exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

CVE-2021-29425

Status Candidate

Overview

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.

Related Files

Red Hat Security Advisory 2022-1110-01
Posted Mar 29, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1110-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.12.1 serves as an update to Red Hat Decision Manager 7.12.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, denial of service, information leakage, and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-21290, CVE-2021-22096, CVE-2021-29425, CVE-2021-33813, CVE-2021-42550
SHA-256 | 19ef6b86140614a8bac6c5eef89b228a342fe2890da0cd298556ccd2514bdd7f
Red Hat Security Advisory 2022-1108-01
Posted Mar 29, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1108-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.12.1 serves as an update to Red Hat Process Automation Manager 7.12.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, denial of service, information leakage, and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-21290, CVE-2021-22096, CVE-2021-29425, CVE-2021-33813, CVE-2021-42550
SHA-256 | 7c40dcdbc8c75f8be5ae4c4bf3f34c84f7661a55778b77830347d8a875b6c93e
Red Hat Security Advisory 2021-3700-01
Posted Sep 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3700-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.9.0 serves as a replacement for Red Hat AMQ Broker 7.8.2, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include bypass, denial of service, information leakage, resource exhaustion, and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2020-13956, CVE-2020-27223, CVE-2021-20289, CVE-2021-21290, CVE-2021-21295, CVE-2021-21409, CVE-2021-28163, CVE-2021-28164, CVE-2021-28165, CVE-2021-28169, CVE-2021-29425, CVE-2021-3425, CVE-2021-34428, CVE-2021-34429, CVE-2021-3763
SHA-256 | a8a12dcc50fccbe685347bca1c58d45fbfe797cf6ab2e35bef81923f2d3fef9b
Ubuntu Security Notice USN-5095-1
Posted Sep 30, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5095-1 - It was discovered that Apache Commons IO incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2021-29425
SHA-256 | 7ba660de150df66e90ee6d46d576813e67c78d8bbe0d6e0481c598417e50d1b3
Red Hat Security Advisory 2021-3660-01
Posted Sep 24, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3660-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.0 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.1 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, cross site scripting, denial of service, and traversal vulnerabilities.

tags | advisory, java, denial of service, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2020-13936, CVE-2021-21295, CVE-2021-21409, CVE-2021-28170, CVE-2021-29425, CVE-2021-3536, CVE-2021-3597, CVE-2021-3642, CVE-2021-3644, CVE-2021-3690
SHA-256 | 8bbceba9cbd43ed995bb0158809bfa86c293205d85398c40f9274bb087d0a7b4
Red Hat Security Advisory 2021-3658-01
Posted Sep 24, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3658-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.0 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.1 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, cross site scripting, denial of service, and traversal vulnerabilities.

tags | advisory, java, denial of service, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2020-13936, CVE-2021-21295, CVE-2021-21409, CVE-2021-28170, CVE-2021-29425, CVE-2021-3536, CVE-2021-3597, CVE-2021-3642, CVE-2021-3644, CVE-2021-3690
SHA-256 | 0c1ca183150c4fd0104f07fbd5ecaa37a253605e363351d7d98a6c4fd259f6f4
Red Hat Security Advisory 2021-3656-01
Posted Sep 24, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3656-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.0 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.1 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, cross site scripting, denial of service, and traversal vulnerabilities.

tags | advisory, java, denial of service, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2020-13936, CVE-2021-21295, CVE-2021-21409, CVE-2021-28170, CVE-2021-29425, CVE-2021-3536, CVE-2021-3597, CVE-2021-3642, CVE-2021-3644, CVE-2021-3690
SHA-256 | 08a3af8cbe1870441f18018302c3b12597f297139b17c3e59677079ae81cc243
Red Hat Security Advisory 2021-3534-01
Posted Sep 14, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3534-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.9 serves as a replacement for Red Hat Single Sign-On 7.4.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include denial of service and traversal vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2020-28491, CVE-2020-35509, CVE-2021-28170, CVE-2021-29425, CVE-2021-3513, CVE-2021-3597, CVE-2021-3632, CVE-2021-3637, CVE-2021-3644, CVE-2021-3690
SHA-256 | c46bdad703dcc26f6f326ad50ed84ba22b6c1eae40ebaaa4f28523e0035a4a75
Red Hat Security Advisory 2021-3516-01
Posted Sep 14, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3516-01 - These are CVE issues filed against XP2 releases that have been fixed in the underlying EAP 7.3.x base, so no changes to the EAP XP2 code base. Issues addressed include denial of service and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-28170, CVE-2021-29425, CVE-2021-3597, CVE-2021-3644, CVE-2021-3690
SHA-256 | 864848f192b5e325f0720ddc7aa228f033358f8d6e4a48c850b74f908fb52333
Red Hat Security Advisory 2021-3466-01
Posted Sep 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3466-01 - This release of Red Hat JBoss Enterprise Application Platform 7.3.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-28170, CVE-2021-29425, CVE-2021-3597, CVE-2021-3644, CVE-2021-3690
SHA-256 | 61a49a0bca0ec31843f404de904032df2e61d2d80c7734f13b46e7eac619997d
Red Hat Security Advisory 2021-3467-01
Posted Sep 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3467-01 - This release of Red Hat JBoss Enterprise Application Platform 7.3.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-28170, CVE-2021-29425, CVE-2021-3597, CVE-2021-3644, CVE-2021-3690
SHA-256 | 7555c481ece6815fc40519ee97d6ba7d0fb9be9c0b7c91b9ce6a37303e0da992
Red Hat Security Advisory 2021-3468-01
Posted Sep 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3468-01 - This release of Red Hat JBoss Enterprise Application Platform 7.3.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-28170, CVE-2021-29425, CVE-2021-3597, CVE-2021-3644, CVE-2021-3690
SHA-256 | dd7e118a66e424c27a7200faaa95575550139b339209f6137a570a8c8e71c189
Red Hat Security Advisory 2021-3471-01
Posted Sep 8, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3471-01 - This release of Red Hat JBoss Enterprise Application Platform 7.3.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-28170, CVE-2021-29425, CVE-2021-3597, CVE-2021-3644, CVE-2021-3690
SHA-256 | 3320ed0cfba6adb64622cf2b6705b15e39b121c4ac08c653def38d4a4e835ac8
Red Hat Security Advisory 2021-3225-01
Posted Aug 31, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3225-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 1.8.0 serves as a replacement for Red Hat AMQ Streams 1.7.0, and includes security and bug fixes, and enhancements. Issues addressed include information leakage, resource exhaustion, and traversal vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2017-18640, CVE-2021-21290, CVE-2021-21295, CVE-2021-21409, CVE-2021-27568, CVE-2021-28163, CVE-2021-28164, CVE-2021-28165, CVE-2021-28168, CVE-2021-28169, CVE-2021-29425, CVE-2021-34428
SHA-256 | f799cc6edbac4d0b98864f1662ed210d6e06f745c7ff0e79f347ad596baa1447
Red Hat Security Advisory 2021-2465-01
Posted Jul 7, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2465-01 - This release of Red Hat build of Eclipse Vert.x 4.1.0 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section. Issues addressed include a traversal vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-21409, CVE-2021-29425
SHA-256 | 6005ac66ffb30dc22fd8b18e713895854a177da32204495441130060cda89a8b
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close