3349 matches found
DEBIAN-CVE-2023-32213
When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox 113, Firefox ESR 102.11, and Thunderbird 102.11...
CVE-2023-32213
When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox 113, Firefox ESR 102.11, and Thunderbird 102.11...
Design/Logic Flaw
When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox 113, Firefox ESR 102.11, and Thunderbird 102.11...
CVE-2023-32213
CVE-2023-32213 affects Mozilla Firefox and Thunderbird. The flaw arises when reading a file, where an uninitialized value could be used as the read limit. Affected versions are Firefox <113, Firefox ESR <102.11, and Thunderbird
Design/Logic Flaw
Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9, Vite Server Options server.fs.deny can be bypassed using double forward-slash // allows any unauthenticated user to read file from the Vite root-path of the application including the default fs.deny...
CVE-2023-34092 Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)
Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9, Vite Server Options server.fs.deny can be bypassed using double forward-slash // allows any unauthenticated user to read file from the Vite root-path of the application including the default fs.deny...
CVE-2023-34092 Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)
Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9, Vite Server Options server.fs.deny can be bypassed using double forward-slash // allows any unauthenticated user to read file from the Vite root-path of the application including the default fs.deny...
Kramer VIA GO² 安全漏洞
The Kramer VIA GO² is a 4K wireless presentation device from Kramer. A security vulnerability exists in Kramer VIA GO² versions prior to 4.0.1.1326, which stems from susceptibility to unauthenticated arbitrary file reading...
CVE-2021-27825
A directory traversal vulnerability on Mercury MAC1200R devices allows attackers to read arbitrary files via a web-static/ URL...
CVE-2023-2825
An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups...
GitLab CE/EE Path Traversal Vulnerability
GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is the GitLab Enterprise Edition and GitLab CE is the GitLab Community Edition. GitLab CE/...
Jsfinder - Fetches JavaScript Files Quickly And Comprehensively
jsFinder is a command-line tool written in Go that scans web pages to find JavaScript files linked in the HTML source code. It searches for any attribute that can contain a JavaScript file e.g., src, href, data-main, etc. and extracts the URLs of the files to a text file. The tool is designed to ...
Oracle Linux 9 : firefox (ELSA-2023-3143)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-3143 advisory. 102.11.0-2.0.1 - Updated homepages to use https Orabug: 34648274 102.11.0-2 - Update to 102.11.0 build2 102.11.0-1 - Update to 102.11.0 build1 Tenable...
AlmaLinux 9 : firefox (ALSA-2023:3143)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:3143 advisory. - In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofin...
Path traversal
Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files...
PT-2023-3389 · Aruba · Aruba Edgeconnect Enterprise
Name of the Vulnerable Software and Affected Versions: Aruba EdgeConnect Enterprise affected versions not specified Description: The issue is related to multiple authenticated path traversal vulnerabilities in the command line interface of the Aruba EdgeConnect Enterprise platform. These...
Denial Of Service (DoS)
libtiff.so is vulnerable to Denial Of Service DoS. The vulnerability exists due to a buffer overflow when reading a file with multiple IFD which causes a memory corruption resulting in an application crash...
PT-2023-18344 · WordPress · Kiwiz Invoices Certification & Pdf System
Name of the Vulnerable Software and Affected Versions: KIWIZ Invoices Certification & PDF System WordPress plugin versions 2.1.3 and earlier Description: The issue allows an unauthenticated attacker to read or download arbitrary files, as well as perform PHAR unserialization if they can upload a...
SUSE CVE-2023-32213
When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox 113, Firefox ESR 102.11, and Thunderbird 102.11...
CVE-2023-30172
A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter...