Design/Logic Flaw

The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace folder...

CVE-2021-29658

The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace folder...

This operation has been cancelled due to restrictions in effect on this computer

When you try to browse to the My Documents folder on a published Windows Explorer application while using Special Folder Redirection, the following error message appears: “This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator.” ...

The vulnerability of the Folder Redirection technology in Windows operating systems allows attackers to exploit their privileges.

The vulnerability of the Folder Redirection technology in Windows operating systems is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...

Path Traversal

github.com/ipfs/go-ipfs is vulnerable to path traversal. The use of whyrusleeping/tar-utils which fails to validate tarPath when a get is done on an malicious DAG file allows overwritting of files or writing to incorrect destination folders during retrieval...

The vulnerability arises from insufficient checking of update files in the client update folder of the VipNet Client information protection software. This allows a perpetrator to execute arbitrary code.

The vulnerability of the VipNet Client information protection software lies in insufficient checks on access rights to the update folder, as well as insufficient checks on the integrity and authenticity of update files. Exploiting this vulnerability could allow an attacker, operating locally, to...

Jenkins Role-based Authorization Strategy 权限许可和访问控制问题漏洞

Jenkins Role-based Authorization Strategy is Jenkins open source an application plugin . The plugin is used to add a new role-based mechanism to manage user rights . A privilege impropriety vulnerability exists in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier versions. An...

Jenkins Matrix Authorization Strategy 安全漏洞

Jenkins Matrix Authorization Strategy is a Jenkins open source application plugin . The plug-in in Jenkins to achieve fine-grained access control . An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permissions to nested...

CVE-2021-23879

Unquoted service path vulnerability in McAfee Endpoint Product Removal EPR Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder. The tool did not enforce and protect the execution path. Local admin privileg...

CVE-2021-23879

Unquoted service path vulnerability in McAfee Endpoint Product Removal EPR Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder. The tool did not enforce and protect the execution path. Local admin privileg...

CVE-2021-26887

An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting anothe...

CVE-2021-26887

An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting anothe...

Privilege escalation

An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting anothe...

CVE-2021-26887 Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability

...

CVE-2021-26887

The CVE-2021-26887 issue is an elevation of privilege in Microsoft Windows involving Folder Redirection enabled via Group Policy. Affected scenario occurs when the folder redirection file server is co-located with a Terminal Server; an attacker could begin redirecting another user’s personal data...

CVE-2021-26887 Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability

...

GHSA-PC22-3G76-GM6J Generator Web Application: Local Privilege Escalation Vulnerability via System Temp Directory

Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. This...

HugoMario swagger-codegen 安全漏洞

HugoMario swagger-codegen is an application from HugoMario. It is used to automatically generate API client libraries generate SDKs, server stubs and documentation given an OpenAPI Spec. A security vulnerability exists in swagger-codegen, which can be exploited by an attacker to append the conten...

NewStart CGSL MAIN 6.02 : cyrus-imapd Multiple Vulnerabilities (NS-SA-2021-0086)

The remote NewStart CGSL host, running version MAIN 6.02, has cyrus-imapd packages installed that are affected by multiple vulnerabilities: - Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context o...

Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting anothe...