Lucene search
K

225 matches found

Positive Technologies
Positive Technologies
added 2021/04/14 12:0 a.m.5 views

PT-2021-8851 · Cloud Foundry +3 · Archiver +3

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is caused by improper path sanitization, allowing archives with relative file paths to write or overwrite files outside the intended directory...

9.1CVSS8.9AI score0.01188EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2021/04/14 12:0 a.m.13 views

PT-2021-12076 · Github.Com/Yi Ge/Unzip +3 · Github.Com/Yi-Ge/Unzip +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is caused by improper path sanitization, allowing archives with relative file paths to write or overwrite files outside the intended directory...

9.1CVSS9.1AI score0.01325EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2021/04/14 12:0 a.m.14 views

PT-2021-12075 · Github.Com/Artdarek/Go Unzip +3 · Github.Com/Artdarek/Go-Unzip +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is caused by improper path sanitization, allowing archives with relative file paths to write or overwrite files outside the intended directory...

9.1CVSS6.8AI score0.01249EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2021/03/24 12:0 a.m.7 views

PT-2021-11230 · Go-Ipfs · Go-Ipfs

Name of the Vulnerable Software and Affected Versions: go-ipfs versions prior to 0.8.0-rc1 Description: The issue is related to path traversal in go-ipfs, which can occur with DAGs containing relative paths during retrieval. This can cause files to be overwritten or written to incorrect output...

8.1CVSS6.6AI score0.01699EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2021/02/21 12:0 a.m.4 views

PT-2021-17488 · Parse-Url +2 · Url-Parse +2

Name of the Vulnerable Software and Affected Versions: url-parse versions prior to 1.5.0 Description: The issue concerns the mishandling of certain uses of backslash in URLs, such as http:/, which are interpreted as relative paths instead of proper URLs. Recommendations: For versions prior to...

10CVSS6.3AI score0.03805EPSS
Exploits7References44
CNNVD
CNNVD
added 2021/02/21 12:0 a.m.6 views

url-parse security vulnerability

Arnout Kazemier url-parse is an application by the individual developer Arnout Kazemiere Arnout Kazemier, USA. It provides url parsing. A security vulnerability exists in url-parse before version 1.5.0 that stems from incorrectly handling certain uses of backslashes, such as http: /, and...

5.3CVSS6.8AI score0.01964EPSS
Exploits1References7
Prion
Prion
added 2021/02/15 8:15 p.m.25 views

Directory traversal

A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulnerability, an attacker must have the credentials of an administrative user, upload a maliciously...

6.5CVSS7.4AI score0.16611EPSS
Exploits4References4Affected Software1
Veracode
Veracode
added 2021/02/02 1:38 a.m.33 views

Arbitrary File Write

django is vulnerable to arbitrary file write. The vulnerability exists through the django.utils.archive.extract function, used by startapp --template and startproject --template, to extract files with absolute paths or relative paths, out of the application root directory...

5.3CVSS2.6AI score0.07605EPSS
Exploits1References11Affected Software11
RedhatCVE
RedhatCVE
added 2021/02/01 6:27 p.m.32 views

CVE-2021-3281

A flaw was found in django where thedjango.utils.archive.extract function, used by startapp --template and startproject --template, allowed directory-traversal via an archive with absolute paths or relative paths with dot segments...

5.3CVSS4.1AI score0.07605EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2021/02/01 10:0 a.m.38 views

CVE-2021-3281

In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method used by "startapp --template" and "startproject --template" allows directory traversal via an archive with absolute paths or relative paths with dot segments...

5.3CVSS6.8AI score0.07605EPSS
Exploits1References4
VulnCheck KEV
VulnCheck KEV
added 2021/01/05 12:0 a.m.6 views

VulnCheck KEV: CVE-2001-0507

IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability...

7.2CVSS5.8AI score0.08846EPSS
Exploits0References1
OSV
OSV
added 2020/12/15 6:15 p.m.26 views

CVE-2020-29482

An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests' namespaces, necessarily usi...

6CVSS8.5AI score0.00385EPSS
Exploits0References4
Cvelist
Cvelist
added 2020/12/15 5:14 p.m.30 views

CVE-2020-29482

An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests' namespaces, necessarily usi...

7AI score0.00385EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2020/12/15 5:14 p.m.40 views

CVE-2020-29482

An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests' namespaces, necessarily usi...

6CVSS7AI score0.00385EPSS
Exploits0
Xen Project
Xen Project
added 2020/12/15 12:0 p.m.48 views

Xenstore: wrong path length check

ISSUE DESCRIPTION A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests' namespaces, necessarily using absolute paths. oxenstored...

6CVSS0.3AI score0.00385EPSS
Exploits0
CNNVD
CNNVD
added 2020/12/15 12:0 a.m.7 views

Xen Code Issues Vulnerabilities

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in Xen versi...

6CVSS6.3AI score0.00385EPSS
Exploits0References7
NVD
NVD
added 2020/12/11 8:15 p.m.46 views

CVE-2020-27730

In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities...

9.8CVSS9.5AI score0.01693EPSS
Exploits0References2
OSV
OSV
added 2020/12/11 8:15 p.m.4 views

CVE-2020-27730

In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities...

9.8CVSS7.3AI score0.01693EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/12/07 12:0 a.m.98 views

openSUSE Security Update : buildah (openSUSE-2020-2106)

This update for buildah fixes the following issues : buildah was updated to v1.17.0 bsc1165184 : - Handle cases where other tools mount/unmount containers - overlay.MountReadOnly: support RO overlay mounts - overlay: use fusermount for rootless umounts - overlay: fix umount - Switch default log...

9.3CVSS6.4AI score0.02603EPSS
Exploits1References5
OPENSUSE Linux
OPENSUSE Linux
added 2020/11/21 12:0 a.m.52 views

Security update for rmt-server (important)

openSUSE Security Update: Security update for rmt-server Announcement ID: openSUSE-SU-2020:1993-1 Rating: important References: 1165548 1168554 1172177 1172182 1172184 1172186 1173351 Cross-References: CVE-2019-16770 CVE-2019-5418 CVE-2019-5419 CVE-2019-5420 CVE-2020-11076 CVE-2020-11077...

9.8CVSS7.7AI score0.98507EPSS
Exploits40References7
Rows per page
Query Builder