VulnCheck KEV: CVE-2018-11759

The Apache Web Server httpd specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK modjk Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then...

AZL-79034 CVE-2023-45283 affecting package golang 1.25.7-1

The filepath package does not recognize paths with a ??\ prefix as special. On Windows, a path beginning with ??\ is a Root Local Device path equivalent to a path beginning with \?. Paths with a ??\ prefix may be used to access arbitrary locations on the system. For example, the path ??\c:\x...

SUSE CVE-2023-41105

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python...

CVE-2023-41105

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python...

SUSE CVE-2018-1323

The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible fo...

SUSE CVE-2018-11759

The Apache Web Server httpd specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK modjk Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was...

SUSE CVE-2021-43815

Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerabili...

GHSA-JQH6-9574-5X22 MITM based Zip Slip in `ca.uhn.hapi.fhir:org.hl7.fhir.core`

Impact MITM can enable Zip-Slip. Vulnerability Vulnerability 1: Scanner.java There is no validation that the zip file being unpacked has entries that are not maliciously writing outside of the intended destination directory...

FreeRDP path traversal vulnerability

FreeRDP is an open source implementation of the Remote Desktop Protocol RDP from the FreeRDP team. FreeRDP is vulnerable to a path traversal vulnerability that stems from a lack of path normalization and basic path checking for the "drive" channel. An attacker could use this vulnerability to read...

Hertz 路径遍历漏洞

Hertz is a Golang microservices HTTP framework open sourced by CloudWeGo. v0.3.0 of Hertz contains a path traversal vulnerability that stems from a failure of the normalizePath function to properly filter special elements in a resource or file path. An attacker could exploit this vulnerability to...

grafana: directory traversal vulnerability

Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension...

CVE-2021-43798

A directory path traversal vulnerability was found in Grafana. This flaw allows an attacker to obtain read access to the local files due to a lack of path normalization in the /public/plugins// URL...

Command Execution Vulnerability in Apache HTTP Server 2.4.49

Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. A command execution vulnerability exists in Apache HTTP Server 2.4.49 due to a flaw in the changes made to path normalizatio...

Path Traversal

apache2 has path traversal. The vulnerability exists due to a flaw found in a change made to path normalization...

CVE-2021-37713

The npm package "tar" aka node-tar before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, ...

ALPINE-CVE-2021-37712

The npm package "tar" aka node-tar before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achiev...

CVE-2021-37712

The npm package "tar" aka node-tar before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achiev...

CVE-2021-37713

The npm package "tar" aka node-tar before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, ...

CVE-2021-37713

The npm package "tar" aka node-tar before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, ...

CVE-2021-37713

The CVE-2021-37713 issue concerns the npm package tar (node-tar) on Windows where extraction could create or overwrite arbitrary files and execute code due to insufficient path sanitization for drive-letter paths (e.g., C: paths) that differ from the extraction target. The vulnerability arises wh...