Lucene search
K

14 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Chromium

Insufficient data validation in the File System of Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass file system restrictions through a crafted HTML page. Chromium security severity: Medium...

8.8CVSS7.5AI score0.01659EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.14 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system developed by Chinese company Huawei. It is a full-scenario distributed operating system based on a microkernel architecture. There is a security vulnerability in Huawei HarmonyOS, which stems from a logic bypass in the file system. This vulnerability may...

2.4CVSS5.2AI score0.0011EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/13 4:33 p.m.5 views

UNIX Symbolic Link (Symlink) Following

Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following in the fs.symlink function. An attacker can escape the allowed path and read/write sensitive files by chaining directories and symlinks, bypassing --allow-fs-read and --allow-fs-write restrictions...

9.1CVSS6.7AI score0.01633EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2024/11/13 4:12 p.m.16 views

CVE-2024-52291 Craft has a Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution

Craft is a content management system CMS. A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme e.g., file://file:////. This enables the attacker to specify sensitive folders as the file system, leading to potential file...

8.4CVSS8.6AI score0.01138EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/11/13 12:0 a.m.8 views

PT-2024-35157 · Craft Cms · Craft Cms

Name of the Vulnerable Software and Affected Versions: CraftCMS versions prior to 4.12.5 CraftCMS versions prior to 5.4.6 Description: A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme. This enables the attacker to specify...

9CVSS8.1AI score0.01138EPSS
Exploits1References13
Amazon
Amazon
added 2024/03/04 12:0 a.m.41 views

Important: ruby

Issue Overview: A flaw was discovered in Ruby in the way certain functions handled strings containing NULL bytes. Specifically, the built-in methods File.fnmatch and its alias File.fnmatch? did not properly handle path patterns containing the NULL byte. A remote attacker could exploit this flaw t...

8.1CVSS7.9AI score0.0576EPSS
Exploits2
SUSE CVE
SUSE CVE
added 2023/02/15 3:30 a.m.5 views

SUSE CVE-2022-4190

Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS8.2AI score0.00662EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/01/10 8:15 p.m.4 views

CVE-2023-0140

Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. Chromium security severity: Low...

6.5CVSS5.9AI score0.00587EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2022/11/30 12:15 a.m.29 views

CVE-2022-4190

Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS7.2AI score0.00662EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2022/07/27 10:15 p.m.37 views

CVE-2022-1857

Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass file system restrictions via a crafted HTML page...

8.8CVSS7.2AI score0.0071EPSS
Exploits0References1
OSV
OSV
added 2021/01/08 7:15 p.m.2 views

DEBIAN-CVE-2020-16019

Inappropriate implementation in filesystem in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to bypass noexec restrictions via a malicious file...

8.8CVSS8.4AI score0.00858EPSS
Exploits0References1
Prion
Prion
added 2018/06/11 9:29 p.m.16 views

Design/Logic Flaw

A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR 52.1 and Firefox 53...

7.5CVSS8.6AI score0.0282EPSS
Exploits1References6Affected Software8
RedHat Linux
RedHat Linux
added 2015/07/09 5:1 p.m.3 views

php: missing null byte checks for paths in various PHP extensions

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...

5.3CVSS7.2AI score0.04094EPSS
Exploits1References4
NVD
NVD
added 2015/05/13 11:0 a.m.22 views

CVE-2015-3083

Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on...

6.4CVSS6.5AI score0.41064EPSS
Exploits1References9
Rows per page
Query Builder