Lucene search
+L

115 matches found

osv
osv
added 2024/11/19 3:15 p.m.7 views

AZL-53235 CVE-2024-10524 affecting package wget for versions less than 1.21.2-4

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host...

6.5CVSS5.9AI score0.0111EPSS
Exploits0References1
osv
osv
added 2024/11/19 3:15 p.m.3 views

ALPINE-CVE-2024-10524

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host...

6.5CVSS7.2AI score0.0111EPSS
Exploits0References1
osv
osv
added 2024/11/19 3:15 p.m.10 views

UBUNTU-CVE-2024-10524

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host...

6.5CVSS7.3AI score0.0111EPSS
Exploits0References4
cvelist
cvelist
added 2024/11/19 2:23 p.m.93 views

CVE-2024-10524 GNU Wget is vulnerable to an SSRF attack when accessing partially-user-controlled shorthand URLs

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host...

6.5CVSS0.0111EPSS
Exploits0References3
alpinelinux
alpinelinux
added 2024/11/19 2:23 p.m.40 views

CVE-2024-10524

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host...

6.5CVSS7.1AI score0.0111EPSS
Exploits0References5
redhat
redhat
added 2024/11/08 3:4 p.m.37 views

buildah: Buildah allows arbitrary directory mount

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a RUN instruction in a Container file to mount an arbitrary directory from the host read/write into the container as long as those files can...

7.8CVSS7.3AI score0.00392EPSS
Exploits0References4
redhat
redhat
added 2024/10/31 1:39 p.m.5 views

buildah: Buildah allows arbitrary directory mount

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a RUN instruction in a Container file to mount an arbitrary directory from the host read/write into the container as long as those files can...

7.8CVSS7.3AI score0.00392EPSS
Exploits0References4
cnnvd
cnnvd
added 2024/10/15 12:0 a.m.4 views

Podman 路径遍历漏洞

Podman is a Podman open source engine for developing, managing and running OCI containers on Linux systems. A path traversal vulnerability exists in Podman, which stems from the presence of a symbolic link traversal vulnerability that could cause the library to read arbitrary files on the host...

6.5CVSS6.9AI score0.01345EPSS
Exploits0References6
cvelist
cvelist
added 2024/09/24 7:25 a.m.55 views

CVE-2024-21545

Proxmox Virtual Environment is an open-source server management platform for enterprise virtualization. Insufficient safeguards against malicious API response values allow authenticated attackers with 'Sys.Audit' or 'VM.Monitor' privileges to download arbitrary host files via the API. When handli...

8.2CVSS0.00366EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2024/04/22 12:0 a.m.7 views

PT-2024-3765 · Unknown +2 · Cri-O Container Engine +2

Name of the Vulnerable Software and Affected Versions: CRI-O Container Engine versions prior to the fixed version Description: A flaw was found in CRI-O, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perfor...

8.3CVSS6.6AI score0.93305EPSS
Exploits4References40
osv
osv
added 2023/11/02 8:53 p.m.71 views

GHSA-JHWW-FX2J-3RF7 FoodCoopShop Server-Side Request Forgery vulnerability

There is a potential SSRF vulnerability in foodcoopshop. Since there is no security policy on your Github, I tried to use the emails to contact you. The potential issue is in the Network module, where a manufacturer account can use the /api/updateProducts.json endpoint to make the server send a...

8.1CVSS7.6AI score0.00452EPSS
Exploits0References6
github
github
added 2023/11/02 8:53 p.m.29 views

FoodCoopShop Server-Side Request Forgery vulnerability

There is a potential SSRF vulnerability in foodcoopshop. Since there is no security policy on your Github, I tried to use the emails to contact you. The potential issue is in the Network module, where a manufacturer account can use the /api/updateProducts.json endpoint to make the server send a...

8.1CVSS7AI score0.00452EPSS
Exploits0References6Affected Software1
prion
prion
added 2023/11/02 3:15 p.m.18 views

Server side request forgery (ssrf)

FoodCoopShop is open source software for food coops and local shops. Versions starting with 3.2.0 prior to 3.6.1 are vulnerable to server-side request forgery. In the Network module, a manufacturer account can use the /api/updateProducts.json endpoint to make the server send a request to an...

4.6CVSS7.4AI score0.00452EPSS
Exploits0References4Affected Software1
ptsecurity
ptsecurity
added 2023/02/10 12:0 a.m.7 views

PT-2023-20154

Name of the Vulnerable Software and Affected Versions DataHub affected versions not specified Description The DataHub frontend proxy does not properly construct URLs when forwarding data to the DataHub Metadata Store GMS, allowing external users to reroute requests to arbitrary hosts. This enable...

9.1CVSS8.8AI score0.00684EPSS
Exploits0References4
osv
osv
added 2022/11/17 10:15 p.m.6 views

CVE-2022-3090

Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This coul...

5.3CVSS5.9AI score0.00609EPSS
Exploits0References1
nvd
nvd
added 2022/11/17 10:15 p.m.15 views

CVE-2022-3090

Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This coul...

7.5CVSS0.00609EPSS
Exploits0References1
osv
osv
added 2022/05/26 12:1 a.m.34 views

GHSA-CJR4-FV6C-F3MV HashiCorp go-getter unsafe downloads could lead to arbitrary host access

HashiCorp go-getter through 2.0.2 does not safely perform downloads. Arbitrary host access was possible via go-getter path traversal, symlink processing, and command injection flaws...

8.6CVSS9.4AI score0.03054EPSS
Exploits0References11
github
github
added 2022/05/26 12:1 a.m.42 views

HashiCorp go-getter unsafe downloads could lead to arbitrary host access

HashiCorp go-getter through 2.0.2 does not safely perform downloads. Arbitrary host access was possible via go-getter path traversal, symlink processing, and command injection flaws...

8.6CVSS9.4AI score0.01279EPSS
Exploits0References11Affected Software4
osv
osv
added 2022/05/25 12:15 p.m.1 views

DEBIAN-CVE-2022-30321

go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws. Fixed in 1.6.1 and 2.1.0...

8.6CVSS7.1AI score0.03054EPSS
Exploits0References1
prion
prion
added 2022/05/25 12:15 p.m.34 views

Path traversal

go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws. Fixed in 1.6.1 and 2.1.0...

7.5CVSS9.3AI score0.03054EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder