Lucene search
K

133 matches found

Prion
Prion
added 2021/04/07 10:15 p.m.13 views

Design/Logic Flaw

Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain...

6.5CVSS8.8AI score0.04867EPSS
Exploits3References5Affected Software1
Cvelist
Cvelist
added 2021/03/11 3:5 a.m.37 views

CVE-2021-21363 Generator Web Application: Local Privilege Escalation Vulnerability via System Temp Directory

swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix like systems, the system's temporary...

5.3CVSS6.6AI score0.00414EPSS
Exploits1References2
Microsoft CVE
Microsoft CVE
added 2021/01/29 8:0 a.m.5 views

fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8 when there is an NFS export of a subdirectory of a filesystem allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior

...

6.5CVSS7AI score0.02417EPSS
Exploits0
OSV
OSV
added 2021/01/19 7:15 a.m.0 views

DEBIAN-CVE-2021-3178

fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attac...

6.5CVSS6.5AI score0.02417EPSS
Exploits0References1
OSV
OSV
added 2021/01/19 7:15 a.m.6 views

CVE-2021-3178

fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attac...

6.5CVSS7.5AI score
Exploits0References4
OSV
OSV
added 2021/01/19 7:15 a.m.2 views

UBUNTU-CVE-2021-3178

fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attac...

6.5CVSS6.7AI score0.02417EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2021/01/12 12:0 a.m.15 views

PT-2021-2999 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.10.8 Description: The issue is related to the fs/nfsd/nfs3xdr.c component in the Linux kernel, which allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS when there is an NFS...

9.8CVSS6.2AI score0.78684EPSS
Exploits152References891
RedHat Linux
RedHat Linux
added 2020/12/08 8:55 a.m.3 views

jetty: local temporary directory hijacking vulnerability

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub...

7CVSS7.5AI score0.043EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2020/11/04 12:0 a.m.28 views

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2020-2376)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.02267EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/11/03 12:0 a.m.44 views

EulerOS 2.0 SP2 : openssh (EulerOS-SA-2020-2376)

According to the version of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious...

7.5CVSS7.8AI score0.02267EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/09/28 12:0 a.m.50 views

EulerOS 2.0 SP3 : openssh (EulerOS-SA-2020-2112)

According to the version of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious...

7.5CVSS7.8AI score0.02267EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2020/09/03 6:19 a.m.30 views

CVE-2020-12415

When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. This vulnerability affects Firefox 78...

4.3CVSS2AI score0.01272EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2020/09/02 12:0 a.m.38 views

EulerOS 2.0 SP5 : openssh (EulerOS-SA-2020-1928)

According to the version of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious...

7.5CVSS7.8AI score0.02267EPSS
Exploits0References2
Veracode
Veracode
added 2020/08/06 9:32 p.m.24 views

Authorization Bypass

firefox is vulnerable to authorization bypass. When %2F is present in a manifest URL, the AppCache behavior allows a manifest to be served from a subdirectory and be used to service requests for the top level directory...

6.5CVSS2.7AI score0.01272EPSS
Exploits0References5Affected Software5
Tenable Nessus
Tenable Nessus
added 2020/07/30 12:0 a.m.45 views

EulerOS 2.0 SP8 : openssh (EulerOS-SA-2020-1818)

According to the version of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious...

7.5CVSS7.8AI score0.02267EPSS
Exploits0References2
CVE
CVE
added 2020/07/09 2:39 p.m.256 views

CVE-2020-12415

CVE-2020-12415 describes AppCache manifest poisoning in Firefox when a URL contains a %2F, which could allow serving a manifest from a subdirectory and potentially cause the appcache to service top-level directory requests. Public references confirm this vulnerability affects Firefox versions ear...

6.5CVSS6.3AI score0.01272EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2020/07/09 2:39 p.m.32 views

CVE-2020-12415

When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. This vulnerability affects Firefox 78...

6.5CVSS8AI score0.01272EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2020/07/01 12:0 a.m.29 views

CVE-2020-12415

When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. This vulnerability affects Firefox 78...

6.5CVSS6.9AI score0.01272EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2020/06/25 12:0 a.m.44 views

EulerOS Virtualization for ARM 64 3.0.6.0 : openssh (EulerOS-SA-2020-1690)

According to the version of the openssh packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - DISPUTED The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call...

7.5CVSS7.5AI score0.02267EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2020/06/16 12:26 p.m.16 views

CVE-2020-13431

Removed by vendor...

7.8CVSS7.7AI score0.00309EPSS
Exploits0
Rows per page
Query Builder