CVE-2021-27272

This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...

CVE-2021-27274

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MFileUploadController class. The issue results fr...

CVE-2021-27274

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MFileUploadController class. The issue results fr...

NETGEAR ProSAFE Network Management System 代码问题漏洞

Netgear NETGEAR is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between networks. A code issue vulnerability exists in the NETGEAR ProSAFE Network Management System, which arises from a failure to properly validate a...

CVE-2021-1492

The Duo Authentication Proxy installer prior to 5.2.1 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Duo...

DUO Duo Authentication Proxy 安全漏洞

DUO Authentication Proxy is an application from DUO USA Inc. It is used for authentication proxies. A security vulnerability in the DUO Authentication Proxy installer prior to version 5.2.1, which stems from failure to properly validate a file installation path, can be exploited by an attacker to...

The vulnerability of the executable file FortiClientOnlineInstaller.exe, a security tool from Fortinet’s FortiClient for Windows, allows a perpetrator to execute arbitrary code.

The vulnerability of the installation file FortiClientOnlineInstaller.exe, a security tool from Fortinet’s FortiClient for Windows, is related to errors in the path validation mechanism. Exploiting this vulnerability could allow an attacker to execute arbitrary code using specially uploaded DLL...

The vulnerability of the installation file FortiClientEMSOnlineInstaller.exe of the Fortinet FortiClient Enterprise Management Server (EMS) allows a perpetrator to execute arbitrary code.

The vulnerability of the installation file FortiClientEMSOnlineInstaller.exe of the Fortinet FortiClient Enterprise Management Server EMS server is related to errors in the path validation mechanism. Exploiting this vulnerability could allow an attacker to execute arbitrary code using specially...

openSUSE Security Update : librepo (openSUSE-2021-277)

This update for librepo fixes the following issues : - Upgrade to 1.12.1 + Validate path read from repomd.xml bsc1175475, CVE-2020-14352 - Changes from 1.12.0 + Prefer mirrorlist/metalink over baseurl rh1775184 + Decode package URL when using for local filename rh1817130 + Fix memory leak in...

OPENSUSE-SU-2021:0295-1 Security update for librepo

This update for librepo fixes the following issues: - Upgrade to 1.12.1 + Validate path read from repomd.xml bsc1175475, CVE-2020-14352 - Changes from 1.12.0 + Prefer mirrorlist/metalink over baseurl rh1775184 + Decode package URL when using for local filename rh1817130 + Fix memory leak in...

Security update for librepo (important)

openSUSE Security Update: Security update for librepo Announcement ID: openSUSE-SU-2021:0295-1 Rating: important References: 1175475 Cross-References: CVE-2020-14352 CVSS scores: CVE-2020-14352 NVD : 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2020-14352 SUSE: 8...

Security update for librepo (important)

openSUSE Security Update: Security update for librepo Announcement ID: openSUSE-SU-2021:0277-1 Rating: important References: 1175475 Cross-References: CVE-2020-14352 CVSS scores: CVE-2020-14352 NVD : 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2020-14352 SUSE: 8...

CVE-2020-27870

This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform 2020.2.1. Authentication is required to exploit this vulnerability. The specific flaw exists within ExportToPDF.aspx. The issue results from the lack of proper...

CentOS 8 : librepo (CESA-2020:3658)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:3658 advisory. - librepo: missing path validation in repomd.xml may lead to directory traversal CVE-2020-14352 Note that Nessus has not tested for this issue but has instead...

NEC ESMPRO Manager Information Disclosure Vulnerability

NEC ESMPRO Manager is a product from Nippon Electric NEC for managing NEC servers. The product supports management monitoring of server CPU load, memory usage, disk usage, server's hard disk protection status and LAN traffic status. A security vulnerability exists in NEC ESMPRO Manager version 6....

The vulnerability in the CDCreateKernlConnection function of the condrv.sys driver in the Windows operating system allows a hacker to cause a service failure.

The vulnerability of the CDCreateKernlConnection function in the condrv.sys driver of the Windows operating system is related to deficiencies in the path name validation process. Exploiting this vulnerability allows a malicious actor to trigger service failures by using a specially crafted path...

CVE-2021-21251 ZipSlip Arbitrary File Upload

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3 there is a critical "zip slip" vulnerability. This issue may lead to arbitrary file write. The KubernetesResource REST endpoint untars user controlled data from the request body using TarUtils. TarUtils is a custom library...

Insecure Logic Validation

csync2 does not securely validate a logic path within the application. The return value GNUTLSEWARNINGALERTRECEIVED of the gnutlshandshake function is not properly validated as required by design of the API and would lead to unintended logic execution...

CVE-2020-25842

The encryption function of NHIServiSignAdapter fail to verify the file path input by users. Remote attacker can access arbitrary files through the flaw without privilege...

NHIServiSignAdapter Access Control Error Vulnerability

Panorama NHIServiSignAdapter is a security control component for panoramic surveillance devices from China Panorama. A security vulnerability exists in NHIServiSignAdapter, which stems from an encryption feature that fails to validate user-entered file paths. A remote attacker can exploit this...