The vulnerability of the “Termide Virtual Desktops Connection Manager” software server arises from an improper limitation on the path name to the restricted access catalog, allowing a perpetrator to gain access to any file in the file system.

The vulnerability of the “Termide Virtual Desktops Connection Manager” software complex is related to an incorrect limitation on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to any file in the file system by...

The vulnerability of the server for the Continuous Integration and Delivery (CI/CD) system GoCD arises due to an incorrect path name limitation for the restricted access directory. This allows a malicious actor to execute arbitrary code.

The vulnerability of the CI/CD GoCD server exists due to an incorrect pathname limitation for the access-controlled directory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The software’s vulnerability in integrating the SpaceLogic system management system with the C-Bus SpaceLogic C-Bus Toolkit allows unauthorized access to files by attackers, due to deficiencies in path name limitation.

The vulnerability of the SpaceLogic system integration software with the C-Bus SpaceLogic C-Bus Toolkit is related to deficiencies in path name limitation. Exploiting this vulnerability can allow an intruder to gain unauthorized access to files...

The vulnerability of the backup and recovery functions of Microsoft File Systems for the IBM Spectrum Protect Plus data protection software allows a perpetrator to disclose protected information.

The vulnerability of the backup and recovery functions of Microsoft’s file systems in the IBM Spectrum Protect Plus data protection platform is related to an incorrect limitation on the path name to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to...

The vulnerability of the networkd-dispatcher component, which manages connection states in Linux operating systems, and is part of the Systemd subsystem responsible for service initialization and management, allows a malicious actor to escalate their privileges or execute arbitrary code.

The vulnerability of the networkd-dispatcher component, which manages connection states and initializes services within Systemd on Linux operating systems, exists due to an incorrect path name limitation for the restricted access directory. Exploiting this vulnerability could allow an attacker to...

CVE-2022-26500

Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code...

The vulnerability of the fs/nfsd/nfs3xdr.c component in the Linux operating system allows a hacker to execute arbitrary code.

The vulnerability of the fs/nfsd/nfs3xdr.c component in the Linux operating system is related to an incorrect limitation on the path name for the restricted-access directory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by calling READDIRPLUS...

CVE-2021-20206

An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the syste...

CVE-2021-20206

An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the syste...

CVE-2021-20206

An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the syste...

CVE-2021-20206

CVE-2021-20206 involves containernetworking/cni before 0.8.1 where the network configuration field type can include path traversal ("../"), allowing an authenticated attacker to reference and execute binaries outside the plugin directory (e.g., reboot). Impact affects confidentiality, integrity, ...

CVE-2021-20206

An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the syste...

The vulnerability of the Cisco Webex Meetings Desktop App’s software lies in the incorrect path name limitation, which allows a malicious actor to execute arbitrary code.

The vulnerability of the Cisco Webex Meetings Desktop App software-related web conferencing software is related to an incorrect limitation on the path to the directory. Exploiting this vulnerability could allow a attacker to execute arbitrary code...

The vulnerability of the central control server of SiNVR 3 Central Control Server (CCS) arises from an incorrect path name limitation in the web interface download section, which allows a hacker to gain access to the server’s file system, enabling them to download files from the server and copy files from the server.

The vulnerability of the central control server of SiNVR 3 Central Control Server CCS is related to an incorrect path name limitation in the web interface download section, leading to access to restricted directories. Exploiting this vulnerability could allow a malicious actor to gain access to t...

The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Enterprise Server, and the Microsoft SharePoint Foundation software for electronic document management exists due to a faulty limitation on the path name to the restricted access catalog. This allows attackers to exploit the protected resources.

The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Enterprise Server, and the Microsoft SharePoint Foundation software exists due to an incorrect limitation on the path name to the restricted access catalog. Exploiting this vulnerability can allow a malicious actor to disclose...

The vulnerability of the DashboardFileReceiveServlet in the network management system by Brocade Network Advisor allows a attacker to upload a malicious file into the file system, where it can be executed.

The vulnerability of the DashboardFileReceiveServlet in the IP and SAN network management system exists due to an incorrect path name limitation in the access control mechanism. Exploiting this vulnerability allows a malicious actor to download a malicious file into the file system, where it can ...