Authentication Bypass

Astro is vulnerable to an authentication bypass. The vulnerability is due to improper handling of double URL encoding in middleware pathname checks, which allows an unauthenticated attacker to bypass path-based authentication and gain unauthorized access to protected routes...

PT-2025-5798 · Ibm · Ibm App Connect Enterprise

Name of the Vulnerable Software and Affected Versions: IBM App Connect enterprise versions 12.0.1.0 through 12.0.12.10 IBM App Connect enterprise versions 13.0.1.0 through 13.0.2.1 Description: The issue allows an authenticated user to write to an arbitrary file on the system during bar...

SUSE CVE-2018-11233

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory...

The vulnerability of the extract and extractall functions in the tarfile module of the Python interpreter allows a hacker to execute arbitrary code.

The vulnerability of the extract and extractall functions in the tarfile module of the Python interpreter is related to incorrect pathname restrictions for restricted access directories. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the web interface of Cisco Adaptive Security Appliance (ASA) and Configure Firepower Threat Defense (FTD) allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the web interface of Cisco Adaptive Security Appliance ASA and Configure Firepower Threat Defense FTD lies in the lack of pathname checking for access-controlled directories. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality,...

CVE-2019-12277

Blogifier 2.3 before 2019-05-11 does not properly restrict APIs, as demonstrated by missing checks for .. in a pathname...

CVE-2019-12277

Blogifier 2.3 before 2019-05-11 does not properly restrict APIs, as demonstrated by missing checks for .. in a pathname...

USN-3671-1 git vulnerabilities

Etienne Stalmans discovered that git did not properly validate git submodules files. A remote attacker could possibly use this to craft a git repo that causes arbitrary code execution when "git clone --recurse-submodules" is used. CVE-2018-11235 It was discovered that an integer overflow existed ...