Type confusion

This affects the package set-value before =3.0.0 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...

UBUNTU-CVE-2021-23440

This affects the package set-value before =3.0.0 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...

Prototype Pollution in object-path

This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'. This is because t...

CVE-2021-23436

This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...

CVE-2021-23436

This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...

CVE-2021-23436

This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...

CVE-2021-23434

Prototype pollution has been discovered in object-path NodeJS library. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'...

DEBIAN-CVE-2021-23434

This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'. This is because t...

CVE-2021-23434

This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'. This is because t...

CVE-2021-23434

This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'. This is because t...

rConfig 安全漏洞

rConfig is an open source network configuration management utility. rConfig is vulnerable due to an arbitrary file deletion vulnerability in rConfig 3.9.5. An attacker could use the vulnerability to send a crafted request to /lib/ajaxHandlers/ajaxDeleteAllLoggingFiles.php by specifying a path in...

PT-2021-11130 · Rconfig · Rconfig

Name of the Vulnerable Software and Affected Versions: rConfig versions 3.9.5 Description: An arbitrary file deletion issue allows attackers to delete files by sending a crafted request to "/lib/ajaxHandlers/ajaxDeleteAllLoggingFiles.php" and specifying a path in the path parameter and an extensi...

Centreon 操作系统命令注入漏洞

Centreon, a free and open source IT and application monitoring software, is vulnerable to an OS command injection vulnerability in /graphStatus/displayServiceStatus.php in Centreon version 19.10.8. A remote attacker can exploit this vulnerability to execute arbitrary OS commands via shell...

springframework: RFD protection bypass via jsessionid

In Spring Framework, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter...

PT-2021-10845 · Rconfig · Rconfig

Name of the Vulnerable Software and Affected Versions: rConfig version 3.9.5 Description: The issue allows command injection by sending a crafted GET request to "lib/ajaxHandlers/ajaxArchiveFiles.php" since the path parameter is passed directly to the exec function without being escaped...

CVE-2021-32508

Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager...

CVE-2021-32506

Absolute Path Traversal vulnerability in GetImage in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3...

Path traversal

Absolute Path Traversal vulnerability in FileDownload in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3...

Directory traversal

QSAN Storage Manager through directory listing vulnerability in antivirus function allows remote authenticated attackers to list arbitrary directories by injecting file path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3...

CVE-2021-32506

The CVE-2021-32506 entry concerns QSAN Storage Manager (QSAN Storage Manager NAS OS). A path traversal vulnerability exists in the GetImage function that does not validate the URL path parameter, enabling remote authenticated attackers to download arbitrary files. The issue is mitigated by updati...