CWE-706
Use of Incorrectly-Resolved Name or Reference
The product uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.
CVE-2014-125125 (GCVE-0-2014-125125)
Vulnerability from cvelistv5
Published
2025-07-31 14:50
Modified
2025-07-31 15:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A path traversal vulnerability exists in A10 Networks AX Loadbalancer versions 2.6.1-GR1-P5, 2.7.0, and earlier. The vulnerability resides in the handling of the filename parameter in the /xml/downloads endpoint, which fails to properly sanitize user input. An unauthenticated attacker can exploit this flaw by sending crafted HTTP requests containing directory traversal sequences to read arbitrary files outside the intended directory. The files returned by the vulnerable endpoint are deleted from the system after retrieval. This can lead to unauthorized disclosure of sensitive information such as SSL certificates and private keys, as well as unintended file deletion.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| A10 Networks | AX Series Loadbalancer |
Version: * ≤ 2.6.1-GR1-P5 Version: * ≤ 2.7.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2014-125125",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-31T15:15:49.521576Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T15:15:56.589Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"/xml/downloads"
],
"product": "AX Series Loadbalancer",
"vendor": "A10 Networks",
"versions": [
{
"lessThanOrEqual": "2.6.1-GR1-P5",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.7.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "xistence"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e \n\u003c/p\u003eA path traversal vulnerability exists in A10 Networks AX Loadbalancer versions 2.6.1-GR1-P5, 2.7.0, and earlier. The vulnerability resides in the handling of the filename parameter in the /xml/downloads endpoint, which fails to properly sanitize user input. An unauthenticated attacker can exploit this flaw by sending crafted HTTP requests containing directory traversal sequences to read arbitrary files outside the intended directory. The files returned by the vulnerable endpoint are deleted from the system after retrieval. This can lead to unauthorized disclosure of sensitive information such as SSL certificates and private keys, as well as unintended file deletion.\u003cbr\u003e"
}
],
"value": "A path traversal vulnerability exists in A10 Networks AX Loadbalancer versions 2.6.1-GR1-P5, 2.7.0, and earlier. The vulnerability resides in the handling of the filename parameter in the /xml/downloads endpoint, which fails to properly sanitize user input. An unauthenticated attacker can exploit this flaw by sending crafted HTTP requests containing directory traversal sequences to read arbitrary files outside the intended directory. The files returned by the vulnerable endpoint are deleted from the system after retrieval. This can lead to unauthorized disclosure of sensitive information such as SSL certificates and private keys, as well as unintended file deletion."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
},
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-706",
"description": "CWE-706 Use of Incorrectly-Resolved Name or Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T14:50:53.697Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/a10networks_ax_directory_traversal.rb"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/31261"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/a10-networks-ax-loadbalancer-path-traversal"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A10 Networks AX Loadbalancer Path Traversal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2014-125125",
"datePublished": "2025-07-31T14:50:53.697Z",
"dateReserved": "2025-07-30T15:35:38.708Z",
"dateUpdated": "2025-07-31T15:15:56.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26233 (GCVE-0-2020-26233)
Vulnerability from cvelistv5
Published
2020-12-08 19:55
Modified
2024-08-04 15:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-706 - Use of Incorrectly-Resolved Name or Reference
Summary
Git Credential Manager Core (GCM Core) is a secure Git credential helper built on .NET Core that runs on Windows and macOS. In Git Credential Manager Core before version 2.0.289, when recursively cloning a Git repository on Windows with submodules, Git will first clone the top-level repository and then recursively clone all submodules by starting new Git processes from the top-level working directory. If a malicious git.exe executable is present in the top-level repository then this binary will be started by Git Credential Manager Core when attempting to read configuration, and not git.exe as found on the %PATH%. This only affects GCM Core on Windows, not macOS or Linux-based distributions. GCM Core version 2.0.289 contains the fix for this vulnerability, and is available from the project's GitHub releases page. GCM Core 2.0.289 is also bundled in the latest Git for Windows release; version 2.29.2(3). As a workaround, users should avoid recursively cloning untrusted repositories with the --recurse-submodules option.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microsoft | Git-Credential-Manager-Core |
