31 matches found
Container and Containerization archive extraction does not guard against escapes from extraction base directory.
Summary The ArchiveReader.extractContents function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system...
CVE-1999-0313
diskbandwidth on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames...
EUVD-2002-1030
Malware in sbrugna...
EUVD-2002-1029
Malware in sbrugna...
EUVD-2000-1060
Malware in sbrugna...
The vulnerability of the Rack::Static class in the module interface between web servers and Rack web applications allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Rack::Static module interface between web servers and Rack web applications is related to errors in processing the relative path to the directory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the client for remote desktop clients on Windows operating systems allows a hacker to execute arbitrary code.
The vulnerability of the Remote Desktop Client for Windows operating systems in handling relative pathnames to directories involves errors in processing those paths. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Voyager PHP framework Laravel, related to errors in handling relative pathnames to directories, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the Voyager PHP-framework Laravel relates to errors in handling relative pathnames to directories. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...
The vulnerability of the h5-vcav-bootstrap-service software, a management software for virtual infrastructure of VMware vCenter Server, allows an attacker to read local files on the server where the vulnerable software is installed. It also enables the attacker to forge requests on the server side and perform XSS attacks.
The vulnerability of the h5-vcav-bootstrap-service plugin in the virtualization infrastructure management software is related to errors in processing relative pathnames to directories. Exploiting this vulnerability allows a malicious actor to read local files on the server where the vulnerable...
CVE-2018-9159
In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark...
Updated libmspack/cabextract packages fix security vulnerabilities
Hanno Böck discovered that libmspack incorrectly handled certain CHM files. An attacker could possibly use this issue to cause a denial of service CVE-2018-14679, CVE-2018-14680. Jakub Wilk discovered that libmspack incorrectly handled certain KWAJ files. An attacker could possibly use this issue...
CVE-2018-18586
chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended...
CVE-2018-18586
chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended...
Moderate severity vulnerability that affects com.sparkjava:spark-core
In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark...
spark: Absolute and relative pathnames allow for unintended static file disclosure
In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark...
spark: Absolute and relative pathnames allow for unintended static file disclosure
In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark...
Directory Traversal
spark-core is vulnerable to directory traversal attacks. Attackers can access files outside of the intended directory by using relative pathnames and including items such as ../ when performing requests...
CVE-2018-9159
In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark...
CVE-2018-9159
In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark...
Moderate: Red Hat Security Advisory: : : : Updated CVS packages fix security issue
Updated cvs packages that fix a client vulnerability that could be exploited by a malicious server are now available. Updated Apr 19 2004 The description text has been updated to include CAN-2004-0405 which was also fixed but not mentioned when this advisory was first released. There has been no...