Fixed an incomplete Class unserialization type confusion. - CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 bnc935226: Fixed type confusion issues in unserialize with various SOAP methods. -...

10CVSS7AI score0.16948EPSS
Exploits13References20
OPENSUSE Linux
OPENSUSE Linux
added 2015/07/06 10:5 a.m.62 views

Security update for php5 (important)

The PHP script interpreter was updated to receive various security fixes: CVE-2015-4602 bnc935224: Fixed an incomplete Class unserialization type confusion. CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 bnc935226: Fixed type confusion issues in unserialize with various SOAP methods. CVE-2015-4603...

10CVSS1.4AI score0.16948EPSS
Exploits13References8
RedHat Linux
RedHat Linux
added 2015/06/25 8:43 a.m.3 views

php: missing null byte checks for paths in various PHP extensions

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...

5.3CVSS7.2AI score0.04094EPSS
Exploits1References4
CNVD
CNVD
added 2015/06/23 12:0 a.m.4 views

PHP Null Pointer Reference Limit Bypass Vulnerability

PHP is a general-purpose scripting language. A security vulnerability exists in PHP due to a missing path in multiple extensions of the program or a null byte check in the path parameter of certain functions, which allows remote attackers to bypass target file system access restrictions and acces...

6.5CVSS6.8AI score0.03439EPSS
Exploits1References1
Rows per page
Query Builder