Version: <= 2.0.280 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:03.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/microsoft/Git-Credential-Manager-Core/security/advisories/GHSA-2gq7-ww4j-3m76"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git-scm.com/docs/git-clone#Documentation/git-clone.txt---recurse-submodulesltpathspecgt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microsoft/Git-Credential-Manager-Core/releases/tag/v2.0.289-beta"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microsoft/Git-Credential-Manager-Core/commit/61c0388e064babb3b4e60d3ec269e8a07ab3bc76"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.blazeinfosec.com/attack-of-the-clones-2-git-command-client-remote-code-execution-strikes-back/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Git-Credential-Manager-Core",
"vendor": "microsoft",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.0.280"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Git Credential Manager Core (GCM Core) is a secure Git credential helper built on .NET Core that runs on Windows and macOS. In Git Credential Manager Core before version 2.0.289, when recursively cloning a Git repository on Windows with submodules, Git will first clone the top-level repository and then recursively clone all submodules by starting new Git processes from the top-level working directory. If a malicious git.exe executable is present in the top-level repository then this binary will be started by Git Credential Manager Core when attempting to read configuration, and not git.exe as found on the %PATH%. This only affects GCM Core on Windows, not macOS or Linux-based distributions. GCM Core version 2.0.289 contains the fix for this vulnerability, and is available from the project\u0027s GitHub releases page. GCM Core 2.0.289 is also bundled in the latest Git for Windows release; version 2.29.2(3). As a workaround, users should avoid recursively cloning untrusted repositories with the --recurse-submodules option."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-706",
"description": "CWE-706: Use of Incorrectly-Resolved Name or Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-15T17:44:06",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/microsoft/Git-Credential-Manager-Core/security/advisories/GHSA-2gq7-ww4j-3m76"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git-scm.com/docs/git-clone#Documentation/git-clone.txt---recurse-submodulesltpathspecgt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microsoft/Git-Credential-Manager-Core/releases/tag/v2.0.289-beta"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microsoft/Git-Credential-Manager-Core/commit/61c0388e064babb3b4e60d3ec269e8a07ab3bc76"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.blazeinfosec.com/attack-of-the-clones-2-git-command-client-remote-code-execution-strikes-back/"
}
],
"source": {
"advisory": "GHSA-2gq7-ww4j-3m76",
"discovery": "UNKNOWN"
},
"title": "Remote Code Execution in Git Credential Manager Core",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-26233",
"STATE": "PUBLIC",
"TITLE": "Remote Code Execution in Git Credential Manager Core"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Git-Credential-Manager-Core",
"version": {
"version_data": [
{
"version_value": "\u003c= 2.0.280"
}
]
}
}
]
},
"vendor_name": "microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Git Credential Manager Core (GCM Core) is a secure Git credential helper built on .NET Core that runs on Windows and macOS. In Git Credential Manager Core before version 2.0.289, when recursively cloning a Git repository on Windows with submodules, Git will first clone the top-level repository and then recursively clone all submodules by starting new Git processes from the top-level working directory. If a malicious git.exe executable is present in the top-level repository then this binary will be started by Git Credential Manager Core when attempting to read configuration, and not git.exe as found on the %PATH%. This only affects GCM Core on Windows, not macOS or Linux-based distributions. GCM Core version 2.0.289 contains the fix for this vulnerability, and is available from the project\u0027s GitHub releases page. GCM Core 2.0.289 is also bundled in the latest Git for Windows release; version 2.29.2(3). As a workaround, users should avoid recursively cloning untrusted repositories with the --recurse-submodules option."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-706: Use of Incorrectly-Resolved Name or Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/microsoft/Git-Credential-Manager-Core/security/advisories/GHSA-2gq7-ww4j-3m76",
"refsource": "CONFIRM",
"url": "https://github.com/microsoft/Git-Credential-Manager-Core/security/advisories/GHSA-2gq7-ww4j-3m76"
},
{
"name": "https://git-scm.com/docs/git-clone#Documentation/git-clone.txt---recurse-submodulesltpathspecgt",
"refsource": "MISC",
"url": "https://git-scm.com/docs/git-clone#Documentation/git-clone.txt---recurse-submodulesltpathspecgt"
},
{
"name": "https://github.com/microsoft/Git-Credential-Manager-Core/releases/tag/v2.0.289-beta",
"refsource": "MISC",
"url": "https://github.com/microsoft/Git-Credential-Manager-Core/releases/tag/v2.0.289-beta"
},
{
"name": "https://github.com/microsoft/Git-Credential-Manager-Core/commit/61c0388e064babb3b4e60d3ec269e8a07ab3bc76",
"refsource": "MISC",
