10 matches found
CVE-2026-44885 Portainer: Path traversal in backup archive extraction allows arbitrary file write
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, Portainer's backup restore feature accepts a .tar.gz archive and extracts it to a target...
CVE-2026-44885
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, Portainer's backup restore feature accepts a .tar.gz archive and extracts it to a target...
CVE-2026-44885
Portainer Portainer Community Edition is affected by a directory traversal in the backup archive extraction path. The vulnerable code path is ExtractTarGz in api/archive/targz.go, which builds output paths via filepath.Clean(filepath.Join(outputDirPath, header.Name)). A tar entry like ../../etc/c...
Incorrect Default Permissions
Overview Affected versions of this package are vulnerable to Incorrect Default Permissions in the process that handles file uploads and database creation. An attacker can gain unauthorized access to sensitive files by leveraging default file permissions that allow any operating system account to...
Incorrect Default Permissions
Overview Affected versions of this package are vulnerable to Incorrect Default Permissions in the process that handles file uploads and database creation. An attacker can gain unauthorized access to sensitive files by leveraging default file permissions that allow any operating system account to...
CVE-2025-52900 File Browser has Insecure File Permissions
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The file access permissions for files uploaded to or created from File Browser are never explicitly set by the application. The same is true for the...
CVE-2025-52900 File Browser has Insecure File Permissions
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The file access permissions for files uploaded to or created from File Browser are never explicitly set by the application. The same is true for the...
EulerOS 2.0 SP11 : git (EulerOS-SA-2023-2265)
According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33....
Security fix for the ALT Linux 10 package git version 2.33.7-alt1
2.33.7-alt1 built Feb. 20, 2023 Dmitry V. Levin in task 315248 Feb. 6, 2023 Dmitry V. Levin - 2.33.6 - 2.33.7 fixes: CVE-2023-22490, CVE-2023-23946...
CVE-2023-23946
Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to git apply, a path outside the working tree can be overwritten as the user who is running git apply. A...