7273 matches found
CVE-2023-52076 Remote Code Execution Vulnerability in Atril's EPUB ebook parsing
Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the use...
CVE-2023-52076 Remote Code Execution Vulnerability in Atril's EPUB ebook parsing
Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the use...
CVE-2023-52076
Atril Document Viewer (MATE) is vulnerable to a path traversal and arbitrary file write flaw in versions preceding 1.26.2, allowing writing arbitrary files to locations accessible by the user opening a crafted document. The vulnerability originates from Atril’s EPUB/document parsing flow and, per...
Path Traversal
Whoogle Search is vulnerable to Path Traversal. The vulnerability is caused due to a lack of validation for the name variable in the config function within app/routes.py. This allows an attacker to perform a limited file write, overwriting existing files or creating new ones...
PT-2024-1286
Name of the Vulnerable Software and Affected Versions GitLab versions 16.0 through 16.5.7 GitLab versions 16.6 through 16.6.5 GitLab versions 16.7 through 16.7.3 GitLab versions 16.8 through 16.8.0 Description The issue is related to an incorrect restriction of the path name to a directory with...
GitLab 16.0 < 16.5.8 / 16.6 < 16.6.6 / 16.7 < 16.7.4 / 16.8 < 16.8.1 (CVE-2024-0402)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to...
Gitlab -- vulnerabilities
Gitlab reports: Arbitrary file write while creating workspace ReDoS in Cargo.toml blob viewer Arbitrary API PUT requests via HTML injection in user's name Disclosure of the public email in Tags RSS Feed Non-Member can update MR Assignees of owned MRs...
RHCOS 4 : OpenShift Container Platform 4.10.62 (RHSA-2023:3625)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3625 advisory. - xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow...
CVE-2024-22204
Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and prior have a limited file write vulnerability when the configuration options in Whoogle are enabled. The config function in app/routes.py does not validate the user-controlled name variable on line 447 and configdata variable o...
Design/Logic Flaw
Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and prior have a limited file write vulnerability when the configuration options in Whoogle are enabled. The config function in app/routes.py does not validate the user-controlled name variable on line 447 and configdata variable o...
PYSEC-2024-23
Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and prior have a limited file write vulnerability when the configuration options in Whoogle are enabled. The config function in app/routes.py does not validate the user-controlled name variable on line 447 and configdata variable o...
PYSEC-2024-23
Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and prior have a limited file write vulnerability when the configuration options in Whoogle are enabled. The config function in app/routes.py does not validate the user-controlled name variable on line 447 and configdata variable o...
CVE-2024-22204
CVE-2024-22204 affects Whoogle Search (self-hosted metasearch engine). The issue arises in version 0.8.3 and earlier where config handling in app/routes.py does not validate user-controllable name and config_data, enabling path traversal via os.path.join and later pickle.dump of config data. The ...
CVE-2024-22204 Whoogle Search Limited File Write vulnerability
Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and prior have a limited file write vulnerability when the configuration options in Whoogle are enabled. The config function in app/routes.py does not validate the user-controlled name variable on line 447 and configdata variable o...
CVE-2024-22204 Whoogle Search Limited File Write vulnerability
Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and prior have a limited file write vulnerability when the configuration options in Whoogle are enabled. The config function in app/routes.py does not validate the user-controlled name variable on line 447 and configdata variable o...
VulnCheck KEV: CVE-2021-45420
Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can...
CVE-2023-5716
ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to access or modify arbitrary files by sending specific HTTP requests without permission...
CVE-2023-5716 ASUS Armoury Crate - Arbitrary File Write
ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to access or modify arbitrary files by sending specific HTTP requests without permission...
CVE-2023-5716 ASUS Armoury Crate - Arbitrary File Write
ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to access or modify arbitrary files by sending specific HTTP requests without permission...
CVE-2023-5716
CVE-2023-5716 concerns ASUS Armoury Crate with a high-severity arbitrary file write vulnerability. Public records describe that remote attackers can access or modify arbitrary files by sending specific HTTP requests without permission. The NVD entry lists CVSS 3.1 base metrics: AV:N/AC:L/PR:N/UI:...