"url": "https://github.com/microsoft/Git-Credential-Manager-Core/commit/61c0388e064babb3b4e60d3ec269e8a07ab3bc76"
},
{
"name": "https://blog.blazeinfosec.com/attack-of-the-clones-2-git-command-client-remote-code-execution-strikes-back/",
"refsource": "MISC",
"url": "https://blog.blazeinfosec.com/attack-of-the-clones-2-git-command-client-remote-code-execution-strikes-back/"
}
]
},
"source": {
"advisory": "GHSA-2gq7-ww4j-3m76",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-26233",
"datePublished": "2020-12-08T19:55:15",
"dateReserved": "2020-10-01T00:00:00",
"dateUpdated": "2024-08-04T15:56:03.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37212 (GCVE-0-2021-37212)
Vulnerability from cvelistv5
Published
2021-08-09 09:15
Modified
2024-09-17 02:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-706 - Use of Incorrectly-Resolved Name or Reference
Summary
The bulletin function of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attackers can manipulate the bulletin ID in specific Url parameters and access and modify bulletin particular content.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Larvata Digital Technology Co. Ltd. | FLYGO |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:03.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4989-5d955-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FLYGO",
"vendor": "Larvata Digital Technology Co. Ltd.",
"versions": [
{
"lessThanOrEqual": "2021.4e",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The bulletin function of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attackers can manipulate the bulletin ID in specific Url parameters and access and modify bulletin particular content."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-706",
"description": "CWE-706 Use of Incorrectly-Resolved Name or Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-09T09:15:26",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4989-5d955-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update FLYGO to version 1.91.1"
}
],
"source": {
"advisory": "TVN-202108002",
"discovery": "EXTERNAL"
},
"title": "Larvata Digital Technology Co. Ltd. FLYGO - Use of Incorrectly-Resolved Name or Reference-1",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-08-09T08:59:00.000Z",
"ID": "CVE-2021-37212",
"STATE": "PUBLIC",
"TITLE": "Larvata Digital Technology Co. Ltd. FLYGO - Use of Incorrectly-Resolved Name or Reference-1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLYGO",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2021.4e"
}
]
}
}
]
},
"vendor_name": "Larvata Digital Technology Co. Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bulletin function of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attackers can manipulate the bulletin ID in specific Url parameters and access and modify bulletin particular content."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-706 Use of Incorrectly-Resolved Name or Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4989-5d955-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4989-5d955-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update FLYGO to version 1.91.1"
}
],
"source": {
"advisory": "TVN-202108002",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-37212",
"datePublished": "2021-08-09T09:15:26.935896Z",
"dateReserved": "2021-07-21T00:00:00",
"dateUpdated": "2024-09-17T02:06:03.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37213 (GCVE-0-2021-37213)
Vulnerability from cvelistv5
Published
2021-08-09 09:15
Modified
2024-09-17 00:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-706 - Use of Incorrectly-Resolved Name or Reference
Summary
The check-in record page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attackers can manipulate the employee ID and date in specific parameters to access particular employee’s check-in record.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Larvata Digital Technology Co. Ltd. | FLYGO |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:03.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4990-0c75d-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FLYGO",
"vendor": "Larvata Digital Technology Co. Ltd.",
"versions": [
{
"lessThanOrEqual": "2021.4e",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The check-in record page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attackers can manipulate the employee ID and date in specific parameters to access particular employee\u2019s check-in record."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-706",
"description": "CWE-706 Use of Incorrectly-Resolved Name or Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-09T09:15:28",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4990-0c75d-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update FLYGO to version 1.91.1"
}
],
"source": {
"advisory": "TVN-202108003",
"discovery": "EXTERNAL"
},
"title": "Larvata Digital Technology Co. Ltd. FLYGO - Use of Incorrectly-Resolved Name or Reference-2",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-08-09T08:59:00.000Z",
"ID": "CVE-2021-37213",
"STATE": "PUBLIC",
"TITLE": "Larvata Digital Technology Co. Ltd. FLYGO - Use of Incorrectly-Resolved Name or Reference-2"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLYGO",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2021.4e"
}
]
}
}
]
},
