Lucene search
K

236 matches found

Debian CVE
Debian CVE
added 2024/07/02 7:51 p.m.15 views

CVE-2022-30636

httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base acts differently to filepath.Base, since Windows uses a different path separator \ vs. /, allowing a user to provide a relative path, i.e...

7.5CVSS7.4AI score0.00632EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/07/02 7:51 p.m.18 views

CVE-2022-30636 Limited directory traversal vulnerability on Windows in golang.org/x/crypto

httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base acts differently to filepath.Base, since Windows uses a different path separator \ vs. /, allowing a user to provide a relative path, i.e...

7.5AI score0.00632EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2024/06/27 6:51 a.m.15 views

CVE-2024-22231

Removed by vendor...

5CVSS5.2AI score0.00693EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/10/06 12:0 a.m.37 views

SaltStack 3000 < 3002.8 / 3003 < 3003.4 / 3004 < 3004.1 Multiple Vulnerabilities

According to its self-reported version number, the instance of SaltStack hosted on the remote server is affected by multiple vulnerabilities: - After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests...

7.8CVSS6.4AI score0.01033EPSS
Exploits0References3
Veracode
Veracode
added 2023/09/08 12:24 p.m.30 views

Information Disclosure

Salt masters is vulnerable to Information Disclosure. This vulnerability is due to the cache directory having same base name across different environments. This could lead to sensitive data from one environment being exposed to another environment...

7.8CVSS6.7AI score0.00286EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.29 views

Oracle Linux 7 : kubernetes (ELSA-2019-4716)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-4716 advisory. - OLCNE-494 CVE-2019-11244 fix CVE-2019-11244: 'kubectl --http-cache=' Tenable has extracted the preceding description block directly from the Oracle Linux...

5CVSS5.6AI score0.00483EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/09/05 12:30 p.m.34 views

Salt can cause Git Providers to get wrong data

Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Anything that uses Git Providers with different environments can get garbage data or the wrong data, which can lead to wrongful data disclosure, wrongfu...

7.8CVSS5.6AI score0.00286EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2023/09/05 11:15 a.m.29 views

Design/Logic Flaw

Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Anything that uses Git Providers with different environments can get garbage data or the wrong data, which can lead to wrongful data disclosure, wrongfu...

3.5CVSS7.5AI score0.00286EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/09/05 11:15 a.m.22 views

PYSEC-2023-169

Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Anything that uses Git Providers with different environments can get garbage data or the wrong data, which can lead to wrongful data disclosure, wrongfu...

7.8CVSS7.2AI score0.00286EPSS
Exploits0References2
PyPA
PyPA
added 2023/09/05 11:15 a.m.6 views

PYSEC-2023-169

Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Anything that uses Git Providers with different environments can get garbage data or the wrong data, which can lead to wrongful data disclosure, wrongfu...

7.8CVSS7AI score0.00286EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/09/05 10:59 a.m.374 views

CVE-2023-20898

CVE-2023-20898 affects SaltStack Salt masters prior to 3005.2 or 3006.2. The issue arises when Git Providers with different environments read from the same cache directory base name, allowing garbage or incorrect data to be read, which can lead to data disclosure, wrongful executions, data corrup...

7.8CVSS5.7AI score0.00286EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/08/10 12:0 a.m.6 views

Nextcloud Talk Path Traversal Vulnerability

Nextcloud Talk is a self-hosted local audio/video and chat communication service from Nextcloud Germany. A path traversal vulnerability exists in versions prior to Nextcloud Talk 17.0.0. An attacker exploited the vulnerability to write files outside of their intended cache directory...

7.8CVSS6.6AI score0.00328EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/08/10 12:0 a.m.6 views

PT-2023-5309 · Salt +3 · Salt +3

Name of the Vulnerable Software and Affected Versions: Salt masters versions prior to 3005.2 or 3006.2 Description: The issue is related to Git Providers in Salt masters, where they can read from the wrong environment due to the same cache directory base name. This can lead to garbage data or the...

7.8CVSS6AI score0.03332EPSS
Exploits0References153
Positive Technologies
Positive Technologies
added 2023/08/10 12:0 a.m.7 views

PT-2023-27173 · Nextcloud · Nextcloud Talk Android

Name of the Vulnerable Software and Affected Versions: Nextcloud Talk Android versions prior to 17.0.0 Description: Nextcloud Talk Android allows users to place video and audio calls through Nextcloud on Android. An unprotected intent in versions prior to 17.0.0 allowed malicious third-party apps...

7.8CVSS6.7AI score0.00328EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 6:17 a.m.4 views

SUSE CVE-2005-3006

The mail client in Opera before 8.50 opens attached files from the user's cache directory without warning the user, which might allow remote attackers to inject arbitrary web script and spoof attachment filenames...

5CVSS7AI score0.02021EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:5 a.m.6 views

SUSE CVE-2008-6592

thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" aka flat and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cachedir parameter containing a %00 encoded null by...

7.5CVSS7AI score0.02903EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.4 views

SUSE CVE-2010-0832

pammotd aka the MOTD module in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user...

6.9CVSS6.6AI score0.00941EPSS
Exploits11References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:52 a.m.5 views

SUSE CVE-2011-2513

The Java Network Launching Protocol JNLP implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader...

5CVSS7AI score0.02497EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:35 a.m.4 views

SUSE CVE-2017-18209

In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory...

4.3CVSS9.2AI score0.03031EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:12 a.m.4 views

SUSE CVE-2019-11244

In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir defaulting to $HOME/.kube/http-cache, written with world-writeable permissions rw-rw-rw-. If --cache-dir is specified and pointed at a different location accessible to other users/groups, the...

5CVSS4.7AI score0.00483EPSS
Exploits0References3
Rows per page
Query Builder