21013 matches found
CVE-2025-58438
internetarchive is a Python and Command-Line Interface to Archive.org In versions 5.5.0 and below, there is a directory traversal path traversal vulnerability in the File.download method of the internetarchive library. The file.download method does not properly sanitize user-supplied filenames or...
DEBIAN-CVE-2025-58438
internetarchive is a Python and Command-Line Interface to Archive.org In versions 5.5.0 and below, there is a directory traversal path traversal vulnerability in the File.download method of the internetarchive library. The file.download method does not properly sanitize user-supplied filenames or...
CVE-2025-58438
internetarchive is a Python and Command-Line Interface to Archive.org In versions 5.5.0 and below, there is a directory traversal path traversal vulnerability in the File.download method of the internetarchive library. The file.download method does not properly sanitize user-supplied filenames or...
UBUNTU-CVE-2025-58438
internetarchive is a Python and Command-Line Interface to Archive.org In versions 5.5.0 and below, there is a directory traversal path traversal vulnerability in the File.download method of the internetarchive library. The file.download method does not properly sanitize user-supplied filenames or...
CVE-2025-58438 internetarchive is vulnerable to Directory Traversal through file downloads
internetarchive is a Python and Command-Line Interface to Archive.org In versions 5.5.0 and below, there is a directory traversal path traversal vulnerability in the File.download method of the internetarchive library. The file.download method does not properly sanitize user-supplied filenames or...
CVE-2025-58438 internetarchive is vulnerable to Directory Traversal through file downloads
internetarchive is a Python and Command-Line Interface to Archive.org In versions 5.5.0 and below, there is a directory traversal path traversal vulnerability in the File.download method of the internetarchive library. The file.download method does not properly sanitize user-supplied filenames or...
CVE-2025-58438 internetarchive is vulnerable to Directory Traversal through file downloads
internetarchive is a Python and Command-Line Interface to Archive.org In versions 5.5.0 and below, there is a directory traversal path traversal vulnerability in the File.download method of the internetarchive library. The file.download method does not properly sanitize user-supplied filenames or...
CVE-2025-58438
internetarchive is a Python and Command-Line Interface to Archive.org In versions 5.5.0 and below, there is a directory traversal path traversal vulnerability in the File.download method of the internetarchive library. The file.download method does not properly sanitize user-supplied filenames or...
CVE-2025-58438
CVE-2025-58438 affects the Python Internet Archive library (lib/python-internetarchive) with a directory traversal in File.download(); vulnerable in 5.5.0 and below. The issue is fixed in 5.5.1. Debian/Ubuntu advisories confirm package upgrades are required (e.g., Debian DLA-4314 and USN-7989-1)....
CVE-2025-25048
IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restricted directory...
Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys
A new set of four malicious packages have been discovered in the npm package registry with capabilities to steal cryptocurrency wallet credentials from Ethereum developers. "The packages masquerade as legitimate cryptographic utilities and Flashbots MEV infrastructure while secretly exfiltrating...
Robust DDoS-Attack Classification with 3D CNNs against Adversarial Methods
Distributed Denial-of-Service DDoS attacks remain a serious threat to online infrastructure, often bypassing detection by altering traffic in subtle ways. We present a method using hive-plot sequences of network data and a 3D convolutional neural network 3D CNN to classify DDoS traffic with high...
GHSA-WX3R-V6H7-FRJP internetarchive Vulnerable to Directory Traversal in File.download()
Impact What kind of vulnerability is it? This is a Critical severity directory traversal path traversal vulnerability in the File.download method of the internetarchive library. Who is impacted? All users of the internetarchive library versions 5.5.1 are impacted. The vulnerability is particularl...
internetarchive Vulnerable to Directory Traversal in File.download()
Impact What kind of vulnerability is it? This is a Critical severity directory traversal path traversal vulnerability in the File.download method of the internetarchive library. Who is impacted? All users of the internetarchive library versions 5.5.1 are impacted. The vulnerability is particularl...
Security update for python-maturin
This update for python-maturin fixes the following issues: CVE-2025-58160: terminal escape injection via ANSI sequences from untrusted input bsc1249011. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2025:03082-1 Security update for python-maturin
This update for python-maturin fixes the following issues: - CVE-2025-58160: terminal escape injection via ANSI sequences from untrusted input bsc1249011...
Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform Private Cloud Base 7.1.9 SP1
Summary Common vulnerabilities fixed in Cloudera Data Platform Private Cloud Base 7.1.9 SP1 Vulnerability Details CVEID:CVE-2022-24785 DESCRIPTION: Moment.js could allow a remote attacker to traverse directories on the system, caused by improper validation of user supplied input. An attacker coul...
Fixed in Apache Tomcat 11.0.11
Low: Console manipulation via escape sequences in log messages CVE-2025-55754 Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a...
Fixed in Apache Tomcat 9.0.109
Low: Console manipulation via escape sequences in log messages CVE-2025-55754 Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a...
PT-2025-36397
Name of the Vulnerable Software and Affected Versions internetarchive versions 5.5.0 and below Description The internetarchive library contains a directory traversal vulnerability in the File.download method. The method does not properly sanitize user-supplied filenames or validate the final...