"vendor_name": "Larvata Digital Technology Co. Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The check-in record page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attackers can manipulate the employee ID and date in specific parameters to access particular employee\u2019s check-in record."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-706 Use of Incorrectly-Resolved Name or Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4990-0c75d-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4990-0c75d-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update FLYGO to version 1.91.1"
}
],
"source": {
"advisory": "TVN-202108003",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-37213",
"datePublished": "2021-08-09T09:15:28.482000Z",
"dateReserved": "2021-07-21T00:00:00",
"dateUpdated": "2024-09-17T00:26:41.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37214 (GCVE-0-2021-37214)
Vulnerability from cvelistv5
Published
2021-08-09 09:15
Modified
2024-09-17 00:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-706 - Use of Incorrectly-Resolved Name or Reference
Summary
The employee management page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attackers can manipulate the employee ID in specific parameters to arbitrary access employee's data, modify it, and then obtain administrator privilege and execute arbitrary command.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Larvata Digital Technology Co. Ltd. | FLYGO |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:03.817Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4991-658b1-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FLYGO",
"vendor": "Larvata Digital Technology Co. Ltd.",
"versions": [
{
"lessThanOrEqual": "2021.4e",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The employee management page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attackers can manipulate the employee ID in specific parameters to arbitrary access employee\u0027s data, modify it, and then obtain administrator privilege and execute arbitrary command."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-706",
"description": "CWE-706 Use of Incorrectly-Resolved Name or Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-09T09:15:29",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4991-658b1-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update FLYGO to version 1.91.1"
}
],
"source": {
"advisory": "TVN-202108004",
"discovery": "EXTERNAL"
},
"title": "Larvata Digital Technology Co. Ltd. FLYGO - Use of Incorrectly-Resolved Name or Reference-3",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-08-09T08:59:00.000Z",
"ID": "CVE-2021-37214",
"STATE": "PUBLIC",
"TITLE": "Larvata Digital Technology Co. Ltd. FLYGO - Use of Incorrectly-Resolved Name or Reference-3"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLYGO",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2021.4e"
}
]
}
}
]
},
"vendor_name": "Larvata Digital Technology Co. Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The employee management page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attackers can manipulate the employee ID in specific parameters to arbitrary access employee\u0027s data, modify it, and then obtain administrator privilege and execute arbitrary command."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-706 Use of Incorrectly-Resolved Name or Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4991-658b1-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4991-658b1-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update FLYGO to version 1.91.1"
}
],
"source": {
"advisory": "TVN-202108004",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-37214",
"datePublished": "2021-08-09T09:15:30.054953Z",
"dateReserved": "2021-07-21T00:00:00",
"dateUpdated": "2024-09-17T00:16:52.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37215 (GCVE-0-2021-37215)
Vulnerability from cvelistv5
Published
2021-08-09 09:15
Modified
2024-09-17 02:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-706 - Use of Incorrectly-Resolved Name or Reference
Summary
The employee management page of Flygo contains an Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attacker can manipulate the user data and then over-write another employee’s user data by specifying that employee’s ID in the API parameter.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Larvata Digital Technology Co. Ltd. | FLYGO |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:03.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4992-dac66-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FLYGO",
"vendor": "Larvata Digital Technology Co. Ltd.",
"versions": [
{
"lessThanOrEqual": "2021.4e",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The employee management page of Flygo contains an Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attacker can manipulate the user data and then over-write another employee\u2019s user data by specifying that employee\u2019s ID in the API parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-706",
"description": "CWE-706 Use of Incorrectly-Resolved Name or Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-09T09:15:31",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4992-dac66-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update FLYGO to version 1.91.1"
