Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the validLogFileName and validExecOutputFileName functions, which insufficiently validate log file names, allowing traversal sequences after certain prefixes. An attacker can access sensitive files on the host...

How to Find Local File Inclusion (LFI) Vulnerabilities in WordPress Plugins and Themes

Local File Inclusion LFI occurs when user-controlled input is used to build a path to a file that is then included by the application. In WordPress and PHP web applications in general, this means values from $GET, $POST, $REQUEST, or other user-controlled sources end up in the include, require,...

Directory Traversal

Overview tgmix is an A tool to process Telegram chat exports into an AI-friendly format, inspired by Repomix. Affected versions of this package are vulnerable to Directory Traversal in the media processor due to improper path canonicalization. An attacker can gain an access to restricted files by...

Directory Traversal

Overview strands-agents is an A model-driven approach to building AI agents in just a few lines of code Affected versions of this package are vulnerable to Directory Traversal via the FileSessionManager.getsessionpath, FileSessionManager.getagentpath, S3SessionManager.getsessionpath, and...

Directory Traversal

Overview redmine-mcp-server is a Production-ready MCP server for Redmine with security, pagination, and enterprise features Affected versions of this package are vulnerable to Directory Traversal via the MCP endpoint. An attacker can gain an access to restricted files by passing a specially craft...

SUSE CVE-2023-53489

In the Linux kernel, the following vulnerability has been resolved: tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp. syzkaller reported 0 memory leaks of an UDP socket and ZEROCOPY skbs. We can reproduce the problem with these sequences: sk = socketAFINET, SOCKDGRAM, 0...

CVE-2023-53489

In the Linux kernel, the following vulnerability has been resolved: tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp. syzkaller reported 0 memory leaks of an UDP socket and ZEROCOPY skbs. We can reproduce the problem with these sequences: sk = socketAFINET, SOCKDGRAM, 0...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the Bulk User Import endpoint due to improper sanitization of the file path wrapper and value. An attacker can access unauthorized files or resources by supplying arbitrary file paths or URLs. Details A Directory...

CVE-2023-53489

In the Linux kernel, the following vulnerability has been resolved: tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp. syzkaller reported 0 memory leaks of an UDP socket and ZEROCOPY skbs. We can reproduce the problem with these sequences: sk = socketAFINET, SOCKDGRAM, 0...

DEBIAN-CVE-2023-53489

In the Linux kernel, the following vulnerability has been resolved: tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp. syzkaller reported 0 memory leaks of an UDP socket and ZEROCOPY skbs. We can reproduce the problem with these sequences: sk = socketAFINET, SOCKDGRAM, 0...

UBUNTU-CVE-2023-53489

In the Linux kernel, the following vulnerability has been resolved: tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp. syzkaller reported 0 memory leaks of an UDP socket and ZEROCOPY skbs. We can reproduce the problem with these sequences: sk = socketAFINET, SOCKDGRAM, 0...

CVE-2023-53489

In the Linux kernel, the following vulnerability has been resolved: tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp. syzkaller reported 0 memory leaks of an UDP socket and ZEROCOPY skbs. We can reproduce the problem with these sequences: sk = socketAFINET, SOCKDGRAM, 0...

CVE-2023-53489 tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp.

In the Linux kernel, the following vulnerability has been resolved: tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp. syzkaller reported 0 memory leaks of an UDP socket and ZEROCOPY skbs. We can reproduce the problem with these sequences: sk = socketAFINET, SOCKDGRAM, 0...

CVE-2023-53489

CVE-2023-53489 affects the Linux kernel memory handling for UDP sockets with TX timestamps and zerocopy skbs. The issue is a memory leak: clones of skbs and their ubuf references can keep a socket refcnt and skb references in the error/clock path, causing leaked sk, sock and skb when close() is c...

CVE-2023-53489

In the Linux kernel, the following vulnerability has been resolved: tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp. syzkaller reported 0 memory leaks of an UDP socket and ZEROCOPY skbs. We can reproduce the problem with these sequences: sk = socketAFINET, SOCKDGRAM, 0...

CVE-2023-53489 tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp.

In the Linux kernel, the following vulnerability has been resolved: tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp. syzkaller reported 0 memory leaks of an UDP socket and ZEROCOPY skbs. We can reproduce the problem with these sequences: sk = socketAFINET, SOCKDGRAM, 0...

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.11.0 Vulnerability Details CVEID:CVE-2025-30749 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported...

Security Bulletin: due to the use of Apache Tomcat, IBM webMethods developer portal is affected by Multiple Vulnerabilities

Summary Multiple vulnerabilities in ApacheTomcat have been addressed in IBM webMethods developer portal Vulnerability Details CVEID:CVE-2023-46589 DESCRIPTION: Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from...

Directory Traversal

Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Directory Traversal via the ComboServlet component. An attacker can access arbitrary CSS and JS files and cause repeated loading of these files by manipulating the...

NewStart CGSL MAIN 6.06 : perl Multiple Vulnerabilities (NS-SA-2025-0211)

The remote NewStart CGSL host, running version MAIN 6.06, has perl packages installed that are affected by multiple vulnerabilities: - Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count...