Design/Logic Flaw

An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing...

CVE-2023-39137

An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing...

Archive 安全漏洞

Archive is a Dart library for encoding and decoding various archive and compression formats such as Zip, Tar, GZip, ZLib and BZip2. A security vulnerability exists in Archive version v3.3.7, which originates from a vulnerability that allows an attacker to spoof zip filenames, resulting in...

CVE-2023-39137

An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing...

CVE-2023-39137

Archive v3.3.7 contains a vulnerability that allows attackers to spoof ZIP filenames, resulting in inconsistent filename parsing. The CVE entry CVE-2023-39137 is mapped to this issue; the core detail across connected sources is that the vulnerability arises in Archive v3.3.7 and affects parsing o...

Denial Of Service (DoS)

libgerbv.so is vulnerable to Denial of Service DoS attacks. The vulnerability is caused by an Out-of-bounds memory violation due to the way Gerber RS-274X filenames are parsed. The overflow occurs because the filename variable is not properly freed, which can cause the variable to overflow the...

PT-2023-8890 · Ray · Ray

Name of the Vulnerable Software and Affected Versions: Ray affected versions not specified Description: The issue is related to incorrect restriction of a directory path with limited access in the Ray framework for scaling AI and Python applications. This can be exploited by a remote attacker to...

PT-2023-27491 · Lg · Lg Simple Editor

Name of the Vulnerable Software and Affected Versions: LG Simple Editor affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Although authentication is required to exploit this issue, the...

CVE-2023-41105

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python...

DEBIAN-CVE-2023-41105

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python...

UBUNTU-CVE-2023-41105

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python...

CVE-2023-41105

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python...

Linux kernel buffer error vulnerability

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel that originates in the implementation of the exFAT driver's filename rebuild function, where filename characters are copied to a stack variable, which...

thunderbird: File Extension Spoofing using the Text Direction Override Character

Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This...

thunderbird: File Extension Spoofing using the Text Direction Override Character

Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This...

PT-2023-26560 · Unknown · Cypress-Image-Snapshot

Name of the Vulnerable Software and Affected Versions: cypress-image-snapshot versions prior to 8.0.2 Description: The issue allows a user to pass a relative file path for the snapshot name, potentially reaching outside of the project directory into the machine running the test. This can be...

Exploit for CVE-2023-38646

Poc-Metabase-Preauth-CVE-2023-38646 Ho to use? λ cve git...

Improper Filename Validation

Thunderbird is vulnerable to Improper Filename Validation. the vulnerability is due to a lack of preventing text direction override unicode characters in filename attachments. This can allow an attacker to attach an executable file, without the extension displayed as such...

CVE-2022-46898

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal via the "restore SQL data" filename. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file...

Path traversal

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal via the "restore SQL data" filename. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file...