15 matches found
EUVD-2025-3073
Malicious code in bioql PyPI...
EUVD-2025-3072
Malicious code in bioql PyPI...
CVE-2025-23012
Fedora Repository 3.8.x includes a service account fedoraIntCallUser with default credentials and privileges to read read local files by manipulating datastreams. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to a currently supported version 6.5.1 as of...
CVE-2025-23011
Fedora Repository 3.8.1 allows path traversal when extracting uploaded archives "Zip Slip". A remote, authenticated attacker can upload a specially crafted archive that will extract an arbitrary JSP file to a location that can be executed by an unauthenticated GET request. Fedora Repository 3.8.1...
CVE-2025-23012
Fedora Repository 3.8.x includes a service account fedoraIntCallUser with default credentials and privileges to read read local files by manipulating datastreams. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to a currently supported version 6.5.1 as of...
CVE-2025-23011
Fedora Repository 3.8.1 allows path traversal when extracting uploaded archives "Zip Slip". A remote, authenticated attacker can upload a specially crafted archive that will extract an arbitrary JSP file to a location that can be executed by an unauthenticated GET request. Fedora Repository 3.8.1...
CVE-2025-23012 Fedora Repository fedoraIntCallUser default credentials
Fedora Repository 3.8.x includes a service account fedoraIntCallUser with default credentials and privileges to read read local files by manipulating datastreams. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to a currently supported version 6.5.1 as of...
CVE-2025-23012
CVE-2025-23012 affects Fedora Repository 3.8.x, where a service account named fedoraIntCallUser ships with default credentials and privileges that allow reading local files by manipulating datastreams. The issue is tied to legacy 3.8.x releases (3.8.1 dated 2015-06-11) which are no longer maintai...
CVE-2025-23012 Fedora Repository fedoraIntCallUser default credentials
Fedora Repository 3.8.x includes a service account fedoraIntCallUser with default credentials and privileges to read read local files by manipulating datastreams. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to a currently supported version 6.5.1 as of...
CVE-2025-23011 Fedora Repository archive extraction path traversal
Fedora Repository 3.8.1 allows path traversal when extracting uploaded archives "Zip Slip". A remote, authenticated attacker can upload a specially crafted archive that will extract an arbitrary JSP file to a location that can be executed by an unauthenticated GET request. Fedora Repository 3.8.1...
CVE-2025-23011 Fedora Repository archive extraction path traversal
Fedora Repository 3.8.1 allows path traversal when extracting uploaded archives "Zip Slip". A remote, authenticated attacker can upload a specially crafted archive that will extract an arbitrary JSP file to a location that can be executed by an unauthenticated GET request. Fedora Repository 3.8.1...
CVE-2025-23011
CVE-2025-23011 refers to a path traversal vulnerability in Fedora Repository 3.8.1 (Zip Slip). A remote, authenticated attacker can upload a specially crafted archive that results in extracting an arbitrary JSP file to a location that can be executed via an unauthenticated GET request. This versi...
PT-2025-4765 · Unknown · Fedora Repository
Name of the Vulnerable Software and Affected Versions: Fedora Repository versions 3.8.x Description: The issue concerns a service account named fedoraIntCallUser with default credentials and privileges that allow reading local files by manipulating datastreams. It is recommended to migrate to a...
Fedora Repository fedoraIntCallUser default credentials and insecure archive extraction
RISK EVALUATION Fedora Repository 3.8 includes default user credentials and allows path traversal when extracting uploaded archive files. An attacker can exploit these vulnerabilities to read sensitive data and execute arbitrary commands with the privileges of the Java web application server...
PT-2025-4764 · Fedora · Fedora Repository
Name of the Vulnerable Software and Affected Versions: Fedora Repository version 3.8.1 Description: The issue allows path traversal when extracting uploaded archives, also known as "Zip Slip". A remote, authenticated attacker can upload a specially crafted archive that will extract an arbitrary J...