Lucene search
+L

69 matches found

Snyk
Snyk
added 2025/03/20 12:32 p.m.3 views

Improper Handling of Case Sensitivity

Overview Flask-Cors is an A Flask extension adding a decorator for CORS support Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the trymatch function. An attacker can access restricted paths and potentially expose sensitive data by exploiting the case...

8.7CVSS6.9AI score0.00642EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2025/02/20 12:0 a.m.12 views

The vulnerability of the Xerox Workplace Suite print server, related to incorrect path name restrictions for restricted access directories, allows attackers to gain read, modify, or delete access to data.

The vulnerability of the Xerox Workplace Suite print management server is related to an incorrect restriction on the path to the restricted catalog. Exploiting this vulnerability can allow a malicious actor to gain read, modify, or delete access to data...

6.5CVSS5.5AI score0.00409EPSS
Exploits0References2Affected Software1
Amazon
Amazon
added 2025/01/09 12:0 a.m.5 views

Medium: haproxy

Issue Overview: Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL Access Control List set on the product. As a result, the attacker may obtain...

5.3CVSS6.7AI score0.01043EPSS
Exploits0
OSV
OSV
added 2024/12/13 1:18 p.m.3 views

OESA-2024-2548 haproxy security update

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: Inconsistent...

5.3CVSS6.9AI score0.01043EPSS
Exploits0References2
OSV
OSV
added 2024/12/13 1:18 p.m.3 views

OESA-2024-2547 haproxy security update

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: Inconsistent...

5.3CVSS6.9AI score0.01043EPSS
Exploits0References2
OSV
OSV
added 2024/12/13 1:18 p.m.3 views

OESA-2024-2545 haproxy security update

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: Inconsistent...

5.3CVSS6.9AI score0.01043EPSS
Exploits0References2
Redos
Redos
added 2024/12/03 12:0 a.m.14 views

ROS-20241203-03

The HTTP request interpretation vulnerability in HAProxy is related to the ability to access a path that is restricted by an ACL access control list installed on the product. Exploitation of the vulnerability could Allow an attacker acting remotely to obtain sensitive information...

5.3CVSS6.7AI score0.01043EPSS
Exploits0
OSV
OSV
added 2024/11/28 3:15 a.m.4 views

DEBIAN-CVE-2024-53008

Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL Access Control List set on the product. As a result, the attacker may obtain sensitive...

5.3CVSS5.5AI score0.01043EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/04 12:0 a.m.5 views

PT-2024-9565 · Veeam · Veeam Backup & Replication

Name of the Vulnerable Software and Affected Versions: Veeam Backup & Replication affected versions not specified Description: A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation. The issue is related...

7.8CVSS9.2AI score0.0029EPSS
Exploits0References12
BDU FSTEC
BDU FSTEC
added 2024/07/05 12:0 a.m.5 views

The vulnerability of Sonatype Nexus Repository Manager lies in the improper restriction of the path name to the restricted directory. This allows attackers to disclose protected information.

The vulnerability of Sonatype Nexus Repository Manager is related to incorrect restrictions on the path to the restricted-access catalog. Exploiting this vulnerability could allow a malicious actor to disclose protected information...

7.8CVSS7.7AI score0.18245EPSS
Exploits16References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/04/19 12:0 a.m.6 views

The vulnerability in the Avalanche mobile device management web component allows a hacker to trigger a service failure.

The vulnerability of the Avalanche mobile device management web component is related to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.5CVSS7.1AI score0.01758EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/08/11 12:0 a.m.12 views

The vulnerability of the DevTools set of tools for web development in the Google Chrome browser allows a hacker to gain access to and modify files.

The vulnerability of the DevTools set of tools for web development in the Google Chrome browser is related to an incorrect path limitation for accessing restricted directories. Exploiting this vulnerability could allow a malicious actor to remotely access and modify files by downloading a special...

7.8CVSS6.5AI score0.00296EPSS
Exploits1References3Affected Software1
Hacker One
Hacker One
added 2023/07/05 3:16 p.m.45 views

Node.js: fs.statfs bypasses Permission Model

A vulnerability was found in Node.js version 20 that allowed malicious actors to bypass the permission model and retrieve file stats using the fs.statfs API, even if they did not have explicit read access to the file...

5.3CVSS6.7AI score0.01191EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2023/04/12 12:0 a.m.6 views

The vulnerability of Hitachi Vantara Pentaho Business Analytics Server’s server lies in the incorrect restriction on the path to the restricted-access catalog, which allows attackers to gain unauthorized access to protected information.

The vulnerability of Hitachi Vantara Pentaho Business Analytics Server relates to the disclosure of information through registration files. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

5.5CVSS6.5AI score0.00392EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2022/09/28 4:15 a.m.27 views

CVE-2022-39034

Smart eVision has a path traversal vulnerability in the Report API function due to insufficient filtering for special characters in URLs. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication, access restricted paths and download system files...

6.5CVSS0.01206EPSS
Exploits0References1
Prion
Prion
added 2022/09/28 4:15 a.m.15 views

Path traversal

Smart eVision has a path traversal vulnerability in the Report API function due to insufficient filtering for special characters in URLs. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication, access restricted paths and download system files...

4CVSS6.5AI score0.01206EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/28 12:0 a.m.8 views

PT-2022-24688 · Unknown · Smart Evision

Name of the Vulnerable Software and Affected Versions: Smart eVision affected versions not specified Description: The issue is related to a path traversal vulnerability in the Report API function. This vulnerability is caused by insufficient filtering for special characters in URLs, allowing a...

6.5CVSS6.5AI score0.01206EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/08/30 12:0 a.m.5 views

Dell Container Storage Modules 路径遍历漏洞

Dell Container Storage Modules is a set of modules from Dell, Inc. Dell Container Storage Modules version 1.2 contains a path traversal vulnerability that could be exploited by a remote authenticated attacker with low privileges to cause unintentional access to paths outside of restricted...

8.8CVSS6.6AI score0.01144EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2022/07/05 2:41 p.m.3 views

django: Potential directory-traversal via Storage.save()

A directory-traversal flaw was found in Django's Storage.save method, where a network attacker could possibly traverse restricted paths using suitably crafted file names...

5.3CVSS7.1AI score0.02388EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/02/22 12:0 a.m.5 views

PT-2022-16164 · Wiki.Js · Wiki.Js

Name of the Vulnerable Software and Affected Versions: Wiki.js affected versions not specified Description: The issue affects Wiki.js, a wiki app built on Node.js, where an authenticated user with write access on a restricted set of paths can update a page outside the allowed paths. This is...

8.1CVSS6.3AI score0.00723EPSS
Exploits0References7
Rows per page
Query Builder