Lucene search
K

238 matches found

OSV
OSV
added 2021/06/08 6:47 p.m.10 views

GHSA-JXCC-G75X-QGW9 Calipso Arbitrary File Write via Archive Extraction (Zip Slip)

This affects all versions of package calipso. It is possible for a malicious module to overwrite files on an arbitrary file system through the module install functionality...

7.3CVSS7.1AI score0.00433EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2021/06/08 6:47 p.m.38 views

Calipso Arbitrary File Write via Archive Extraction (Zip Slip)

This affects all versions of package calipso. It is possible for a malicious module to overwrite files on an arbitrary file system through the module install functionality...

7.3CVSS6.8AI score0.00433EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2021/06/08 4:12 a.m.25 views

Arbitrary File Write

calipso is vulnerable to arbitrary file write. A malicious module can overwrite files on an arbitrary file system through the module install functionality...

7.5CVSS2.9AI score0.00677EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/06/07 9:15 p.m.5 views

CVE-2021-23391

This affects all versions of package calipso. It is possible for a malicious module to overwrite files on an arbitrary file system through the module install functionality...

7.1CVSS5.9AI score0.00433EPSS
Exploits1References2
NVD
NVD
added 2021/06/07 9:15 p.m.17 views

CVE-2021-23391

This affects all versions of package calipso. It is possible for a malicious module to overwrite files on an arbitrary file system through the module install functionality...

7.3CVSS0.00433EPSS
Exploits1References2
Prion
Prion
added 2021/06/07 9:15 p.m.13 views

Design/Logic Flaw

This affects all versions of package calipso. It is possible for a malicious module to overwrite files on an arbitrary file system through the module install functionality...

3.6CVSS6.9AI score0.00433EPSS
Exploits1References2
CVE
CVE
added 2021/06/07 8:40 p.m.63 views

CVE-2021-23391

CVE-2021-23391 affects all versions of the NodeJS CMS calipso . The vulnerability is an Arbitrary File Write via Archive Extraction (Zip Slip) , exploitable through the module install functionality to overwrite files on the target filesystem. Root cause appears to be unsafe archive extraction all...

7.3CVSS7AI score0.00433EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/06/07 8:40 p.m.18 views

CVE-2021-23391 Arbitrary File Write via Archive Extraction (Zip Slip)

This affects all versions of package calipso. It is possible for a malicious module to overwrite files on an arbitrary file system through the module install functionality...

7.3CVSS7.4AI score0.00433EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2021/06/07 8:37 p.m.2 views

CVE-2021-23391

This affects all versions of package calipso. It is possible for a malicious module to overwrite files on an arbitrary file system through the module install functionality...

7.3CVSS5.5AI score0.00433EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/06/07 12:0 a.m.6 views

calipso 所有 路径遍历漏洞

Calipso is a simple NodeJS content management system. Built on themes similar to Drupal and Wordpress, it is designed to be fast, flexible and simple. calipso has a security vulnerability that can be exploited by an attacker to overwrite files on any file system...

7.3CVSS5.6AI score0.00433EPSS
Exploits1References2
Snyk
Snyk
added 2021/06/06 10:36 p.m.4 views

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview calipso is a Calipso is a simple NodeJS content management system based on Express, Connect & Mongoose. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. It is possible for a malicious module to overwrite files on an arbitrary file...

7.3CVSS6.9AI score0.00433EPSS
Exploits1References2
Veracode
Veracode
added 2021/06/06 10:38 a.m.44 views

Privilege Escalation

kernel is vulnerable to privilege escalation. A use-after-free in cipsov4genopt in net/ipv4/cipsoipv4.c due to the CIPSO and CALIPSO refcounting for the DOI definitions are mishandled, leading to writing of an arbitrary value...

7.8CVSS3.1AI score0.00566EPSS
Exploits1References7Affected Software5
Microsoft CVE
Microsoft CVE
added 2021/05/25 7:0 a.m.1 views

The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.

...

7.8CVSS6.8AI score0.00566EPSS
Exploits1
CNVD
CNVD
added 2021/05/17 12:0 a.m.10 views

Linux kernel resource management error vulnerability (CNVD-2021-37734)

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A resource management error vulnerability exists in cipsov4genopt in net/ipv4/cipsoipv4.c in Linux kernel versions...

7.8CVSS6.5AI score0.00566EPSS
Exploits1References1
OSV
OSV
added 2021/05/14 11:15 p.m.6 views

AZL-6561 CVE-2021-33033 affecting package kernel for versions less than 5.10.78.1-1

The Linux kernel before 5.11.14 has a use-after-free in cipsov4genopt in net/ipv4/cipsoipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value...

7.8CVSS6.7AI score0.00566EPSS
Exploits1References1
OSV
OSV
added 2021/05/14 11:15 p.m.3 views

UBUNTU-CVE-2021-33033

The Linux kernel before 5.11.14 has a use-after-free in cipsov4genopt in net/ipv4/cipsoipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value...

7.8CVSS6.8AI score0.00566EPSS
Exploits1References11
UbuntuCve
UbuntuCve
added 2021/05/14 11:15 p.m.74 views

CVE-2021-33033

The Linux kernel before 5.11.14 has a use-after-free in cipsov4genopt in net/ipv4/cipsoipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value...

7.8CVSS6.7AI score0.00566EPSS
Exploits1References10
xssed
xssed
added 2008/04/26 12:0 a.m.11 views

Unfixed XSS vulnerability at www.calipso.com.co

Security researcher KrepTOr, has submitted on 26/04/2008 a cross-site-scripting XSS vulnerability affecting www.calipso.com.co, which at the time of submission ranked 2811340 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 10/05/2008. It is...

6.6AI score
Exploits0References1
Rows per page
Query Builder