}
],
"source": {
"advisory": "TVN-202108005",
"discovery": "EXTERNAL"
},
"title": "Larvata Digital Technology Co. Ltd. FLYGO - Use of Incorrectly-Resolved Name or Reference-4",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-08-09T08:59:00.000Z",
"ID": "CVE-2021-37215",
"STATE": "PUBLIC",
"TITLE": "Larvata Digital Technology Co. Ltd. FLYGO - Use of Incorrectly-Resolved Name or Reference-4"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLYGO",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2021.4e"
}
]
}
}
]
},
"vendor_name": "Larvata Digital Technology Co. Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The employee management page of Flygo contains an Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attacker can manipulate the user data and then over-write another employee\u2019s user data by specifying that employee\u2019s ID in the API parameter."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-706 Use of Incorrectly-Resolved Name or Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4992-dac66-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4992-dac66-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update FLYGO to version 1.91.1"
}
],
"source": {
"advisory": "TVN-202108005",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-37215",
"datePublished": "2021-08-09T09:15:31.594414Z",
"dateReserved": "2021-07-21T00:00:00",
"dateUpdated": "2024-09-17T02:41:52.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27778 (GCVE-0-2022-27778)
Vulnerability from cvelistv5
Published
2022-06-01 19:03
Modified
2024-08-03 05:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-706 - Use of Incorrectly-Resolved Name or Reference ()
Summary
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: fixed in 7.83.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1553598"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220609-0009/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "fixed in 7.83.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-706",
"description": "Use of Incorrectly-Resolved Name or Reference (CWE-706)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-29T19:09:59",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1553598"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220609-0009/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0004/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2022-27778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/curl/curl",
"version": {
"version_data": [
{
"version_value": "fixed in 7.83.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Incorrectly-Resolved Name or Reference (CWE-706)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1553598",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1553598"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220609-0009/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220609-0009/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220729-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220729-0004/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2022-27778",
"datePublished": "2022-06-01T19:03:32",
"dateReserved": "2022-03-23T00:00:00",
"dateUpdated": "2024-08-03T05:32:59.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28198 (GCVE-0-2022-28198)
Vulnerability from cvelistv5
Published
2022-04-29 20:25
Modified
2024-08-03 05:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-706 - Use of Incorrectly-Resolved Name or Reference
Summary
NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its configuration of OpenSSL, where an attacker with physical access to the system can cause arbitrary code execution which can impact confidentiality, integrity, and availability.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | NVIDIA | NVIDIA Omniverse Nucleus |
Version: All versions prior to 2021.3.2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:48:37.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5342"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NVIDIA Omniverse Nucleus",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 2021.3.2"
}
]
},
{
"product": "NVIDIA Omniverse Cache",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 2021.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its configuration of OpenSSL, where an attacker with physical access to the system can cause arbitrary code execution which can impact confidentiality, integrity, and availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-706",
"description": "CWE-706 Use of Incorrectly-Resolved Name or Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-29T20:25:08",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5342"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2022-28198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NVIDIA Omniverse Nucleus",
"version": {
"version_data": [
{
"version_value": "All versions prior to 2021.3.2"
}
]
}
},
{
"product_name": "NVIDIA Omniverse Cache",
"version": {
"version_data": [
{
"version_value": "All versions prior to 2021.3.0"
}
]
}
}
]
},
"vendor_name": "NVIDIA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its configuration of OpenSSL, where an attacker with physical access to the system can cause arbitrary code execution which can impact confidentiality, integrity, and availability."
