A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges.
Max CVSS
7.8
EPSS Score
0.04%
Published
2020-12-08
Updated
2022-10-14
A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A malicious mail server may overwrite arbitrary mail files.
Max CVSS
9.1
EPSS Score
0.19%
Published
2020-10-22
Updated
2023-01-09
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A remote attacker may be able to overwrite existing files.
Max CVSS
7.5
EPSS Score
0.18%
Published
2020-10-27
Updated
2020-11-04
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
Max CVSS
7.5
EPSS Score
57.00%
Published
2018-06-07
Updated
2020-08-24
Directory traversal vulnerability in the BOM (aka Bill of Materials) component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code via a crafted CPIO archive.
Max CVSS
6.8
EPSS Score
3.49%
Published
2015-10-23
Updated
2016-12-24
Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.28%
Published
2010-03-30
Updated
2013-09-10
6 vulnerabilities found