Lucene search
K

122 matches found

OSV
OSV
added 2021/08/14 2:0 p.m.6 views

MGASA-2021-0401 Updated dino packages fix security vulnerability

Updated dino packages fix security vulnerability: Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal only for creation of new files via URI-encoded path separators CVE-2021-33896...

5.3CVSS5.3AI score0.01766EPSS
Exploits0References4
OSV
OSV
added 2021/07/03 11:3 a.m.4 views

OESA-2021-1249 jetty security update

Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server like Apache in order\ to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully\ featured web server for static and dynamic content. Unlike separat...

5.3CVSS6.5AI score0.7848EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2021/06/11 5:12 p.m.64 views

CVE-2021-28169

For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...

5.3CVSS3.6AI score0.7848EPSS
Exploits2References3
OSV
OSV
added 2021/06/09 2:15 a.m.3 views

DEBIAN-CVE-2021-28169

For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...

5.3CVSS6.4AI score0.7848EPSS
Exploits2References1
UbuntuCve
UbuntuCve
added 2021/06/09 2:15 a.m.39 views

CVE-2021-28169

For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...

5.3CVSS6.8AI score0.7848EPSS
Exploits2References2
OSV
OSV
added 2021/06/09 2:15 a.m.2 views

UBUNTU-CVE-2021-28169

For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...

5.3CVSS6.7AI score0.7848EPSS
Exploits2References3
Cvelist
Cvelist
added 2021/06/09 1:55 a.m.24 views

CVE-2021-28169

For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...

5.3CVSS6.4AI score0.7848EPSS
Exploits2References24
Debian CVE
Debian CVE
added 2021/06/09 1:55 a.m.32 views

CVE-2021-28169

For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...

5.3CVSS6.4AI score0.7848EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2021/06/09 12:0 a.m.520 views

CVE-2021-28169

For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...

5.3CVSS5.9AI score0.7848EPSS
In wildExploits4References25
CNNVD
CNNVD
added 2021/06/09 12:0 a.m.4 views

Eclipse Jetty 安全漏洞

Eclipse Jetty is an open source, Java-based web server and Java Servlet container from the Eclipse Foundation. A security vulnerability exists in Eclipse Jetty that originates from accessing protected resources in the WEB-INF directory via a double-coded path request to a ConcatServlet. The...

5.3CVSS7.3AI score0.7848EPSS
Exploits2References54
NVD
NVD
added 2021/06/07 7:15 p.m.21 views

CVE-2021-33896

Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal only for creation of new files via URI-encoded path separators...

5.3CVSS0.01766EPSS
Exploits0References5
Cvelist
Cvelist
added 2021/06/07 6:12 p.m.20 views

CVE-2021-33896

Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal only for creation of new files via URI-encoded path separators...

5.5AI score0.01766EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2021/06/07 6:12 p.m.46 views

CVE-2021-33896

Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal only for creation of new files via URI-encoded path separators...

5.3CVSS5.3AI score0.01766EPSS
Exploits0
CNVD
CNVD
added 2020/11/10 12:0 a.m.2 views

Keycloak Path Traversal Vulnerability

Keycloak is an open source identity and access management solution for modern applications and services. A path traversal vulnerability exists in keycloak. The vulnerability stems from a resource endpoint converting a url path to a file path. An attacker can exploit this vulnerability by using...

7.5CVSS6.9AI score0.0136EPSS
Exploits0References1
NVD
NVD
added 2020/11/09 5:15 p.m.23 views

CVE-2020-14366

A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw...

7.5CVSS6.7AI score0.0136EPSS
Exploits0References1
OSV
OSV
added 2019/08/15 12:0 a.m.5 views

UBUNTU-CVE-2019-9852

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...

9.8CVSS7.2AI score0.01932EPSS
Exploits0References6
Prion
Prion
added 2018/12/20 3:29 p.m.14 views

Directory traversal

Square Retrofit version versions from including 2.0 and 2.5.0 excluding contains a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter that can result in By manipulating the URL an attacker could add or delete resources otherwise unavailable to her.. This attack...

6.4CVSS7.5AI score0.04033EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2017/02/28 6:59 p.m.5 views

UBUNTU-CVE-2017-5982

Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e encoded dot dot slash in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd...

7.5CVSS7.2AI score0.7763EPSS
Exploits5References4
RedHat Linux
RedHat Linux
added 2015/07/20 2:0 p.m.5 views

python: CGIHTTPServer module does not properly handle URL-encoded path separators in URLs

It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose source of scripts in the cgi-bin directory...

9.8CVSS7AI score0.24148EPSS
Exploits5References4
Mageia
Mageia
added 2014/07/08 10:35 p.m.60 views

Updated python & python3 packages fix two vulnerabilities

Updated python and python3 packages fix security vulnerabilities: Python 2 and 3 are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value tha...

9.8CVSS7.1AI score0.24148EPSS
Exploits6References4
Rows per page
Query Builder