225 matches found
PT-2021-8851 · Cloud Foundry +3 · Archiver +3
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is caused by improper path sanitization, allowing archives with relative file paths to write or overwrite files outside the intended directory...
PT-2021-12076 · Github.Com/Yi Ge/Unzip +3 · Github.Com/Yi-Ge/Unzip +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is caused by improper path sanitization, allowing archives with relative file paths to write or overwrite files outside the intended directory...
PT-2021-12075 · Github.Com/Artdarek/Go Unzip +3 · Github.Com/Artdarek/Go-Unzip +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is caused by improper path sanitization, allowing archives with relative file paths to write or overwrite files outside the intended directory...
PT-2021-11230 · Go-Ipfs · Go-Ipfs
Name of the Vulnerable Software and Affected Versions: go-ipfs versions prior to 0.8.0-rc1 Description: The issue is related to path traversal in go-ipfs, which can occur with DAGs containing relative paths during retrieval. This can cause files to be overwritten or written to incorrect output...
PT-2021-17488 · Parse-Url +2 · Url-Parse +2
Name of the Vulnerable Software and Affected Versions: url-parse versions prior to 1.5.0 Description: The issue concerns the mishandling of certain uses of backslash in URLs, such as http:/, which are interpreted as relative paths instead of proper URLs. Recommendations: For versions prior to...
url-parse security vulnerability
Arnout Kazemier url-parse is an application by the individual developer Arnout Kazemiere Arnout Kazemier, USA. It provides url parsing. A security vulnerability exists in url-parse before version 1.5.0 that stems from incorrectly handling certain uses of backslashes, such as http: /, and...
Directory traversal
A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulnerability, an attacker must have the credentials of an administrative user, upload a maliciously...
Arbitrary File Write
django is vulnerable to arbitrary file write. The vulnerability exists through the django.utils.archive.extract function, used by startapp --template and startproject --template, to extract files with absolute paths or relative paths, out of the application root directory...
CVE-2021-3281
A flaw was found in django where thedjango.utils.archive.extract function, used by startapp --template and startproject --template, allowed directory-traversal via an archive with absolute paths or relative paths with dot segments...
CVE-2021-3281
In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method used by "startapp --template" and "startproject --template" allows directory traversal via an archive with absolute paths or relative paths with dot segments...
VulnCheck KEV: CVE-2001-0507
IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability...
CVE-2020-29482
An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests' namespaces, necessarily usi...
CVE-2020-29482
An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests' namespaces, necessarily usi...
CVE-2020-29482
An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests' namespaces, necessarily usi...
Xenstore: wrong path length check
ISSUE DESCRIPTION A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests' namespaces, necessarily using absolute paths. oxenstored...
Xen Code Issues Vulnerabilities
Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in Xen versi...
CVE-2020-27730
In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities...
CVE-2020-27730
In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities...
openSUSE Security Update : buildah (openSUSE-2020-2106)
This update for buildah fixes the following issues : buildah was updated to v1.17.0 bsc1165184 : - Handle cases where other tools mount/unmount containers - overlay.MountReadOnly: support RO overlay mounts - overlay: use fusermount for rootless umounts - overlay: fix umount - Switch default log...
Security update for rmt-server (important)
openSUSE Security Update: Security update for rmt-server Announcement ID: openSUSE-SU-2020:1993-1 Rating: important References: 1165548 1168554 1172177 1172182 1172184 1172186 1173351 Cross-References: CVE-2019-16770 CVE-2019-5418 CVE-2019-5419 CVE-2019-5420 CVE-2020-11076 CVE-2020-11077...