CVE-2020-9901

An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A local attacker may be able to elevate their privileges...

CVE-2020-9900

An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A local attacker may be able to elevate their privileges...

CVE-2020-9900

An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A local attacker may be able to elevate their privileges...

CVE-2020-9901

CVE-2020-9901 – Apple platforms : An issue in the path validation logic for symbolic links allowed local privilege elevation. Apple fixed this by improved path sanitization, with patches in iOS 13.6, iPadOS 13.6, macOS Catalina 10.15.6, and tvOS 13.4.8. The vulnerability is local and requires no ...

CVE-2020-9900

CVE-2020-9900 involves a path validation issue in the symlink handling within Apple’s Crash Reporter pathway affecting multiple Apple OS variants (iOS/iPadOS, macOS, tvOS, watchOS). The root cause is improper path sanitization during symlink validation, enabling a local attacker to elevate privil...

CVE-2020-9900

An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A local attacker may be able to elevate their privileges...

Directory Traversal

superstatic is vulnerable to directory traversal. Lack of validation in the file path allows a user to access to system files through the path name using the ../ characters...

PT-2020-20849 · Apple · Ipados +4

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 13.6 iPadOS versions prior to 13.6 macOS Catalina versions prior to 10.15.6 tvOS versions prior to 13.4.8 watchOS versions prior to 6.2.8 Description: An issue existed within the path validation logic for symlinks, which...

PT-2020-20850 · Apple · Ios +3

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 13.6 iPadOS versions prior to 13.6 macOS Catalina versions prior to 10.15.6 tvOS versions prior to 13.4.8 Description: The issue existed within the path validation logic for symlinks, which was addressed with improved pa...

CVE-2020-3427

The Windows Logon installer prior to 4.1.2 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Windows Logon, cause Denia...

CVE-2020-3427

The Windows Logon installer prior to 4.1.2 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Windows Logon, cause Denia...

The vulnerability of the software for working with animations in Adobe Character Animator lies in errors during the path validation of dynamically loaded libraries, allowing attackers to execute arbitrary code.

The vulnerability of the software for working with animations in Adobe Character Animator is related to errors in checking the path of dynamically loaded libraries. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

CVE-2020-1904

A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlsx, and pptx files as attachments to messages...

Directory traversal

A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlsx, and pptx files as attachments to messages...

Important: Red Hat Security Advisory: librepo security update

An update for librepo is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

librepo security update

1.11.0-3 - Validate paths read from repomd.xml RhBug:1866498...

OPENSUSE-SU-2020:1289-1 Security update for librepo

This update for librepo fixes the following issues: - Fixed path validation to prevent directory traversal attacks bsc1175475, CVE-2020-14352 This update was imported from the SUSE:SLE-15-SP2:Update update project...

Security update for librepo (important)

openSUSE Security Update: Security update for librepo Announcement ID: openSUSE-SU-2020:1289-1 Rating: important References: 1175475 Cross-References: CVE-2020-14352 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for librepo...

CVE-2020-15641

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileUploadBytes method of the FlashValidatorServiceImpl...

CVE-2020-15645

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...