CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SWHKD 1.1.5 has a vulnerability due to insecure handling of the /tmp/swhkd.sock pathname, exposing information and enabling denial of service. The issue is tied to insecure temporary file/socket usage. Affected component: SWHKD 1.1.5 (Rust-based daemon). Impact, per sources: potential information...

9.1CVSS9AI score0.00486EPSS

Exploits0References3Affected Software1

Tenable Nessus•added 2022/01/20 12:0 a.m.•19 views

RHEL 8 : gegl04 (RHSA-2022:0177)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0177 advisory. GEGL Generic Graphics Library is a graph-based image processing framework. Security Fixes: gegl: shell expansion via a crafted pathname CVE-2021-4546...

7.8CVSS7.3AI score0.02091EPSS

Exploits0References4

CVE•added 2021/08/04 2:57 p.m.•43 views

CVE-2021-24010

CVE-2021-24010 — Fortinet FortiSandbox contains a path traversal (CWE-22) vulnerability. Affected versions: FortiSandbox 3.2.0–3.2.2 and 3.1.0–3.1.4. An authenticated user can obtain unauthorized access to files and data via specially crafted web requests due to improper limitation of a pathname ...

8.1CVSS6.4AI score0.00437EPSS

Exploits0References1Affected Software1

OSV•added 2020/12/30 11:15 p.m.•11 views

CVE-2020-27534

util/binfmtmisc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call...

5.3CVSS7.1AI score

Exploits0References5

UbuntuCve•added 2020/12/12 12:15 a.m.•32 views

CVE-2020-35176

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...

5.3CVSS6.8AI score0.00937EPSS

Exploits0References2

NVD•added 2020/03/03 11:15 a.m.•14 views

CVE-2019-3696

A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise...

8.4CVSS8.1AI score0.00103EPSS

Exploits1References1

Prion•added 2018/05/18 4:29 p.m.•31 views

Integer overflow

stdlib/canonicalize.c in the GNU C Library aka glibc or libc6 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution...

7.5CVSS9.5AI score0.00893EPSS

Exploits0References9Affected Software7

NVD•added 2015/01/01 2:59 a.m.•10 views

CVE-2011-5289

The SaveDecrypted method in the ChilkatCrypt2.ChilkatOmaDrm.1 ActiveX control in ChilkatCrypt2.dll in aTube Catcher 2.3.570 allows remote attackers to write to arbitrary files via a pathname in the argument...

6.4CVSS6.8AI score0.03932EPSS

Exploits1References1

NVD•added 2014/01/09 6:7 p.m.•19 views

CVE-2013-6955

webman/imageSelector.cgi in Synology DiskStation Manager DSM 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header...

10CVSS7AI score0.83314EPSS

Exploits5References1

CVE•added 2013/07/10 1:0 a.m.•55 views

CVE-2013-3154

CVE-2013-3154 affects Windows Defender on Windows 7 and Windows Server 2008 R2. The issue is caused by an incorrect pathname used by the signature-update functionality, enabling local users to gain privileges via a Trojan horse in the %SYSTEMDRIVE% top-level directory. A successful exploit allows...

6.9CVSS6.4AI score0.03751EPSS

Exploits1References4Affected Software3

NVD•added 2013/05/16 11:45 a.m.•14 views

CVE-2013-1671

Mozilla Firefox before 21.0 does not properly implement the INPUT element, which allows remote attackers to obtain the full pathname via a crafted web site...

4.3CVSS6.2AI score0.00566EPSS

Exploits0References6

UbuntuCve•added 2013/05/14 12:0 a.m.•24 views

CVE-2013-1671

Mozilla Firefox before 21.0 does not properly implement the INPUT element, which allows remote attackers to obtain the full pathname via a crafted web site...

4.3CVSS7.2AI score0.00566EPSS

Exploits0References3

UbuntuCve•added 2007/06/04 4:30 p.m.•18 views

CVE-2007-2452

Heap-based buffer overflow in the visitoldformat function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036...

6CVSS6.5AI score0.01678EPSS

Exploits0References1

NVD•added 2002/08/12 4:0 a.m.•18 views

CVE-2002-0499

The dpath function in Linux kernel 2.2.20 and earlier, and 2.4.18 and earlier, truncates long pathnames without generating an error, which could allow local users to force programs to perform inappropriate operations on the wrong directories...

2.1CVSS6.2AI score0.00461EPSS

Exploits1References5

CVE•added 2002/06/11 4:0 a.m.•45 views

CVE-2002-0455

Product affected: IncrediMail. Vulnerability: attachments stored in a directory with a fixed name, enabling a predictable path. Impact (per sources): could facilitate exploitation of vulnerabilities in other software that rely on known directory pathnames when installing or reading files. Root ca...

5CVSS7.1AI score0.00875EPSS

Exploits1References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by