A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local user may be able to modify protected parts of the file system.
Max CVSS
5.5
EPSS Score
0.05%
Published
2021-09-08
Updated
2021-09-15
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local user may be able to modify protected parts of the file system.
Max CVSS
5.5
EPSS Score
0.05%
Published
2021-09-08
Updated
2021-09-15
A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1. A remote attacker may be able to modify the file system.
Max CVSS
5.5
EPSS Score
0.12%
Published
2020-12-08
Updated
2022-10-12
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to break out of its sandbox.
Max CVSS
6.3
EPSS Score
0.07%
Published
2020-12-08
Updated
2022-10-14
A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges.
Max CVSS
7.8
EPSS Score
0.04%
Published
2020-12-08
Updated
2022-10-14
A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A malicious mail server may overwrite arbitrary mail files.
Max CVSS
9.1
EPSS Score
0.19%
Published
2020-10-22
Updated
2023-01-09
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A remote attacker may be able to overwrite existing files.
Max CVSS
7.5
EPSS Score
0.18%
Published
2020-10-27
Updated
2020-11-04
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
Max CVSS
7.5
EPSS Score
57.00%
Published
2018-06-07
Updated
2020-08-24
Directory traversal vulnerability in the BOM (aka Bill of Materials) component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code via a crafted CPIO archive.
Max CVSS
6.8
EPSS Score
3.49%
Published
2015-10-23
Updated
2016-12-24
Directory traversal vulnerability in AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to execute arbitrary code by creating files that are outside the bounds of a share.
Max CVSS
6.0
EPSS Score
0.80%
Published
2010-11-15
Updated
2010-12-10
Directory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, when AIM is used, allows remote attackers to create arbitrary files via directory traversal sequences in an inline image-transfer operation.
Max CVSS
4.3
EPSS Score
0.29%
Published
2010-06-17
Updated
2010-06-17
Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.28%
Published
2010-03-30
Updated
2013-09-10
Directory traversal vulnerability in the embedded web server in Image Capture in Apple Mac OS X before 10.5 allows remote attackers to read arbitrary files via directory traversal sequences in the URI.
Max CVSS
5.0
EPSS Score
0.67%
Published
2008-06-02
Updated
2017-08-08
Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (aka Leopard) allows remote authenticated users to write arbitrary files via ".." sequences in file attachments.
Max CVSS
8.5
EPSS Score
1.07%
Published
2008-03-18
Updated
2018-10-15
Directory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5.1 allows remote attackers to overwrite arbitrary files via a crafted HTTP response.
Max CVSS
8.8
EPSS Score
0.51%
Published
2007-12-19
Updated
2017-07-29
Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to bypass the chroot mechanism via a relative path when changing the current working directory.
Max CVSS
4.6
EPSS Score
0.04%
Published
2007-11-15
Updated
2017-07-29
Directory traversal vulnerability in the Bluetooth file and object exchange (OBEX) services in Mac OS X 10.3.9 allows remote attackers to read arbitrary files.
Max CVSS
5.0
EPSS Score
1.46%
Published
2005-05-04
Updated
2008-09-05
HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did not initiate, which can allow attackers to execute arbitrary code, an issue that was originally reported as a directory traversal vulnerability in the Safari web browser using the runscript parameter in a help: URI handler.
Max CVSS
7.6
EPSS Score
2.78%
Published
2004-07-07
Updated
2017-07-11
18 vulnerabilities found