973 matches found
AZL-35428 CVE-2024-20328 affecting package clamav for versions less than 0.105.2-5
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file nam...
CVE-2024-20328
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file nam...
CVE-2024-20328
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file nam...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Rsync [CVE-2022-29154]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Rsync, caused by improper validation of file names CVE-2022-29154. Rsync is used as a component of our Speech runtimes. This vulnerabilitiy has been addressed. Please read th...
diffoscope security vulnerability
diffoscope is diffoscope open source a tool for checking the similarities and differences of files or directories. A security vulnerability exists in versions prior to diffoscope 256 that stems from allowing directory traversal via file names embedded in GPG files...
Improper Access Control
TYPO3 is vulnerable to Improper Access Control. The vulnerability is caused because attackers can reference files in the fallback storage directly, exposing their file names and contents. This could lead to unauthorized disclosure of sensitive information...
SUSE CVE-2024-20328
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file nam...
CVE-2024-20328
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file nam...
SUSE CVE-2024-0775
A use-after-free flaw was found in the ext4remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free...
DEBIAN-CVE-2024-0775
A use-after-free flaw was found in the ext4remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free...
UBUNTU-CVE-2024-0775
A use-after-free flaw was found in the ext4remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free...
DEBIAN-CVE-2024-23659
SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js...
UBUNTU-CVE-2024-23659
SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js...
SPIP Security Vulnerabilities
SPIP is a freeware program from SPIP for creating Internet sites. A security vulnerability exists in SPIP versions prior to 4.1.14, 4.2.x through 4.2.8. An attacker could exploit the vulnerability to perform a cross-site scripting attack via the name of an uploaded file...
Low: curl
Issue Overview: When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use. CVE-2023-46219 Affected Packages: curl Issue Correction: Run dnf update curl --releasev...
GitLab Security Breach
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab that stems from the fact that file...
FreeBSD : Gitlab -- vulnerabilities (e2fb85ce-9a3c-11ee-af26-001b217b3468)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the e2fb85ce-9a3c-11ee-af26-001b217b3468 advisory. - Gitlab reports: Smartcard authentication allows impersonation of arbitrary user using user's...
CVE-2022-47375
A vulnerability has been identified in SIMATIC PC-Station Plus All versions, SIMATIC S7-400 CPU 412-2 PN V7 All versions, SIMATIC S7-400 CPU 414-3 PN/DP V7 All versions, SIMATIC S7-400 CPU 414F-3 PN/DP V7 All versions, SIMATIC S7-400 CPU 416-3 PN/DP V7 All versions, SIMATIC S7-400 CPU 416F-3 PN/D...
CVE-2022-47375
A vulnerability has been identified in SIMATIC PC-Station Plus All versions, SIMATIC S7-400 CPU 412-2 PN V7 All versions, SIMATIC S7-400 CPU 414-3 PN/DP V7 All versions, SIMATIC S7-400 CPU 414F-3 PN/DP V7 All versions, SIMATIC S7-400 CPU 416-3 PN/DP V7 All versions, SIMATIC S7-400 CPU 416F-3 PN/D...
Buffer overflow
A vulnerability has been identified in SIMATIC PC-Station Plus All versions, SIMATIC S7-400 CPU 412-2 PN V7 All versions, SIMATIC S7-400 CPU 414-3 PN/DP V7 All versions, SIMATIC S7-400 CPU 414F-3 PN/DP V7 All versions, SIMATIC S7-400 CPU 416-3 PN/DP V7 All versions, SIMATIC S7-400 CPU 416F-3 PN/D...