196 matches found
CVE-2020-36561
Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...
Input validation
Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...
Input validation
Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...
Input validation
Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...
CVE-2020-36566 Path traversal in github.com/whyrusleeping/tar-utils
Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...
CVE-2020-36566
CVE-2020-36566 : A path traversal in the Go tar-utils library (github.com/whyrusleeping/tar-utils) allows archives with relative paths to write or overwrite files outside the target directory due to improper path sanitization. The vulnerability impacts tar-utils used in the go-ipfs codebase, with...
CVE-2020-36561
CVE-2020-36561 is a path-traversal vulnerability in the unzip library used by github.com/yi-ge/unzip (go-unzip). The root cause is improper path sanitization that allows archives containing relative file paths to write or overwrite files outside the target directory. Documents indicate the issue ...
CVE-2020-36560 Path traversal in github.com/artdarek/go-unzip
Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...
CVE-2020-36560 Path traversal in github.com/artdarek/go-unzip
Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...
CVE-2018-25046
CVE-2018-25046 is a path traversal flaw in the cloudfoundry/archiver package. The published descriptions across multiple sources (including Red Hat security, OSV, and CVE records) confirm that archives containing relative file paths can cause files to be written or overwritten outside the intende...
CVE-2018-25046 Path traversal in code.cloudfoundry.org/archiver
Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...
CVE-2021-33897
CVE-2021-33897 affects Synthesia. A buffer overflow in Synthesia before 10.7.5567 (when a non-Latin locale is used) can be triggered by a crafted MIDI file with malformed bytes, leading to a denial of service (application crash) during deletion. A separate issue in Synthesia before 10.9 involves ...
Fan_Platform 路径遍历漏洞
FanPlatform is a UI interface automation platform backend for Caoyongqi912 personal developers. 2021-04-20 and earlier versions of FanPlatform are vulnerable to a path traversal vulnerability, which stems from the failure of Flask's sendfile function to properly filter special elements in resourc...
Withdrawn Advisory: Pulp Improper Path Parsing
Withdrawn Advisory This advisory has been withdrawn because the package pulpcore deals with pulp 3 only. This advisory concerns pulp 2, which is not in a supported ecosystem. Original Description pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a...
GHSA-574P-6FW4-4HW8 Withdrawn Advisory: Pulp Improper Path Parsing
Withdrawn Advisory This advisory has been withdrawn because the package pulpcore deals with pulp 3 only. This advisory concerns pulp 2, which is not in a supported ecosystem. Original Description pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a...
[WP-H9] _swapUniswapV2 may use an improper path which can cause a loss of the majority of the rewardTokens
Lines of code Vulnerability details function harvestuint256 minOutCurve external onlyRoleSTRATEGISTROLE convexConfig.baseRewardPool.getRewardaddressthis, true; //Prevent Stack too deep errors DexConfig memory dex = dexConfig; IERC20 memory rewardTokens = strategyConfig.rewardTokens; IERC20 weth =...
The vulnerability of the PTC Axeda platform for creating and deploying corporate-level applications lies in the incorrect restriction on the path name to the restricted catalog, allowing a hacker to read arbitrary files.
The vulnerability of the PTC Axeda platform for creating and deploying corporate-level applications is related to an incorrect limitation on the path name used to access the restricted catalog. Exploiting this vulnerability could allow a malicious actor to read arbitrary files by sending a...
Delta Electronics DIAEnergie路径遍历漏洞
Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.A path traversal...
CVE-2021-37064
There is a Improper Limitation of a Pathname to a Restricted Directory vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to arbitrary file created...
CivetWeb 路径遍历漏洞
CivetWeb is an open source, easy-to-use, powerful, C/C++-embeddable web server with optional CGI, SSL, and Lua support. A security vulnerability exists in CivetWeb that stems from a failure of a network system or product to properly filter special elements in a resource or file path. An attacker...