101 matches found
USN-4616-2: AccountsService vulnerabilities
USN-4616-1 fixed several vulnerabilities in AccountsService. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Kevin Backhouse discovered that AccountsService incorrectly dropped privileges. A local user could possibly use this issue to cause...
USN-4616-1 accountsservice vulnerabilities
Kevin Backhouse discovered that AccountsService incorrectly dropped privileges. A local user could possibly use this issue to cause AccountsService to crash or hang, resulting in a denial of service. CVE-2020-16126 Kevin Backhouse discovered that AccountsService incorrectly handled reading...
The vulnerability of the process-interaction channel of the Cisco AnyConnect Secure Mobility Client software allows a perpetrator to execute arbitrary code.
The vulnerability of the process-interaction channel of the Cisco AnyConnect Secure Mobility Client software-related client software is related to errors in the mechanism for checking the path to dynamically attached libraries. Exploiting this vulnerability can allow an attacker to execute...
The vulnerability of the graphical programming extension for Dynamo BIM lies in errors during the checking of the paths for loading dynamic libraries. This allows attackers to execute arbitrary code.
The vulnerability of Dynamo BIM’s graphical programming interface relates to errors in checking the path of dynamically loaded libraries. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The vulnerability of the Cisco Webex Meetings Client and Cisco Webex Team software-related programs is related to deficiencies in access control, allowing attackers to execute arbitrary code.
The vulnerability of the Cisco Webex Meetings Client and Cisco Webex Team software-related programs is related to errors in the mechanism for checking paths to dynamically linked libraries. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the RubyGems package management system’s installation mechanism allows a hacker to write any files into the device’s file system.
The vulnerability of the RubyGems package management system is related to errors in restricting the path name of the restricted directory. Exploiting this vulnerability could allow an attacker to write any files into the device’s file system...
The vulnerability of the ServiceInstance.dll library in the Bitdefender Antivirus Free 2020 antivirus software allows a malicious actor to escalate their privileges.
The vulnerability of the ServiceInstance.dll library in the Bitdefender Antivirus Free 2020 antivirus tool is related to errors in checking the paths of dynamically loaded libraries. Exploiting this vulnerability can allow attackers to increase their privileges...
CVE-2019-12277
Blogifier 2.3 before 2019-05-11 does not properly restrict APIs, due to missing checks for .. in a pathname. This creates an unrestricted API exposure that could allow an unauthenticated remote attacker to perform unauthorized actions via the API. The issue is patched in the 2.4 branch, with 2.5....
DEBIAN-CVE-2019-3902
A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository...
ALPINE-CVE-2019-3902
A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository...
UBUNTU-CVE-2019-3902
A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository...
The vulnerability of the Zyxel VMG1312-B10D router’s microprogramming software arises from deficiencies in the checking of path names for access-limited directories. This vulnerability allows attackers to gain access to protected information.
The vulnerability of Zyxel VMG1312-B10D router microprogramming software is related to deficiencies in the checking of path names to restricted access directories. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to protected information by using a specially...
File Upload Vulnerability in Servcorp Highway Project Management Information System
Servcorp Highway Project Management Information System is an engineering project management platform developed for project participants. A file upload vulnerability exists in the Servcorp Expressway Project Management Information System. The vulnerability stems from the failure to strictly restri...
The vulnerability of the extractDir function in the JICompress component of the QuaZIP library allows a hacker to execute arbitrary code.
The vulnerability of the extractDir function in the JICompress component JlCompress.cpp from the QuaZIP library is related to deficiencies in checking the path name of the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a...
Arbitrary File Write
orientdb-core is vulnerable to arbitrary file writes. The application does not properly check on the file path during extraction, allowing arbitrary files to be written in other directories...
Sudo sudoedit Unauthorized Access Vulnerability
Sudo is a program developed by software developer Todd C. Miller for use on Unix-like operating systems that allows users to execute commands in a secure manner with special privileges. A security vulnerability exists in sudoedit in versions of Sudo prior to 1.8.15. Due to the program failing to...
openSUSE Security Update : php5 (openSUSE-2015-471)
The PHP script interpreter was updated to receive various security fixes : - CVE-2015-4602 bnc935224: Fixed an incomplete Class unserialization type confusion. - CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 bnc935226: Fixed type confusion issues in unserialize with various SOAP methods. -...
Security update for php5 (important)
The PHP script interpreter was updated to receive various security fixes: CVE-2015-4602 bnc935224: Fixed an incomplete Class unserialization type confusion. CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 bnc935226: Fixed type confusion issues in unserialize with various SOAP methods. CVE-2015-4603...
php: missing null byte checks for paths in various PHP extensions
It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...
PHP Null Pointer Reference Limit Bypass Vulnerability
PHP is a general-purpose scripting language. A security vulnerability exists in PHP due to a missing path in multiple extensions of the program or a null byte check in the path parameter of certain functions, which allows remote attackers to bypass target file system access restrictions and acces...