Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8787 matches found

SUSE CVE
SUSE CVEadded 2023/09/20 11:26 p.m.1 views

SUSE CVE-2023-43620

An issue was discovered in Croc through 9.6.5. A sender may place ANSI or CSI escape sequences in a filename to attack the terminal device of a receiver...

7.8CVSS7AI score0.00339EPSS
Exploits1References3
OSV
OSVadded 2023/09/20 6:30 a.m.14 views

GHSA-364C-VVQX-446C Croc sender may place ANSI or CSI escape sequences in filename to attach receiver's terminal device

An issue was discovered in Croc before 9.6.16. A sender may place ANSI or CSI escape sequences in a filename to attack the terminal device of a receiver...

7.8CVSS7.3AI score0.00339EPSS
Exploits1References7
Github Security Blog
Github Security Blogadded 2023/09/20 6:30 a.m.27 views

Croc sender may place ANSI or CSI escape sequences in filename to attach receiver's terminal device

An issue was discovered in Croc before 9.6.16. A sender may place ANSI or CSI escape sequences in a filename to attack the terminal device of a receiver...

7.8CVSS7.4AI score0.00339EPSS
Exploits1References7Affected Software1
ATTACKERKB
ATTACKERKBadded 2023/09/20 6:15 a.m.2 views

CVE-2023-43620

An issue was discovered in Croc through 9.6.5. A sender may place ANSI or CSI escape sequences in a filename to attack the terminal device of a receiver...

7.8CVSS5.8AI score0.00339EPSS
Exploits1References4
NVD
NVDadded 2023/09/20 6:15 a.m.15 views

CVE-2023-43620

An issue was discovered in Croc through 9.6.5. A sender may place ANSI or CSI escape sequences in a filename to attack the terminal device of a receiver...

7.8CVSS7.5AI score0.00339EPSS
Exploits1References3
Prion
Prionadded 2023/09/20 6:15 a.m.15 views

Design/Logic Flaw

An issue was discovered in Croc through 9.6.5. A sender may place ANSI or CSI escape sequences in a filename to attack the terminal device of a receiver...

4.4CVSS7.5AI score0.00339EPSS
Exploits1References3Affected Software1
Amazon
Amazonadded 2023/09/20 12:0 a.m.25 views

Important: thunderbird

Issue Overview: Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file...

9.8CVSS8.4AI score0.00849EPSS
Exploits0
AlpineLinux
AlpineLinuxadded 2023/09/20 12:0 a.m.16 views

CVE-2023-43620

An issue was discovered in Croc through 9.6.5. A sender may place ANSI or CSI escape sequences in a filename to attack the terminal device of a receiver...

7.8CVSS7AI score0.00339EPSS
Exploits1
Positive Technologies
Positive Technologiesadded 2023/09/19 12:0 a.m.3 views

PT-2023-28881 · Croc · Croc

Name of the Vulnerable Software and Affected Versions: Croc versions prior to 9.6.16 Description: An issue was discovered in Croc where a sender may place ANSI or CSI escape sequences in a filename to attack the terminal device of a receiver. This allows the sender to potentially exploit the...

7.8CVSS6.8AI score0.00339EPSS
Exploits1References16
OSV
OSVadded 2023/09/14 4:16 p.m.0 views

GHSA-3GH6-V5V9-6V9J Jetty vulnerable to errant command quoting in CGI Servlet

If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the...

3.5CVSS6.9AI score0.01006EPSS
Exploits1References8
RedHat Linux
RedHat Linuxadded 2023/09/14 9:51 a.m.2 views

jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()

A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable...

5.3CVSS7.3AI score0.0326EPSS
Exploits0References5
Huntr
Huntradded 2023/09/13 9:58 p.m.16 views

Improper input validation leads to arbitrary file deletion

Description The /process endpoint of the python API in collector/api.py exposes an endpoint waiting for a POST request with a parameter named filename : py @api.route"/process", methods="POST" def processfile: content = request.json targetfilename = content.get"filename" printf"Processing...

6.8AI score0.0073EPSS
Exploits1
GithubExploit
GithubExploitadded 2023/09/12 4:1 p.m.335 views

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

CVE-2023-38831-WinRAR-Exploit Proof of concept...

7.8CVSS6.8AI score0.97798EPSS
Exploits49
Tenable Nessus
Tenable Nessusadded 2023/09/07 12:0 a.m.27 views

Oracle Linux 7 : qemu (ELSA-2018-4312)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-4312 advisory. - usb-mtp: outlaw slashes in filenames Gerd Hoffmann Orabug: 29037012 CVE-2018-16867 - lsi53c895a: check message length value is valid Prasad J Pandit Orabug:...

7.8CVSS6.4AI score0.00566EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2023/09/07 12:0 a.m.24 views

Oracle Linux 7 : qemu (ELSA-2018-4313)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-4313 advisory. - usb-mtp: outlaw slashes in filenames Gerd Hoffmann Orabug: 29037012 CVE-2018-16867 - lsi53c895a: check message length value is valid Prasad J Pandit Orabug:...

7.8CVSS6.4AI score0.00566EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2023/09/07 12:0 a.m.24 views

Oracle Linux 7 : libmspack (ELSA-2019-2049)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2049 advisory. 0.5-0.7.alpha - Fixes for CVE-2018-18584 CVE-2018-18585. resolves: rhbz1648384 rhbz1648385 Tenable has extracted the preceding description block direct...

6.5CVSS6.7AI score0.03086EPSS
Exploits1References3
OSV
OSVadded 2023/08/31 12:30 a.m.25 views

GHSA-R285-Q736-9V95 Filename spoofing in archive

An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing...

7.8CVSS7.4AI score0.00321EPSS
Exploits1References7
GitLab Advisory Database
GitLab Advisory Databaseadded 2023/08/31 12:0 a.m.3 views

Filename spoofing in archive

An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing...

7.8CVSS7.1AI score0.00321EPSS
Exploits1References8Affected Software1
OSV
OSVadded 2023/08/30 10:15 p.m.16 views

CVE-2023-39137

An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing...

7.8CVSS7AI score
Exploits0References4
Prion
Prionadded 2023/08/30 10:15 p.m.11 views

Design/Logic Flaw

An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing...

4.4CVSS7.4AI score0.00321EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder