HSC MailInspector 安全漏洞

HSC MailInspector is a mail security analysis and filtering system developed by the Brazilian company HSC. Version 5.3.3-7 of HSC MailInspector contains security vulnerabilities. These vulnerabilities stem from improper control of file paths provided to users. When the...

Apache PDFBox 安全漏洞

Apache PDFBox is an open-source tool library based on the Java language, developed by the Apache Foundation. This product provides functions for creating and editing PDF documents. Versions of Apache PDFBox from 2.0.24 to 2.0.36, as well as 3.0.0 to 3.0.7, have security vulnerabilities due to...

Blossom 路径遍历漏洞

Blossom is a project management platform developed by Blossom Inc. Versions of Blossom prior to 1.17.1 contained a path traversal vulnerability. This vulnerability stemmed from improper path handling in the file upload component, which could lead to path traversal attacks...

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system designed for iPad tablets. Apple macOS Sonoma is also an operating system. Several of Apple’s products have security...

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. There is a security vulnerability in Apple macOS, which stems from improper path handling, potentially allowing applications to gain root access. The following versions are affected: macOS...

libssh 安全漏洞

libssh is a C-language development package from the libssh organization, designed for accessing SSH services. It can execute remote commands, perform file transfers, and provide a secure transmission channel for remote programs. libssh has a security vulnerability, which stems from improper path...

EUVD-2021-9205

Malicious code in bioql PyPI...

Apple macOS 安全漏洞

Apple macOS is a specialized operating system developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS that stems from improper path handling...

Privilege Escalation

net.snowflake:snowflake-jdbc is vulnerable to Privilege Escalation. The vulnerability is due to improper path handling due to an attacker with write access to a directory in %PATH% being able to escalate privileges when the EXTERNALBROWSER authentication method is used on Windows...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from improper ppath handling in the ext4extreplayupdateex function in the ext4 filesystem, which could lead to a...

CVE-2024-22248

VMware SD-WAN Orchestrator contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure...

CVE-2024-22248

CVE-2024-22248 : VMware SD-WAN Orchestrator has an open redirect vulnerability caused by improper path handling, enabling a victim redirect to an attacker-controlled domain and leading to potential information disclosure. The CVSSv3.1 base score is 7.1 (HIGH) with NETWORK attack vector, LOW integ...

CVE-2024-22248

VMware SD-WAN Orchestrator contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure...

CVE-2023-2971

Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text fro...

CVE-2023-2971 Typora Local File Disclosure

Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text fro...

CVE-2023-2971 Typora Local File Disclosure

Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text fro...

CVE-2023-2316 Typora Local File Disclosure

Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious...

Typora 路径遍历漏洞

Typora is an editor. A path traversal vulnerability exists in Typora version 1.6.7, which stems from an improper path handling vulnerability that affects both Windows and Linux platforms...

PT-2023-22366 · Typora · Typora

Name of the Vulnerable Software and Affected Versions: Typora versions prior to 1.7.0-dev Description: The issue is related to improper path handling, which allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This can be exploited...

CVE-2023-20884

VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure...