67 matches found
RockyLinux 9 : bubblewrap and flatpak (RLSA-2024:9449)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:9449 advisory. flatpak: Access to files outside sandbox for apps using persistent= --persist CVE-2024-42472 Tenable has extracted the preceding description block directly from t...
VMware Spring Framework 安全漏洞
VMware Spring Framework is a set of open source Java, JavaEE application frameworks from VMware. The framework helps developers build high-quality applications. A security vulnerability exists in VMware Spring Framework. An attacker can exploit the vulnerability to read files outside of the servi...
qemu-kvm: 'qemu-img info' leads to host file read/write
A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write ...
qemu-kvm: 'qemu-img info' leads to host file read/write
A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write ...
QEMU Resource Management Error Vulnerability (CNVD-2024-31523)
QEMU Quick Emulator is a set of simulation processor software. The software is fast and cross-platform. A resource management error vulnerability exists in QEMU. The vulnerability stems from the presence of uncontrolled resource consumption by the application, which can be exploited by an attacke...
The vulnerability of the microprogramming software of Schneider Electric’s programmable logic controller Modicon M340 and its network modules, Modicon M340 BMXNOE0100, Modicon M340 BMXNOE0110, stems from the use of files and directories accessible to external parties. This allows attackers to disrupt the device’s firmware updates and cause improper operation of the web server.
The vulnerability of the microprogramming software of Schneider Electric’s programmable logic controller Modicon M340, as well as its network modules Modicon M340 BMXNOE0100 and Modicon M340 BMXNOE0110, stems from the use of files and directories accessible to external parties. Exploiting this...
Backstage Security Vulnerabilities
Backstage is a software application. Backstage is an open platform for building developer portals. A security vulnerability exists in Backstage backend-common, which stems from insufficiently detailed path checking using "resolveSafeChildPath". The vulnerability can be exploited to access files a...
CVE-2023-4550
Improper Input Validation, Files or Directories Accessible to External Parties vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. An unauthenticated or authenticated user can abuse a page of AppBuilder to read arbitrary files on the server on which it is hosted. Thi...
jupyterlab-lsp Security Vulnerabilities
jupyterlab-lsp is a tool that provides coding help for JupyterLab using the Language Server protocol. A security vulnerability exists in jupyterlab-lsp 2.2.1 and earlier versions, which stems from a lack of authentication of the jupyter-lsp server extension endpoint, allowing an attacker to acces...
The vulnerability of the Apache Struts software platform, related to the use of files and directories accessible from external parties, allows a hacker to execute arbitrary code.
The vulnerability of the Apache Struts software platform is related to the use of files and directories accessible from external parties due to incorrect restrictions on the path to the restricted directory during file loading. Exploiting this vulnerability allows a remote attacker to execute...
The vulnerability of NVIDIA Virtual GPU driver relates to the use of files and directories accessible from external parties. This allows attackers to gain unauthorized access to protected information, enhance their privileges, execute arbitrary code, or cause service interruptions.
The vulnerability of NVIDIA Virtual GPU driver relates to the use of files and directories accessible from external parties. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information, enhance their privileges, execute arbitrary code, or cause service...
The vulnerability of the CMPapp component in CODESYS software products allows a hacker to load arbitrary files into the system.
The vulnerability of the CMPapp component in CODESYS software products is related to the use of files and directories accessible from external parties. Exploiting this vulnerability allows a malicious actor to upload arbitrary files into the system remotely...
Mlflow 安全漏洞
Mlflow is an open source platform for machine learning lifecycles. A security vulnerability exists in Mlflow versions prior to 2.3.1. An attacker exploiting this vulnerability could access files and directories stored outside of the web root folder...
maps-js-icoads 路径遍历漏洞
maps-js-icoads is a spatio-temporal data visualization of ships and buoys by the individual developer Paul R. Saxman. A path traversal vulnerability exists in maps-js-icoads. An attacker exploiting this vulnerability could access files and directories stored outside of the web root folder...
IBM Spectrum Scale 路径遍历漏洞
IBM Spectrum Scale is a suite of scalable data and file management solutions from International Business Machines IBM based on IBM GPFS, an enterprise file management system optimized for petabyte-scale storage management. The product supports helping customers reduce storage costs while improvin...
UBUNTU-CVE-2022-42706
An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal...
CVE-2022-45184
The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator privilege to create, delete, update, and display files outside of the configuration directory via a crafte...
UBUNTU-CVE-2022-39261
Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the source or include statement to read arbitrary files from outsi...
3S-Smart Software Solutions CODESYS V3 web server 安全漏洞
3s-smart Software Solutions 3S-Smart Software Solutions CODESYS V3 web server is a web server from 3S-Smart Software Solutions Germany that is used in the CODESYS product. 3S-Smart Software Solutions CODESYS V3 web server is a web server used by 3S-Smart Software Solutions 3s-smart Software...
The vulnerability of the command-line interface of the programmatically defined Cisco SD-WAN network allows a hacker to re-write any files they desire.
The vulnerability of the command-line interface of the programmatically defined Cisco SD-WAN network relates to the use of files and directories accessible from external parties. Exploiting this vulnerability could allow a attacker to overwrite arbitrary files...