CVE-2021-1492

The Duo Authentication Proxy installer prior to 5.2.1 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Duo...

DUO Duo Authentication Proxy 安全漏洞

DUO Authentication Proxy is an application from DUO USA Inc. It is used for authentication proxies. A security vulnerability in the DUO Authentication Proxy installer prior to version 5.2.1, which stems from failure to properly validate a file installation path, can be exploited by an attacker to...

The vulnerability of the installation file FortiClientEMSOnlineInstaller.exe of the Fortinet FortiClient Enterprise Management Server (EMS) allows a perpetrator to execute arbitrary code.

The vulnerability of the installation file FortiClientEMSOnlineInstaller.exe of the Fortinet FortiClient Enterprise Management Server EMS server is related to errors in the path validation mechanism. Exploiting this vulnerability could allow an attacker to execute arbitrary code using specially...

The vulnerability of the executable file FortiClientOnlineInstaller.exe, a security tool from Fortinet’s FortiClient for Windows, allows a perpetrator to execute arbitrary code.

The vulnerability of the installation file FortiClientOnlineInstaller.exe, a security tool from Fortinet’s FortiClient for Windows, is related to errors in the path validation mechanism. Exploiting this vulnerability could allow an attacker to execute arbitrary code using specially uploaded DLL...

openSUSE Security Update : librepo (openSUSE-2021-277)

This update for librepo fixes the following issues : - Upgrade to 1.12.1 + Validate path read from repomd.xml bsc1175475, CVE-2020-14352 - Changes from 1.12.0 + Prefer mirrorlist/metalink over baseurl rh1775184 + Decode package URL when using for local filename rh1817130 + Fix memory leak in...

OPENSUSE-SU-2021:0295-1 Security update for librepo

This update for librepo fixes the following issues: - Upgrade to 1.12.1 + Validate path read from repomd.xml bsc1175475, CVE-2020-14352 - Changes from 1.12.0 + Prefer mirrorlist/metalink over baseurl rh1775184 + Decode package URL when using for local filename rh1817130 + Fix memory leak in...

Security update for librepo (important)

openSUSE Security Update: Security update for librepo Announcement ID: openSUSE-SU-2021:0295-1 Rating: important References: 1175475 Cross-References: CVE-2020-14352 CVSS scores: CVE-2020-14352 NVD : 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2020-14352 SUSE: 8...

Security update for librepo (important)

openSUSE Security Update: Security update for librepo Announcement ID: openSUSE-SU-2021:0277-1 Rating: important References: 1175475 Cross-References: CVE-2020-14352 CVSS scores: CVE-2020-14352 NVD : 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2020-14352 SUSE: 8...

CVE-2020-27870

This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform 2020.2.1. Authentication is required to exploit this vulnerability. The specific flaw exists within ExportToPDF.aspx. The issue results from the lack of proper...

CentOS 8 : librepo (CESA-2020:3658)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:3658 advisory. - librepo: missing path validation in repomd.xml may lead to directory traversal CVE-2020-14352 Note that Nessus has not tested for this issue but has instead...

NEC ESMPRO Manager Information Disclosure Vulnerability

NEC ESMPRO Manager is a product from Nippon Electric NEC for managing NEC servers. The product supports management monitoring of server CPU load, memory usage, disk usage, server's hard disk protection status and LAN traffic status. A security vulnerability exists in NEC ESMPRO Manager version 6....

The vulnerability in the CDCreateKernlConnection function of the condrv.sys driver in the Windows operating system allows a hacker to cause a service failure.

The vulnerability of the CDCreateKernlConnection function in the condrv.sys driver of the Windows operating system is related to deficiencies in the path name validation process. Exploiting this vulnerability allows a malicious actor to trigger service failures by using a specially crafted path...

CVE-2021-21251 ZipSlip Arbitrary File Upload

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3 there is a critical "zip slip" vulnerability. This issue may lead to arbitrary file write. The KubernetesResource REST endpoint untars user controlled data from the request body using TarUtils. TarUtils is a custom library...

Insecure Logic Validation

csync2 does not securely validate a logic path within the application. The return value GNUTLSEWARNINGALERTRECEIVED of the gnutlshandshake function is not properly validated as required by design of the API and would lead to unintended logic execution...

CVE-2020-25842

The encryption function of NHIServiSignAdapter fail to verify the file path input by users. Remote attacker can access arbitrary files through the flaw without privilege...

NHIServiSignAdapter Access Control Error Vulnerability

Panorama NHIServiSignAdapter is a security control component for panoramic surveillance devices from China Panorama. A security vulnerability exists in NHIServiSignAdapter, which stems from an encryption feature that fails to validate user-entered file paths. A remote attacker can exploit this...

Virtuozzo 7 : librepo / librepo-devel / python-librepo (VZLSA-2020-5012)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5012 advisory. - librepo: missing path validation in repomd.xml may lead to directory traversal CVE-2020-14352 Note that Nessus has not tested for this issue but ha...

About the security content of iOS 14.2 and iPadOS 14.2 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

About the security content of tvOS 14.2 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

SUSE SLES12 Security Update : java-11-openjdk (SUSE-SU-2020:3159-1)

"This update for java-11-openjdk fixes the following issues : Update to upstream tag jdk-11.0.9-11 October 2020 CPU, bsc1177943 - New features + JDK-8250784: Shenandoah: A Low-Pause-Time Garbage Collector - Security fixes + JDK-8233624: Enhance JNI linkage + JDK-8236196: Improve string pooling +...