Mozilla: Arbitrary file read from GTK drag and drop on Linux

The Mozilla Foundation Security Advisory describes this flaw as: Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to DataTransfer.setData...

Mozilla: Arbitrary file read from GTK drag and drop on Linux

The Mozilla Foundation Security Advisory describes this flaw as: Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to DataTransfer.setData...

CVE-2023-23598

The Mozilla Foundation Security Advisory describes this flaw as: Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to DataTransfer.setData...

CVE-2023-23598

Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to DataTransfer.setData. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird...

PT-2022-23165 · Electron · Electron

Name of the Vulnerable Software and Affected Versions: Electron versions prior to 21.0.0-beta.1 Electron versions prior to 20.0.1 Electron versions prior to 19.0.11 Electron versions prior to 18.3.7 Description: The Electron framework is vulnerable to Exposure of Sensitive Information. When...

CVE-2022-36077 Electron subject to Exfiltration of hashed SMB credentials on Windows via file:// redirect

The Electron framework enables writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7, Electron is vulnerable to Exposure of Sensitive Information. When following a redirect, Electron delays a check for redirecti...

Opencast < 10.6 Unauthorized File Access Vulnerability

Opencast is prone to a unauthorized file access vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...

PT-2022-20403 · Jenkins · Jenkins Repo Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins REPO Plugin versions 1.14.0 and earlier Description: The issue allows attackers who can configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs. This enables...

StaticFile.fromUrl can leak presence of a directory

Impact StaticFile.fromUrl can leak the presence of a directory on a server when the URL scheme is not file://, and the URL points to a fetchable resource under its scheme and authority. The function returns FNone, indicating no resource, if url.getFile is a directory, without first checking the...

GHSA-6H7W-FC84-X7P6 StaticFile.fromUrl can leak presence of a directory

Impact StaticFile.fromUrl can leak the presence of a directory on a server when the URL scheme is not file://, and the URL points to a fetchable resource under its scheme and authority. The function returns FNone, indicating no resource, if url.getFile is a directory, without first checking the...

Privilege Escalation

webkitgtk4 is vulnerable to privilege escalation. The vulnerability exists through the lack of restrictions that allows a logic issue when processing file URLs...

CVE-2018-9159

In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark...

Amazon Linux 2 : java-11-amazon-corretto (ALAS-2019-1246)

OpenJDK: Insufficient restriction of privileges in AccessController Security, 8216381 CVE-2019-2786 OpenJDK: Unbounded memory allocation during deserialization in Collections Utilities, 8213432 CVE-2019-2769 libpng: pngimagefree in png.c in libpng has a use-after-free because pngimagefreefunction...

CVE-2018-16081

Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system without file access permission via a crafted Chrome Extension...

CVE-2018-16081

Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system without file access permission via a crafted Chrome Extension...

GHSA-76QR-MMH8-CP8F Moderate severity vulnerability that affects com.sparkjava:spark-core

In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark...

Moderate severity vulnerability that affects com.sparkjava:spark-core

In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark...

CVE-2018-12563

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml...

Design/Logic Flaw

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml...

Security Bulletin: IBM MQ certain file URLs could cause a buffer overwrite (CVE-2017-9502)

Summary A problem within the libcurl library means certain file URLs could cause a buffer overwrite within IBM MQ. Vulnerability Details CVEID: CVE-2017-9502 DESCRIPTION: libcurl is vulnerable to a heap-based buffer overflow, caused by a flaw in the file protocol. By sending a specially-crafted...