Lucene search
K

196 matches found

OSV
OSV
added 2022/12/27 10:15 p.m.31 views

CVE-2020-36561

Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...

9.1CVSS9.2AI score
Exploits0References4
Prion
Prion
added 2022/12/27 10:15 p.m.16 views

Input validation

Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...

6.4CVSS9.1AI score0.01249EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2022/12/27 10:15 p.m.16 views

Input validation

Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...

6.4CVSS9.1AI score0.01325EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2022/12/27 10:15 p.m.12 views

Input validation

Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...

6.4CVSS9.1AI score0.01188EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/12/27 9:13 p.m.18 views

CVE-2020-36566 Path traversal in github.com/whyrusleeping/tar-utils

Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...

9.2AI score0.01023EPSS
Exploits0References3
CVE
CVE
added 2022/12/27 9:13 p.m.82 views

CVE-2020-36566

CVE-2020-36566 : A path traversal in the Go tar-utils library (github.com/whyrusleeping/tar-utils) allows archives with relative paths to write or overwrite files outside the target directory due to improper path sanitization. The vulnerability impacts tar-utils used in the go-ipfs codebase, with...

9.1CVSS9.2AI score0.01023EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/12/27 9:13 p.m.165 views

CVE-2020-36561

CVE-2020-36561 is a path-traversal vulnerability in the unzip library used by github.com/yi-ge/unzip (go-unzip). The root cause is improper path sanitization that allows archives containing relative file paths to write or overwrite files outside the target directory. Documents indicate the issue ...

9.1CVSS9.2AI score0.01325EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2022/12/27 9:13 p.m.28 views

CVE-2020-36560 Path traversal in github.com/artdarek/go-unzip

Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...

9.2AI score0.01249EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2022/12/27 9:13 p.m.8 views

CVE-2020-36560 Path traversal in github.com/artdarek/go-unzip

Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...

9.2AI score0.01249EPSS
Exploits1References4
CVE
CVE
added 2022/12/27 9:13 p.m.93 views

CVE-2018-25046

CVE-2018-25046 is a path traversal flaw in the cloudfoundry/archiver package. The published descriptions across multiple sources (including Red Hat security, OSV, and CVE records) confirm that archives containing relative file paths can cause files to be written or overwritten outside the intende...

9.1CVSS9.2AI score0.01188EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/12/27 9:13 p.m.23 views

CVE-2018-25046 Path traversal in code.cloudfoundry.org/archiver

Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...

9.2AI score0.01188EPSS
Exploits0References3
CVE
CVE
added 2022/11/17 12:0 a.m.70 views

CVE-2021-33897

CVE-2021-33897 affects Synthesia. A buffer overflow in Synthesia before 10.7.5567 (when a non-Latin locale is used) can be triggered by a crafted MIDI file with malformed bytes, leading to a denial of service (application crash) during deletion. A separate issue in Synthesia before 10.9 involves ...

5.5CVSS5.5AI score0.0023EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/07/11 12:0 a.m.4 views

Fan_Platform 路径遍历漏洞

FanPlatform is a UI interface automation platform backend for Caoyongqi912 personal developers. 2021-04-20 and earlier versions of FanPlatform are vulnerable to a path traversal vulnerability, which stems from the failure of Flask's sendfile function to properly filter special elements in resourc...

9.3CVSS5.8AI score0.01242EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2022/05/13 1:48 a.m.26 views

Withdrawn Advisory: Pulp Improper Path Parsing

Withdrawn Advisory This advisory has been withdrawn because the package pulpcore deals with pulp 3 only. This advisory concerns pulp 2, which is not in a supported ecosystem. Original Description pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a...

6.8CVSS6.9AI score0.01067EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/05/13 1:48 a.m.27 views

GHSA-574P-6FW4-4HW8 Withdrawn Advisory: Pulp Improper Path Parsing

Withdrawn Advisory This advisory has been withdrawn because the package pulpcore deals with pulp 3 only. This advisory concerns pulp 2, which is not in a supported ecosystem. Original Description pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a...

6.5CVSS6.6AI score0.01067EPSS
Exploits0References6
Code423n4
Code423n4
added 2022/04/13 12:0 a.m.8 views

[WP-H9] _swapUniswapV2 may use an improper path which can cause a loss of the majority of the rewardTokens

Lines of code Vulnerability details function harvestuint256 minOutCurve external onlyRoleSTRATEGISTROLE convexConfig.baseRewardPool.getRewardaddressthis, true; //Prevent Stack too deep errors DexConfig memory dex = dexConfig; IERC20 memory rewardTokens = strategyConfig.rewardTokens; IERC20 weth =...

6.7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/03/28 12:0 a.m.7 views

The vulnerability of the PTC Axeda platform for creating and deploying corporate-level applications lies in the incorrect restriction on the path name to the restricted catalog, allowing a hacker to read arbitrary files.

The vulnerability of the PTC Axeda platform for creating and deploying corporate-level applications is related to an incorrect limitation on the path name used to access the restricted catalog. Exploiting this vulnerability could allow a malicious actor to read arbitrary files by sending a...

7.8CVSS7.6AI score0.02377EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/03/22 12:0 a.m.6 views

Delta Electronics DIAEnergie路径遍历漏洞

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.A path traversal...

9.8CVSS5.8AI score0.11124EPSS
Exploits0References5
OSV
OSV
added 2021/12/07 5:15 p.m.4 views

CVE-2021-37064

There is a Improper Limitation of a Pathname to a Restricted Directory vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to arbitrary file created...

9.1CVSS5.9AI score0.00828EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/10/21 12:0 a.m.8 views

CivetWeb 路径遍历漏洞

CivetWeb is an open source, easy-to-use, powerful, C/C++-embeddable web server with optional CGI, SSL, and Lua support. A security vulnerability exists in CivetWeb that stems from a failure of a network system or product to properly filter special elements in a resource or file path. An attacker...

9.8CVSS7.5AI score0.03138EPSS
Exploits1References11
Rows per page
Query Builder