Parallels Desktop Toolgate Directory Traversal Arbitrary File Deletion Vulnerability

Parallels Desktop is a virtual machine software that runs on Mac computers. A security vulnerability exists in the Toolgate component in Parallels Desktop version 16.1.1-49141. The vulnerability stems from failure to properly validate a user-supplied path before using it in a file operation. An...

CVE-2021-31421

This vulnerability allows local attackers to delete arbitrary files on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists...

Apple tvOS 路径遍历漏洞

Apple tvOS is a smart TV operating system from Apple. A path traversal vulnerability exists in tvOS, which stems from insufficient directory path validation. The following products and versions are affected: tvOS: 14.0 18J386, 14.0.1 18J400, 14.0.2 18J411, 14.2 18K57, 14.3 18K561, 14.4 18K802, 14...

PT-2021-5288 · Apple · Ipados +4

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 11.3 iOS versions prior to 14.5 iPadOS versions prior to 14.5 watchOS versions prior to 7.4 tvOS versions prior to 14.5 Description: A parsing issue in the handling of directory paths was addressed with improved path...

CVE-2021-27278

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists withi...

Directory Traversal

flow-server is vulnerable to directory traversal. The attack is possible due to a lack of proper validation of URL path, allowing an attacker to inject ../ characters into in parameters to access resources outside of the web root...

SUSE: Security Advisory (SUSE-SU-2020:3159-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GO-2021-0099 Zip slip directory exploit in github.com/deislabs/oras

Due to improper path validation, using the github.com/deislabs/oras/pkg/content.FileStore content store may result in directory traversal during archive extraction, allowing a malicious archive to write paths to arbitrary paths that the process can write to...

CVE-2021-27250

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When...

VulnCheck KEV: CVE-2018-2380

SAP Customer Relationship Management CRM contains a path traversal vulnerability that allows an attacker to exploit insufficient validation of path information provided by users...

CVE-2021-27275

This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...

CVE-2021-27272

This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...

CVE-2021-27274

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MFileUploadController class. The issue results fr...

CVE-2021-27274

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MFileUploadController class. The issue results fr...

NETGEAR ProSAFE Network Management System 代码问题漏洞

Netgear NETGEAR is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between networks. A code issue vulnerability exists in the NETGEAR ProSAFE Network Management System, which arises from a failure to properly validate a...

CVE-2021-1492

The Duo Authentication Proxy installer prior to 5.2.1 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Duo...

DUO Duo Authentication Proxy 安全漏洞

DUO Authentication Proxy is an application from DUO USA Inc. It is used for authentication proxies. A security vulnerability in the DUO Authentication Proxy installer prior to version 5.2.1, which stems from failure to properly validate a file installation path, can be exploited by an attacker to...

The vulnerability of the installation file FortiClientEMSOnlineInstaller.exe of the Fortinet FortiClient Enterprise Management Server (EMS) allows a perpetrator to execute arbitrary code.

The vulnerability of the installation file FortiClientEMSOnlineInstaller.exe of the Fortinet FortiClient Enterprise Management Server EMS server is related to errors in the path validation mechanism. Exploiting this vulnerability could allow an attacker to execute arbitrary code using specially...

The vulnerability of the executable file FortiClientOnlineInstaller.exe, a security tool from Fortinet’s FortiClient for Windows, allows a perpetrator to execute arbitrary code.

The vulnerability of the installation file FortiClientOnlineInstaller.exe, a security tool from Fortinet’s FortiClient for Windows, is related to errors in the path validation mechanism. Exploiting this vulnerability could allow an attacker to execute arbitrary code using specially uploaded DLL...

openSUSE Security Update : librepo (openSUSE-2021-277)

This update for librepo fixes the following issues : - Upgrade to 1.12.1 + Validate path read from repomd.xml bsc1175475, CVE-2020-14352 - Changes from 1.12.0 + Prefer mirrorlist/metalink over baseurl rh1775184 + Decode package URL when using for local filename rh1817130 + Fix memory leak in...