CVE-2020-4053

In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4.

Publication date: Wed, 17 Jun 2020 03:15:00 +0000

Cyber News related to CVE-2020-4053

CVE-2020-4053 - In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, ...
1 year ago

CVE-2021-4053 - Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. ...
2 years ago

CVE-2009-4053 - Multiple directory traversal vulnerabilities in Home FTP Server 1.10.1.139 allow remote authenticated users to (1) create arbitrary directories via directory traversal sequences in an MKD command or (2) create files with any contents in arbitrary ...
15 years ago

CVE-2011-4053 - Untrusted search path vulnerability in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) before 9.0.0.11291 allows local users to gain privileges via a Trojan horse DLL in the current working directory. Per: ...
13 years ago

CVE-2015-4053 - The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file. ...
9 years ago

CVE-2008-4053 - Multiple cross-site scripting (XSS) vulnerabilities in index.php in the Bluemoon PopnupBLOG module 3.20 and 3.30 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the (1) param, (2) cat_id, and (3) view parameters. ...
7 years ago

CVE-2010-4053 - Stack-based buffer overflow in an unspecified logging function in oninit.exe in IBM Informix Dynamic Server (IDS) 11.10 before 11.10.xC2W2 and 11.50 before 11.50.xC1 allows remote authenticated users to execute arbitrary code via a crafted EXPLAIN ...
7 years ago

CVE-2013-4053 - The WS-Security implementation in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1, and WAS Feature Pack for Web Services 6.1 before 6.1.0.47, when a trust store is configured ...
7 years ago

CVE-2007-4053 - SQL injection vulnerability in include/img_view.class.php in LinPHA 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the order parameter to new_images.php. ...
7 years ago

CVE-2006-4053 - PHP remote file inclusion vulnerability in templates/header.php in ME Download System 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the Vb8878b936c2bd8ae0cab parameter. Successful exploitation requires that ...
6 years ago

CVE-2005-4053 - Cross-site scripting (XSS) vulnerability in coWiki 0.3.4 allows remote attackers to inject arbitrary web script or HTML via the q parameter, as demonstrated using 26.html. ...
6 years ago

CVE-2012-4053 - Cross-site request forgery (CSRF) vulnerability in eZOE flash player in eZ Publish 4.1 through 4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. ...
5 years ago

CVE-2017-4053 - Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to execute a command of their choice via a crafted HTTP request parameter. ...
5 years ago

CVE-2016-4053 - Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization. ...
5 years ago

CVE-2018-4053 - An exploitable local denial-of-service vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can send malicious data to the root-listening service, causing the application to terminate and ...
2 years ago

CVE-2022-4053 - A vulnerability was found in Student Attendance Management System. It has been classified as problematic. Affected is an unknown function of the file createClass.php. The manipulation of the argument className leads to cross site scripting. It is ...
2 years ago

CVE-2023-4053 - A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < ...
1 year ago

CVE-2014-4053 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none ...
55 years ago Tenable.com

CVE-2023-52603 - In the Linux kernel, the following vulnerability has been resolved: ...
11 months ago

CVE-2020-1246 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1266 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1262 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1275 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1264 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1276 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

Latest Cyber News

CVE-2025-24973 - 19 hours ago
CVE-2025-24976 - 19 hours ago
CVE-2025-24807 - 19 hours ago
CVE-2025-24896 - 19 hours ago
CVE-2025-24897 - 19 hours ago
CVE-2025-24900 - 19 hours ago
CVE-2025-22467 - 19 hours ago
CVE-2024-47908 - 19 hours ago
CVE-2024-13813 - 19 hours ago
CVE-2024-13830 - 19 hours ago
CVE-2024-13842 - 19 hours ago
CVE-2024-13843 - 19 hours ago
CVE-2024-10644 - 19 hours ago
CVE-2024-11771 - 19 hours ago
CVE-2024-12058 - 19 hours ago
CVE-2024-12797 - 19 hours ago
CVE-2024-33659 - 20 hours ago
CVE-2025-1231 - 21 hours ago
CVE-2025-26492 - 21 hours ago
CVE-2025-26493 - 21 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CVE-2024-10334 - 1 day ago
CVE-2025-1149 - 1 day ago
CVE-2024-11831 - 1 day ago
CVE-2024-12133 - 1 day ago
CVE-2024-12243 - 1 day ago
CVE-2024-57950 - 1 day ago
CVE-2025-21686 - 1 day ago
CVE-2025-21687 - 1 day ago
CVE-2025-21688 - 1 day ago
CVE-2025-21689 - 1 day ago
CVE-2025-21690 - 1 day ago
CVE-2025-21691 - 1 day ago
CVE-2025-21692 - 1 day ago
CVE-2025-21693 - 1 day ago
CVE-2025-24031 - 1 day ago
CVE-2025-24032 - 1 day ago
CVE-2025-24892 - 1 day ago
CVE-2025-25186 - 1 day ago
CVE-2025-1150 - 1 day ago
CVE-2025-1151 - 1 day ago