Astra Linux - уязвимость в chromium

Insufficient data validation in the File System of Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass file system restrictions through a crafted HTML page. Chromium security severity: Medium...

UNIX Symbolic Link (Symlink) Following

Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following in the fs.symlink function. An attacker can escape the allowed path and read/write sensitive files by chaining directories and symlinks, bypassing --allow-fs-read and --allow-fs-write restrictions...

EUVD-2023-27399

Malicious code in bioql PyPI...

Flock Safety The Bravo Compute Box 安全漏洞

Flock Safety The Bravo Compute Box is an edge computing device from Flock Safety USA. A security vulnerability exists in Flock Safety The Bravo Compute Box BRAVO00.00local20241017 version, which stems from the acceptance of the default Thundercomm TurboX 6490 Firehose loader, which could lead to ...

RHEL 9 : aide (RHSA-2025:15409)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:15409 advisory. Advanced Intrusion Detection Environment AIDE is a utility that creates a database of files on the system, and then uses that database to ensure fil...

CVE-2024-52291 Craft has a Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution

Craft is a content management system CMS. A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme e.g., file://file:////. This enables the attacker to specify sensitive folders as the file system, leading to potential file...

PT-2024-35157 · Craft Cms · Craft Cms

Name of the Vulnerable Software and Affected Versions: CraftCMS versions prior to 4.12.5 CraftCMS versions prior to 5.4.6 Description: A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme. This enables the attacker to specify...

Important: ruby

Issue Overview: A flaw was discovered in Ruby in the way certain functions handled strings containing NULL bytes. Specifically, the built-in methods File.fnmatch and its alias File.fnmatch? did not properly handle path patterns containing the NULL byte. A remote attacker could exploit this flaw t...

PT-2023-12782 · Drupal · Drupal

Name of the Vulnerable Software and Affected Versions: Drupal version 9.3 Description: The issue arises from the incomplete integration of the generic entity access API for entity revisions with existing permissions in Drupal 9.3. This results in possible access bypass for users who have access t...

SUSE CVE-2022-4190

Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-0140

Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. Chromium security severity: Low...

CVE-2022-4190

Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2022-1857

Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass file system restrictions via a crafted HTML page...

DEBIAN-CVE-2020-16019

Inappropriate implementation in filesystem in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to bypass noexec restrictions via a malicious file...

CVE-2020-11497

The CVE-2020-11497 entry concerns the WordPress WooCommerce NAB Transact plugin (version 2.1.0). A payment bypass vulnerability exists because the plugin does not validate the origin of payment processor status requests, allowing an attacker to mark orders as fully paid by issuing a crafted GET r...

CVE-2019-9384

In LockPatternUtils, there is a possible escalation of privilege due to an improper permissions check. This could lead to local bypass of the Lockguard with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID:...

Design/Logic Flaw

A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR 52.1 and Firefox 53...

php: missing null byte checks for paths in various PHP extensions

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...

CVE-2015-3083

Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on...

Polar Helpdesk 3.0 Cookie Based Authentication System Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10775/info Polar Helpdesk is reported prone to a cookie based authentication system bypass vulnerability. It is reported that the authentication and privilege system for Polar Helpdesk is based entirely on the values read...