}
]
},
"impact": {
"cvss": {
"baseScore": 6.6,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-706 Use of Incorrectly-Resolved Name or Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5342",
"refsource": "MISC",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5342"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2022-28198",
"datePublished": "2022-04-29T20:25:08",
"dateReserved": "2022-03-30T00:00:00",
"dateUpdated": "2024-08-03T05:48:37.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31089 (GCVE-0-2022-31089)
Vulnerability from cvelistv5
Published
2022-06-27 21:10
Modified
2025-04-23 18:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a cluster, the availability impact may be low; if you are running Parse Server as single instance without redundancy, the availability impact may be high. This issue has been addressed in versions 4.10.12 and 5.2.3. Users are advised to upgrade. There are no known workarounds for this issue.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| parse-community | parse-server |
Version: < 4.10.12 Version: >=5.0.0, < 5.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:38.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-xw6g-jjvf-wwf9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/parse-community/parse-server/commit/5be375dec2fa35425c1003ae81c55995ac72af92"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31089",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:53:53.649989Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:06:52.797Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "parse-server",
"vendor": "parse-community",
"versions": [
{
"status": "affected",
"version": "\u003c 4.10.12"
},
{
"status": "affected",
"version": "\u003e=5.0.0, \u003c 5.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a cluster, the availability impact may be low; if you are running Parse Server as single instance without redundancy, the availability impact may be high. This issue has been addressed in versions 4.10.12 and 5.2.3. Users are advised to upgrade. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-706",
"description": "CWE-706: Use of Incorrectly-Resolved Name or Reference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-252",
"description": "CWE-252: Unchecked Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T21:10:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-xw6g-jjvf-wwf9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parse-community/parse-server/commit/5be375dec2fa35425c1003ae81c55995ac72af92"
}
],
"source": {
"advisory": "GHSA-xw6g-jjvf-wwf9",
"discovery": "UNKNOWN"
},
"title": "Invalid file request can crashe parse-server",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31089",
"STATE": "PUBLIC",
"TITLE": "Invalid file request can crashe parse-server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "parse-server",
"version": {
"version_data": [
{
"version_value": "\u003c 4.10.12"
},
{
"version_value": "\u003e=5.0.0, \u003c 5.2.3"
}
]
}
}
]
},
"vendor_name": "parse-community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a cluster, the availability impact may be low; if you are running Parse Server as single instance without redundancy, the availability impact may be high. This issue has been addressed in versions 4.10.12 and 5.2.3. Users are advised to upgrade. There are no known workarounds for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-706: Use of Incorrectly-Resolved Name or Reference"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-252: Unchecked Return Value"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/parse-community/parse-server/security/advisories/GHSA-xw6g-jjvf-wwf9",
"refsource": "CONFIRM",
"url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-xw6g-jjvf-wwf9"
},
{
"name": "https://github.com/parse-community/parse-server/commit/5be375dec2fa35425c1003ae81c55995ac72af92",
"refsource": "MISC",
"url": "https://github.com/parse-community/parse-server/commit/5be375dec2fa35425c1003ae81c55995ac72af92"
}
]
},
"source": {
"advisory": "GHSA-xw6g-jjvf-wwf9",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31089",
"datePublished": "2022-06-27T21:10:11.000Z",
"dateReserved": "2022-05-18T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:06:52.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41874 (GCVE-0-2022-41874)
Vulnerability from cvelistv5
Published
2022-11-10 00:00
Modified
2025-04-23 16:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Tauri is a framework for building binaries for all major desktop platforms. In versions prior to 1.0.7 and 1.1.2, Tauri is vulnerable to an Incorrectly-Resolved Name. Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it is possible to partially bypass the `fs` scope definition. It is not possible to traverse into arbitrary paths, as the issue is limited to neighboring files and sub folders of already allowed paths. The impact differs on Windows, MacOS and Linux due to different specifications of valid path characters. This bypass depends on the file picker dialog or dragged files, as user selected paths are automatically added to the allow list at runtime. A successful bypass requires the user to select a pre-existing malicious file or directory during the file picker dialog and an adversary controlled logic to access these files. The issue has been patched in versions 1.0.7, 1.1.2 and 1.2.0. As a workaround, disable the dialog and fileDropEnabled component inside the tauri.conf.json.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tauri-apps | tauri |
