Lucene search
K

34 matches found

VulnCheck KEV
VulnCheck KEV
added 2023/11/25 12:0 a.m.13 views

VulnCheck KEV: CVE-2020-17518

Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or...

7.5CVSS7.2AI score0.50038EPSS
Exploits1References1
Prion
Prion
added 2023/08/24 11:15 p.m.21 views

Cross site scripting

Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by cargo build --timings. A malicious package included as a dependency may inject nearly arbitrar...

5.8CVSS6.7AI score0.00846EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/08/24 10:56 p.m.24 views

CVE-2023-40030 Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports

Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by cargo build --timings. A malicious package included as a dependency may inject nearly arbitrar...

6.1CVSS6.9AI score0.00846EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/06/03 2:13 a.m.6 views

SUSE CVE-2023-29538

Under specific circumstances a WebExtension may have received a jar:file:/// URI instead of a moz-extension:/// URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

4.3CVSS8.5AI score0.00397EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/06/02 5:15 p.m.3 views

CVE-2023-29538

Under specific circumstances a WebExtension may have received a jar:file:/// URI instead of a moz-extension:/// URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

4.3CVSS6.3AI score0.00397EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/01/12 4:49 p.m.7 views

plugin: Mercurial SCM plugin can check out from the controller file system

A flaw was found in the Jenkins plugin. Affected versions of the Jenkins Mercurial Plugin allow attackers who can configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system. This is accomplished by using local paths as SCM URLs, obtaining limited...

7.5CVSS5.8AI score0.01295EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/12/08 12:0 a.m.3 views

PT-2022-25745 · Buildah +1 · Buildah +1

Name of the Vulnerable Software and Affected Versions: Buildah affected versions not specified Description: A flaw was found in Buildah, where incorrect absolute path traversal may disclose the local path and the lowest subdirectory, resulting in an impact to confidentiality. Recommendations: At...

3.3CVSS6.3AI score0.00238EPSS
Exploits0References20
CNNVD
CNNVD
added 2022/11/22 12:0 a.m.5 views

Buildah 路径遍历漏洞

Bulidah is an open source, Linux-based tool from Containers open source. It is used to build containers that are compatible with the Open Container Initiative OCI.Containers Buildah suffers from a security vulnerability. An attacker could exploit the vulnerability to cause local path and...

3.3CVSS6.2AI score0.00238EPSS
Exploits0References3
NVD
NVD
added 2022/05/17 3:15 p.m.29 views

CVE-2022-30948

Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents...

7.5CVSS0.01295EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2022/05/17 2:6 p.m.60 views

CVE-2022-30947

Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents...

7.5CVSS3.4AI score0.01191EPSS
Exploits0References2
CNVD
CNVD
added 2018/11/21 12:0 a.m.2 views

Ricoh myPrint Information Disclosure Vulnerability

Ricoh myPrint is a mobile printing application from Ricoh Japan. A security vulnerability exists in Ricoh myPrint version 2.9.2.4 for Windows-based platforms and myPrint version 2.2.7 for Android-based platforms, which stems from the program's use of hard-coded credentials. The vulnerability can ...

9.8CVSS9.4AI score0.21492EPSS
Exploits3References1
0day.today
0day.today
added 2018/09/27 12:0 a.m.92 views

Citrix StorageZones Controller Improper Access Restrictions / Traversal Exploit

Citrix StorageZones Controller versions prior to 5.4.2 suffer from padding oracle, improper access restriction, and path traversal vulnerabilities. ======================================================================= title: Multiple Vulnerabilities product: Citrix StorageZones Controller...

0.5AI score0.01105EPSS
Exploits2
Hacker One
Hacker One
added 2018/03/06 5:55 a.m.22 views

Mail.ru: Local paths disclosure through error message

bonus.mail.ru disclosed trace information with absolute paths via 5xx error messages bonus.mail.ru is not covered by bug bounty scope...

2.1AI score
Exploits0
securityvulns
securityvulns
added 2003/05/21 12:0 a.m.71 views

PHP-Nuke module PHP-Banner-Exchange path disclosure

------- Product: PHP-Nuke Vendor: F.Burzi Module: PHP-Banner Exchange Version: 1.2 ------- Accessing directly to the PHP Banner Exchange module and without a specified file : http://target/modules/phpbannerexchange/ phpbannerexchange module directory you get this: Warning: mainmainfile.php...

0.3AI score
Exploits0
Rows per page
Query Builder