Lucene search
K

390 matches found

ATTACKERKB
ATTACKERKB
added 2022/03/28 2:15 a.m.6 views

CVE-2022-24303

Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled...

9.1CVSS6.9AI score0.02811EPSS
Exploits0References8
PyPA
PyPA
added 2022/03/28 2:15 a.m.5 views

PYSEC-2022-168

Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled...

9.1CVSS6.9AI score0.02811EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/03/28 2:15 a.m.3 views

PYSEC-2022-168

Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled...

9.1CVSS7.2AI score0.02811EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2022/03/28 2:15 a.m.73 views

CVE-2022-24303

Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled...

9.1CVSS6.9AI score0.02811EPSS
Exploits0References4
OSV
OSV
added 2022/03/28 2:15 a.m.1 views

UBUNTU-CVE-2022-24303

Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled...

9.1CVSS6.9AI score0.02811EPSS
Exploits0References5
CVE
CVE
added 2022/03/28 12:0 a.m.215 views

CVE-2022-24303

Pillow (Python Imaging Library fork) is affected by CVE-2022-24303. The vulnerability arises in Pillow’s handling of spaces in temporary pathnames, enabling an attacker to delete files through path traversal-like behavior. This impacts Pillow versions before 9.0.1. The documented consequence is f...

9.1CVSS8.9AI score0.02811EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2022/03/28 12:0 a.m.29 views

CVE-2022-24303

Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled...

9.3AI score0.02811EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2022/03/28 12:0 a.m.28 views

CVE-2022-24303

Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled...

9.1CVSS9.2AI score0.02811EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2022/03/28 12:0 a.m.41 views

CVE-2022-24303

Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled...

9.1CVSS9.2AI score0.02811EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2022/03/15 10:26 a.m.5 views

glibc: Stack-based buffer overflow in svcunix_create via long pathnames

A stack based buffer-overflow vulnerability was found in the deprecated compatibility function svcunixcreate in the sunrpc's svcunix.c module of the GNU C Library aka glibc through 2.34. This vulnerability copies its path argument onto the stack without validating its length, which may result in ...

9.8CVSS7.2AI score0.04729EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/03/11 11:10 p.m.31 views

Path traversal in Pillow

Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled...

9.1CVSS8.7AI score0.02811EPSS
Exploits0References13Affected Software1
Positive Technologies
Positive Technologies
added 2022/02/09 12:0 a.m.1 views

PT-2022-6483 · Pillow +5 · Pillow +5

Name of the Vulnerable Software and Affected Versions: Pillow versions prior to 9.0.1 Description: The issue is related to the mishandling of spaces in temporary pathnames, which can be exploited by attackers to delete files. This can lead to data integrity issues and potentially cause a denial o...

9.8CVSS6.7AI score0.03399EPSS
Exploits2References88
Debian CVE
Debian CVE
added 2021/12/23 6:0 a.m.31 views

CVE-2021-45463

loadcache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIM...

7.8CVSS7.7AI score0.01439EPSS
Exploits0
CNNVD
CNNVD
added 2021/12/23 12:0 a.m.2 views

GIMP 操作系统命令注入漏洞

GIMP is an open source bitmap image editor from the GIMP team. GIMP suffers from an operating system command injection vulnerability that stems from allowing shell extensions when pathnames in constructed command lines are not escaped or filtered. This is caused by performing an ImageMagick...

7.8CVSS7.3AI score0.01439EPSS
Exploits0References16
BDU FSTEC
BDU FSTEC
added 2021/12/13 12:0 a.m.9 views

The vulnerability of the h5-vcav-bootstrap-service software, a management software for virtual infrastructure of VMware vCenter Server, allows an attacker to read local files on the server where the vulnerable software is installed. It also enables the attacker to forge requests on the server side and perform XSS attacks.

The vulnerability of the h5-vcav-bootstrap-service plugin in the virtualization infrastructure management software is related to errors in processing relative pathnames to directories. Exploiting this vulnerability allows a malicious actor to read local files on the server where the vulnerable...

9CVSS5.5AI score
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/11/05 12:0 a.m.4 views

Grav 路径遍历漏洞

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms, and one-page product presentations. A path traversal vulnerability exists in grav, which stems from an improper restriction of pathnames to restricted directories in the affected product...

8.8CVSS7.6AI score0.04224EPSS
Exploits1References3
OSV
OSV
added 2021/08/31 4:15 a.m.5 views

CVE-2021-36356

KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames even though browseSystemFiles.php is no longer reachable via the GUI. NOTE: this issue exists because of an incomplete fix for...

9.8CVSS6.1AI score0.54393EPSS
Exploits10References2
CNVD
CNVD
added 2021/08/16 12:0 a.m.38 views

Nagios XI file inclusion vulnerability

Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting, and rich data visualization.A local file inclusion vulnerability exists in versions of Nagios XI prior to 5.8.5. The vulnerability stems from an improper...

5CVSS2.7AI score0.02782EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2021/07/29 12:0 a.m.20 views

AVEVA System Platform Path Traversal Vulnerability

AVEVA System Platform is an application from AVEVA UK. A responsive, standards-driven and scalable foundation for regulatory, enterprise SCADA, MES and IIoT applications. AVEVA System Platform suffers from a path traversal vulnerability that stems from the software not properly neutralizing speci...

7.2CVSS6.9AI score0.01162EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2021/04/30 12:0 a.m.734 views

Microsoft Windows UAC Privilege Escalation

Hi @ll, Microsoft still ships Windows with and lets it create user-writable directories below the "Windows" directory %SystemRoot%\ -- despite that, with exception of %SystemRoot%\Temp, they are all used to store DATA and SHOULD have been placed below %ProgramData% alias %SystemDrive%\ProgramData...

0.4AI score
Exploits0
Rows per page
Query Builder