Version: >= 1.0.0, <1.0.7 Version: >= 1.1.0, <1.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:38.194Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-q9wv-22m9-vhqh"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41874",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:54:51.769199Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:38:40.535Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tauri",
"vendor": "tauri-apps",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c1.0.7"
},
{
"status": "affected",
"version": "\u003e= 1.1.0, \u003c1.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tauri is a framework for building binaries for all major desktop platforms. In versions prior to 1.0.7 and 1.1.2, Tauri is vulnerable to an Incorrectly-Resolved Name. Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it is possible to partially bypass the `fs` scope definition. It is not possible to traverse into arbitrary paths, as the issue is limited to neighboring files and sub folders of already allowed paths. The impact differs on Windows, MacOS and Linux due to different specifications of valid path characters. This bypass depends on the file picker dialog or dragged files, as user selected paths are automatically added to the allow list at runtime. A successful bypass requires the user to select a pre-existing malicious file or directory during the file picker dialog and an adversary controlled logic to access these files. The issue has been patched in versions 1.0.7, 1.1.2 and 1.2.0. As a workaround, disable the dialog and fileDropEnabled component inside the tauri.conf.json."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-706",
"description": "CWE-706: Use of Incorrectly-Resolved Name or Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-10T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-q9wv-22m9-vhqh"
}
],
"source": {
"advisory": "GHSA-q9wv-22m9-vhqh",
"discovery": "UNKNOWN"
},
"title": "Tauri Filesystem Scope can be Partially Bypassed"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-41874",
"datePublished": "2022-11-10T00:00:00.000Z",
"dateReserved": "2022-09-30T00:00:00.000Z",
"dateUpdated": "2025-04-23T16:38:40.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
CAPEC-159: Redirect Access to Libraries
An adversary exploits a weakness in the way an application searches for external libraries to manipulate the execution flow to point to an adversary supplied library or code base. This pattern of attack allows the adversary to compromise the application or server via the execution of unauthorized code. An application typically makes calls to functions that are a part of libraries external to the application. These libraries may be part of the operating system or they may be third party libraries. If an adversary can redirect an application's attempts to access these libraries to other libraries that the adversary supplies, the adversary will be able to force the targeted application to execute arbitrary code. This is especially dangerous if the targeted application has enhanced privileges. Access can be redirected through a number of techniques, including the use of symbolic links, search path modification, and relative path manipulation.
CAPEC-177: Create files with the same name as files protected with a higher classification
An attacker exploits file location algorithms in an operating system or application by creating a file with the same name as a protected or privileged file. The attacker could manipulate the system if the attacker-created file is trusted by the operating system or an application component that attempts to load the original file. Applications often load or include external files, such as libraries or configuration files. These files should be protected against malicious manipulation. However, if the application only uses the name of the file when locating it, an attacker may be able to create a file with the same name and place it in a directory that the application will search before the directory with the legitimate file is searched. Because the attackers' file is discovered first, it would be used by the target application. This attack can be extremely destructive if the referenced file is executable and/or is granted special privileges based solely on having a particular name.
CAPEC-48: Passing Local Filenames to Functions That Expect a URL
This attack relies on client side code to access local files and resources instead of URLs. When the client browser is expecting a URL string, but instead receives a request for a local file, that execution is likely to occur in the browser process space with the browser's authority to local files. The attacker can send the results of this request to the local files out to a site that they control. This attack may be used to steal sensitive authentication data (either local or remote), or to gain system profile information to launch further attacks.
CAPEC-641: DLL Side-Loading
An adversary places a malicious version of a Dynamic-Link Library (DLL) in the Windows Side-by-Side (WinSxS) directory to trick the operating system into loading this malicious DLL instead of a legitimate DLL. Programs specify the location of the DLLs to load via the use of WinSxS manifests or DLL redirection and if they aren't used then Windows searches in a predefined set of directories to locate the file. If the applications improperly specify a required DLL or WinSxS manifests aren't explicit about the characteristics of the DLL to be loaded, they can be vulnerable to side-loading.