EUVD-2024-27410

Malicious code in bioql PyPI...

Apple iPadOS 安全漏洞

Apple iPadOS is an operating system for the iPad tablet computer from Apple USA. A security vulnerability exists in Apple iPadOS that originates from shortcuts that may access files that are normally inaccessible...

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for the iPad tablet computer. A security vulnerability exists in Apple iOS and Apple iPadOS that originates from shortcuts that may access...

CVE-2023-35173

Nextcloud End-to-end encryption app provides all the necessary APIs to implement End-to-End encryption on the client side. By providing an invalid meta data file, an attacker can make previously dropped files inaccessible. It is recommended that the Nextcloud End-to-end encryption app is upgraded...

Design/Logic Flaw

The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. This vulnerability affects Firefox 99...

CVE-2022-28283

The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. This vulnerability affects Firefox 99...

Rust 竞争条件问题漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A Competing Conditions Issue vulnerability exists in Rust that arises from the product's std::fs::removedirall function that does not validate user permissions. An attacker could use this vulnerability to remove...

CVE-2019-1170

An elevation of privilege vulnerability exists when reparse points are created by sandboxed processes allowing sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system. To exploit the vulnerability, an attack...

Directory traversal

Directory traversal vulnerability in the web request/response interface in Appserver before 1.0.3 allows remote attackers to read normally inaccessible files via a .. dot dot in a crafted URL...

CVE-2015-1847

Directory traversal vulnerability in the web request/response interface in Appserver before 1.0.3 allows remote attackers to read normally inaccessible files via a .. dot dot in a crafted URL...

CVE-2006-2334

The RtlDosPathNameToNtPathNameU API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or...