Lucene search
K

164 matches found

UbuntuCve
UbuntuCve
added 2022/09/13 8:15 p.m.34 views

CVE-2022-37703

In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use opendir as root directly without checking the path, letting the attacker provide an...

3.3CVSS6.1AI score0.00703EPSS
Exploits0References4
OSV
OSV
added 2022/09/13 12:0 a.m.24 views

CVE-2022-37703

In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use opendir as root directly without checking the path, letting the attacker provide an...

3.3CVSS6.4AI score0.00703EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2022/05/24 5:21 p.m.5 views

Mattermost Server does not restrict SAML certificate path for System Administrators

An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname...

4.9CVSS5.5AI score0.00459EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/04/26 4:15 a.m.2 views

CVE-2022-29806

ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability...

9.8CVSS7.8AI score0.66317EPSS
Exploits6References7
NVD
NVD
added 2022/03/30 4:15 p.m.18 views

CVE-2022-20002

In incfs, there is a possible way of mounting on arbitrary paths due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-19865765...

7.8CVSS0.00098EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/11/29 12:0 a.m.9 views

PT-2021-23930 · Unknown · @Backstage/Plugin-Scaffolder-Backend

Name of the Vulnerable Software and Affected Versions: @backstage/plugin-scaffolder-backend versions prior to 0.15.14 Description: A malicious actor with write access to a registered scaffolder template can manipulate the template to write files to arbitrary paths on the scaffolder-backend host...

8.5CVSS7AI score0.01206EPSS
Exploits0References8
CNVD
CNVD
added 2021/09/02 12:0 a.m.14 views

MIK.starlight input validation error vulnerability (CNVD-2021-69611)

MIK.starlight is the departmental access and creation dashboard, reporting and planning environment. MIK.starlight is vulnerable to an input validation error, which could allow an attacker to access arbitrary path files...

6.5CVSS3.5AI score0.01008EPSS
Exploits1References1
Rosalinux
Rosalinux
added 2021/07/02 6:12 p.m.31 views

Advisory ROSA-SA-2021-1980

Software: sudo 1.8.23 OS: Cobalt 7.9 CVE-ID: CVE-2021-23239 CVE-Crit: LOW CVE-DESC: The sudoedit personality in sudo before 1.9.5 can allow a local unprivileged user to perform arbitrary directory existence tests by winning the sudoedit.c race condition when replacing a user-controlled directory...

7.8CVSS6.5AI score0.01066EPSS
Exploits2
OSV
OSV
added 2021/03/10 10:15 a.m.13 views

CVE-2021-20668

Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read an arbitrary path via a specially crafted URL...

2.7CVSS6.7AI score
Exploits0References2
OSV
OSV
added 2021/03/10 10:15 a.m.11 views

CVE-2021-20669

Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read and/or delete an arbitrary path via a specially crafted URL...

4.7CVSS6.7AI score
Exploits0References2
Prion
Prion
added 2021/03/10 10:15 a.m.19 views

Path traversal

Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read and/or delete an arbitrary path via a specially crafted URL...

6.5CVSS4.8AI score0.00756EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/03/10 10:15 a.m.12 views

Path traversal

Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read an arbitrary path via a specially crafted URL...

4CVSS4AI score0.00821EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/03/10 9:20 a.m.16 views

CVE-2021-20668

Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read an arbitrary path via a specially crafted URL...

4.1AI score0.00821EPSS
Exploits0References2
Veracode
Veracode
added 2021/02/08 6:36 a.m.22 views

Arbitrary Path Injection

github.com/containernetworking/cni is vulnerable to arbitrary path injection. A user is be able to change the type: field in a CNI configuration to an arbitrary path and could execute arbitrary binaries on a host...

7.2CVSS2.8AI score0.01525EPSS
Exploits0References2Affected Software4
Tenable Nessus
Tenable Nessus
added 2021/01/29 12:0 a.m.38 views

CentOS 8 : git (CESA-2019:4356)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:4356 advisory. - git: Arbitrary path overwriting via export-marks in-stream command feature CVE-2019-1348 - git: Recursive submodule cloning allows using git director...

9.3CVSS7.6AI score0.34007EPSS
Exploits0References5
OSV
OSV
added 2021/01/12 9:15 a.m.0 views

DEBIAN-CVE-2021-23239

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudoedit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path...

2.5CVSS6.5AI score0.01029EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2020/10/21 12:0 a.m.31 views

EulerOS Virtualization 3.0.2.2 : libvirt (EulerOS-SA-2020-2209)

According to the versions of the libvirt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - qemu/qemudriver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows...

8.8CVSS7.3AI score0.00813EPSS
Exploits0References5
CNVD
CNVD
added 2020/05/15 12:0 a.m.1 views

Advantech WebAccessNode suffers from arbitrary path file deletion vulnerability

Advantech WebAccessNode is a fully Internet Explorer-based HMI/SCADA monitoring software. Advantech WebAccessNode has an arbitrary path file deletion vulnerability that can be exploited by an attacker to delete arbitrary path files on the system...

7AI score
Exploits0
NVD
NVD
added 2020/03/18 1:15 a.m.18 views

CVE-2020-8599

Trend Micro Apex One 2019 and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability...

10CVSS9.6AI score0.11576EPSS
Exploits0References3
OSV
OSV
added 2020/01/28 10:56 a.m.5 views

SUSE-SU-2020:0247-1 Security update for nodejs6

This update for nodejs6 to version 6.17.1 fixes the following issues: Security issues fixed: - CVE-2019-16777, CVE-2019-16776, CVE-2019-16775: Updated npm to 6.13.4, fixing an arbitrary path overwrite and access via 'bin' field bsc1159352...

8.1CVSS7.8AI score0.03342EPSS
Exploits0References5
Rows per page
Query Builder