Lucene search
K

218 matches found

BDU FSTEC
BDU FSTEC
added 2022/08/31 12:0 a.m.8 views

The vulnerability of microprogrammed network device software from Zyxel models USG FLEX 100(W), USG FLEX 200, USG FLEX 500, USG FLEX 700, USG FLEX 50(W), USG20(W)-VPN, ATP, VPN, USG/ZyWALL arises due to incorrect path name restrictions in the access-controlled catalog. This allows attackers to disclose sensitive information.

The vulnerability of microprogrammed network devices such as Zyxel USG FLEX 100W, USG FLEX 200, USG FLEX 500, USG FLEX 700, USG FLEX 50W, USG20W-VPN, ATP, VPN, USG/ZyWALL exists due to incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability can allow a...

6.8CVSS6.8AI score0.00983EPSS
Exploits0References3Affected Software8
BDU FSTEC
BDU FSTEC
added 2022/07/29 12:0 a.m.8 views

The vulnerability of the Cisco IOx software platform arises from an incorrect limitation on the path name to the restricted access directory. This allows a malicious individual to read or write arbitrary files within the system.

The vulnerability of the Cisco IOx software platform exists due to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor to remotely read or write arbitrary files in the system by sending a specially crafted HTTP reques...

8CVSS7.2AI score0.01414EPSS
Exploits0References3Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/07/26 12:0 a.m.6 views

The vulnerability of the Cisco IOX software platform arises from an incorrect limitation on the path name to the restricted access catalog, allowing a perpetrator to execute arbitrary code.

The vulnerability of the Cisco IOx software platform exists due to an incorrect limitation on the path name to the restricted access catalog. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9CVSS7.5AI score0.02531EPSS
Exploits1References4Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/06/22 12:0 a.m.6 views

The vulnerability of the Intel® Management Engine driver, related to incorrect path name restrictions for restricted access directories, allows a hacker to execute arbitrary code.

The vulnerability of the Intel® Management Engine is related to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

8.4CVSS5.9AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/06/14 12:0 a.m.8 views

The vulnerability of the Cisco IOx software platform arises from an incorrect limitation on the path name to the restricted access directory, allowing a perpetrator to execute arbitrary code.

The vulnerability of the Cisco IOx software platform exists due to an incorrect limitation on the path name to the restricted access catalog. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

7.5CVSS7.5AI score0.01987EPSS
Exploits1References4Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/05/30 12:0 a.m.10 views

The vulnerability lies in the implementation of the --no-clobber and --remove-on-error options in the cURL command-line utility, which allow a malicious user to delete any files they desire.

The vulnerability of the --no-clobber and --remove-on-error command-line utilities of cURL is related to the use of incorrect path names. Exploiting this vulnerability could allow a remote attacker to delete any files they desire...

3.1CVSS6.5AI score0.03453EPSS
Exploits1References11Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/05/18 12:0 a.m.4 views

The vulnerability in Node.js’s Node-tar module for processing tar archives stems from a flaw in the pathname limitation of the directory handling mechanism. This allows attackers to create, overwrite arbitrary files, and execute arbitrary code.

The vulnerability of the Node.js module for processing tar archives with the Node-tar package is related to deficiencies in pathname restrictions for directories. Exploiting this vulnerability allows an attacker to create, overwrite arbitrary files, and execute arbitrary code using a specially...

8.6CVSS7.2AI score0.0185EPSS
Exploits0References10Affected Software9
BDU FSTEC
BDU FSTEC
added 2022/05/17 12:0 a.m.8 views

The vulnerability of the print spooler daemon in Windows operating systems allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the Windows Print Spooler in operating systems related to Windows printing is related to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability can allow a malicious individual to gain unauthorized access to protected...

5.5CVSS6.6AI score0.0123EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2022/04/28 12:0 a.m.17 views

The vulnerability of the networkd-dispatcher component, which manages connection states in Linux operating systems, and is part of the Systemd subsystem responsible for service initialization and management, allows a malicious actor to escalate their privileges or execute arbitrary code.

The vulnerability of the networkd-dispatcher component, which manages connection states and initializes services within Systemd on Linux operating systems, exists due to an incorrect path name limitation for the restricted access directory. Exploiting this vulnerability could allow an attacker to...

