CVE-2020-23172

A vulnerability in all versions of Kuba allows attackers to overwrite arbitrary files in arbitrary directories with crafted Zip files due to improper validation of file paths in .zip archives...

The vulnerability of the OpenSSL library used in OpenVPN software allows a hacker to execute arbitrary code.

The vulnerability of the OpenSSL library used in OpenVPN software is related to errors in the path validation mechanism. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

多款华为产品路径遍历漏洞

Huawei Mate 20 and others are products of China's Huawei Huawei.Huawei Mate 20 is a smartphone.Huawei Honor Magic 2 is a smartphone.Huawei Mate 20 Pro is a smartphone.Huawei Mate 20 Pro is a smartphone.Huawei Mate 20 Pro is a smartphone.Huawei Mate 20 Pro is a smartphone.Huawei Mate 20 Pro is a...

SUSE: Security Advisory (SUSE-SU-2020:3359-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the KOMPAS 3D automated design system lies in its uncontrolled mechanism for checking the path of dynamically attached libraries. This allows a perpetrator to execute arbitrary code.

The vulnerability of the KOMPAS-3D three-dimensional modeling system is related to an uncontrolled mechanism for checking the path of dynamically attached libraries. Exploiting this vulnerability could allow a attacker to execute arbitrary code by replacing the DLL library...

CVE-2021-1525

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to redirect users to a malicious file. This vulnerability is due to improper validation of URL paths in the application interface. An attacker could exploit this vulnerability b...

Apple macOS Big Sur 输入验证错误漏洞

Apple macOS Big Sur is a mobile application app from Apple Inc. A security vulnerability exists in macOS Big Sur, which arises from incorrect file path validation within the App Store component, allowing malicious applications to bypass implemented security restrictions. Versions affected: macOS:...

CVE-2021-31913

In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirecturi were made during GitHub SSO token exchange...

CVE-2021-1532

A vulnerability in the video endpoint API xAPI of Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability is due to insufficient path validation o...

Parallels Desktop Toolgate Directory Traversal Arbitrary File Deletion Vulnerability

Parallels Desktop is a virtual machine software that runs on Mac computers. A security vulnerability exists in the Toolgate component in Parallels Desktop version 16.1.1-49141. The vulnerability stems from failure to properly validate a user-supplied path before using it in a file operation. An...

CVE-2021-31421

This vulnerability allows local attackers to delete arbitrary files on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists...

Apple tvOS 路径遍历漏洞

Apple tvOS is a smart TV operating system from Apple. A path traversal vulnerability exists in tvOS, which stems from insufficient directory path validation. The following products and versions are affected: tvOS: 14.0 18J386, 14.0.1 18J400, 14.0.2 18J411, 14.2 18K57, 14.3 18K561, 14.4 18K802, 14...

PT-2021-5288 · Apple · Ipados +4

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 11.3 iOS versions prior to 14.5 iPadOS versions prior to 14.5 watchOS versions prior to 7.4 tvOS versions prior to 14.5 Description: A parsing issue in the handling of directory paths was addressed with improved path...

CVE-2021-27278

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists withi...

Directory Traversal

flow-server is vulnerable to directory traversal. The attack is possible due to a lack of proper validation of URL path, allowing an attacker to inject ../ characters into in parameters to access resources outside of the web root...

SUSE: Security Advisory (SUSE-SU-2020:3159-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GO-2021-0099 Zip slip directory exploit in github.com/deislabs/oras

Due to improper path validation, using the github.com/deislabs/oras/pkg/content.FileStore content store may result in directory traversal during archive extraction, allowing a malicious archive to write paths to arbitrary paths that the process can write to...

CVE-2021-27250

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When...

VulnCheck KEV: CVE-2018-2380

SAP Customer Relationship Management CRM contains a path traversal vulnerability that allows an attacker to exploit insufficient validation of path information provided by users...

CVE-2021-27275

This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...