SUSE CVE-2023-35936

Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafte...

SAMSUNG Calendar 路径遍历漏洞

SAMSUNG Calendar is a calendar module from the South Korean company Samsung SAMSUNG. A security vulnerability exists in Samsung Calendar versions prior to 12.4.07.15, which stems from a potential zip path traversal vulnerability that could allow an attacker to write to arbitrary files...

PT-2023-22875 · Google · Android

Name of the Vulnerable Software and Affected Versions: Calendar application versions prior to 12.4.07.15 Description: The issue allows attackers to write arbitrary files due to a potential zip path traversal vulnerability in the Calendar application. This vulnerability is present in Android 13...

Format string

Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafte...

CVE-2023-35936

Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafte...

UBUNTU-CVE-2023-35936

Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafte...

CVE-2023-35936

Pandoc (the Haskell library/CLI) is affected from 1.13 up to but not including 3.1.4. An arbitrary file write could be triggered by a crafted image element when using --extract-media or when generating PDF, enabling creation/overwrite of files based on process privileges. Root cause involves flaw...

CVE-2023-35936 Arbitrary file write is possible in Pandoc when using PDF output or --extract-media with untrusted input

Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafte...

CVE-2023-35936

Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafte...

Pandoc 输入验证错误漏洞

Pandoc is a Haskell library for converting from one markup format to another, as well as command line tools that use the library. An input validation error vulnerability exists in Pandoc versions 1.13 through prior to 3.1.4, which stems from vulnerability to an arbitrary file write vulnerability...

PT-2023-9554

Name of the Vulnerable Software and Affected Versions Pandoc versions 1.13 through 3.1.4 Description Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafted image element in the input when generating files using the --extract-media...

CVE-2023-30945

Multiple Services such as VHSVideo History Server and VCDVideo Clip Distributor and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesyst...

jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin

A flaw was found in the Jenkins Pipeline Utility Steps Plugin. This flaw allows a remote, authenticated attacker to traverse directories on the system, caused by improper archive file validation. The attacker can use a specially crafted archive file containing "dot dot" sequences /../ to create o...

Important: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin

A flaw was found in the Jenkins Pipeline Utility Steps Plugin. This flaw allows a remote, authenticated attacker to traverse directories on the system, caused by improper archive file validation. The attacker can use a specially crafted archive file containing "dot dot" sequences /../ to create o...

Important: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

PT-2023-5499 · Pdf Xchange · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this, where the target must...

CKAN < 2.9.9 Multiples Vulnerabilities

According to its self-reported version number, the CKAN application running on the remote host is prior to 2.9.9 or 2.10.x prior to 2.10.1. It is, therefore, affected by multiples vulnerabilities : - An Arbitrary File Write in resourcecreate and packageupdate actions, using the ResourceUploader...

CKAN 2.10.x < 2.10.1 Multiples Vulnerabilities

According to its self-reported version number, the CKAN application running on the remote host is prior to 2.9.9 or 2.10.x prior to 2.10.1. It is, therefore, affected by multiples vulnerabilities : - An Arbitrary File Write in resourcecreate and packageupdate actions, using the ResourceUploader...

OESA-2023-1300 cpio security update

Security Fixes: cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.CVE-2015-1197...