8.4CVSS5.8AI score0.11667EPSS
Exploits3References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/27 12:0 a.m.8 views

The vulnerability of the C-Bus Toolkit software exists due to an incorrect limitation on the path name to the restricted access directory, allowing a perpetrator to execute arbitrary code.

The vulnerability of the C-Bus Toolkit software exists due to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9CVSS7.2AI score0.30534EPSS
Exploits1References5Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/04/27 12:0 a.m.8 views

The vulnerability of the C-Bus Toolkit software exists due to an incorrect limitation on the path name to the restricted access directory, allowing a perpetrator to execute arbitrary code.

The vulnerability of the C-Bus Toolkit software exists due to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code during the file loading process...

9CVSS8AI score0.40582EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/21 12:0 a.m.11 views

The vulnerability of the Cisco IOx software platform arises from an incorrect limitation on the path name to the restricted access directory, allowing a perpetrator to execute arbitrary code.

The vulnerability of the Cisco IOx software platform exists due to an incorrect limitation on the path name to the restricted access catalog. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

7.5CVSS7.5AI score0.02325EPSS
Exploits1References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/04/20 12:0 a.m.10 views

The vulnerability of the interactive graphical SCADA system, Interactive Graphical SCADA System (IGSS), arises due to an incorrect restriction on the name of the path to the restricted access catalog. This allows a intruder to execute arbitrary code.

The vulnerability of the Interactive Graphical SCADA System IGSS exists due to an incorrect restriction on the name of the path to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code using a specially created...

10CVSS8.2AI score0.03463EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/03/17 9:15 p.m.5 views

CVE-2022-26500

Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code...

8.8CVSS7.8AI score0.05942EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2022/03/11 12:0 a.m.8 views

The vulnerability of the interactive graphical SCADA system, Interactive Graphical SCADA System (IGSS), arises due to an incorrect restriction on the name of the path to the restricted access catalog. This allows a intruder to execute arbitrary code.

The vulnerability of the Interactive Graphical SCADA System IGSS exists due to an incorrect restriction on the name of the path to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code using a specially created...

10CVSS8.2AI score0.03505EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/02/16 12:0 a.m.4 views

The vulnerability of the IBM Planning Analytics and IBM Planning Analytics Workspace software lies in the incorrect limitation of the path name to the restricted access catalog, allowing a perpetrator to execute arbitrary code.

The vulnerability of IBM Planning Analytics’ software is related to incorrect restrictions on the path name to the restricted-access catalog. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

10CVSS5.9AI score
Exploits0References1Affected Software2
Github Security Blog
Github Security Blog
added 2022/02/15 1:57 a.m.44 views

containernetworking/cni improper limitation of path name

An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the syste...

7.2CVSS7.1AI score0.01525EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/02/01 12:0 a.m.4 views

The vulnerability of operating systems such as iOS, iPadOS, tvOS, watchOS, and macOS arises from incorrect restrictions on path names in restricted access directories, allowing attackers to compromise the integrity of protected information.

The vulnerability of iOS, iPadOS, tvOS, watchOS, and macOS lies in improper restrictions on path names in restricted access directories. Exploiting this vulnerability can allow attackers to compromise the integrity of protected information...

5.5CVSS5.9AI score0.00367EPSS
Exploits0References8Affected Software5
BDU FSTEC
BDU FSTEC
added 2022/01/17 12:0 a.m.8 views

The vulnerability of the sound output utility, which uses the computer’s built-in speaker to emit beeps, stems from deficiencies in path name restriction. This allows a violator to trigger a service failure.

The vulnerability of the sound output utility, which uses the computer’s built-in speaker for beeping, is related to deficiencies in path name restriction. Exploiting this vulnerability could allow a hacker to cause a service failure...

4.7CVSS5.8AI score0.0035EPSS
Exploits0References5Affected Software3
BDU FSTEC
BDU FSTEC
added 2021/12/03 12:0 a.m.6 views

The vulnerability in the web interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager SME, Cisco Unified Communications Manager Im & Presence Service, and Cisco Unity Connection allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Web interface for controlling Cisco Unified Communications Manager, Cisco Unified Communications Manager SME, Cisco Unified Communications Manager Im & Presence Service, and Cisco Unity Connection is related to incorrect path name restrictions in the access control catalo...

4.3CVSS5.5AI score0.01513EPSS
Exploits0References3Affected Software4
Rows per page
Query Builder