Lucene search
K

15 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:19 p.m.7 views

CVE-2025-67036

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. Due to a missing sanitization in the file name parameter, an authenticated attacker can inject arbitrary OS commands that are executed with root privileges...

8.8CVSS5.9AI score0.0032EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/10 9:8 p.m.2 views

CVE-2026-31817 OliveTin has unsafe parsing of UniqueTrackingId can be used to write files

OliveTin gives access to predefined shell commands from a web interface. Prior to 3000.11.2, when the saveLogs feature is enabled, OliveTin persists execution log entries to disk. The filename used for these log files is constructed in part from the user-supplied UniqueTrackingId field in the...

8.5CVSS6AI score0.00712EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/17 6:2 p.m.12 views

CVE-2025-33225

NVIDIA Resiliency Extension for Linux contains a vulnerability in log aggregation, where an attacker could cause predictable log-file names. A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tamperi...

8.4CVSS7.1AI score0.00258EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.4 views

NVIDIA Resiliency Extension 安全漏洞

NVIDIA Resiliency Extension is a Python package from NVIDIA. A security vulnerability exists in NVIDIA Resiliency Extension that originates from predictable log file names in log aggregation and could lead to elevation of privilege, code execution, denial of service, information disclosure, and...

8.4CVSS6.6AI score0.00258EPSS
Exploits0References3
Snyk
Snyk
added 2025/10/02 9:15 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the validLogFileName and validExecOutputFileName functions, which insufficiently validate log file names, allowing traversal sequences after certain prefixes. An attacker can access sensitive files on the host...

7.1CVSS7.4AI score0.00541EPSS
Exploits1References2
Snyk
Snyk
added 2025/10/02 9:15 p.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the validLogFileName and validExecOutputFileName functions, which insufficiently validate log file names, allowing traversal sequences after certain prefixes. An attacker can access sensitive files on the host...

7.1CVSS7.4AI score0.00541EPSS
Exploits1References2
Snyk
Snyk
added 2025/10/02 9:15 p.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the validLogFileName and validExecOutputFileName functions, which insufficiently validate log file names, allowing traversal sequences after certain prefixes. An attacker can access sensitive files on the host...

7.1CVSS7.4AI score0.00541EPSS
Exploits1References2
Snyk
Snyk
added 2025/10/02 9:15 p.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the validLogFileName and validExecOutputFileName functions, which insufficiently validate log file names, allowing traversal sequences after certain prefixes. An attacker can access sensitive files on the host...

7.1CVSS7.6AI score0.00541EPSS
Exploits1References2
Snyk
Snyk
added 2025/10/02 9:15 p.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the validLogFileName and validExecOutputFileName functions, which insufficiently validate log file names, allowing traversal sequences after certain prefixes. An attacker can access sensitive files on the host...

7.1CVSS7.4AI score0.00541EPSS
Exploits1References2
OSV
OSV
added 2025/10/02 11:15 a.m.2 views

DEBIAN-CVE-2025-54293

Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links...

6.5CVSS5.6AI score0.00541EPSS
Exploits1References1
OSV
OSV
added 2025/10/02 11:15 a.m.2 views

UBUNTU-CVE-2025-54293

Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links...

7.1CVSS6AI score0.00541EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:54 a.m.5 views

SUSE CVE-2011-1018

logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server...

10CVSS7.7AI score0.18321EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/04/18 12:0 a.m.5 views

WordPress plugin Easy Digital Downloads 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Easy Digital Downloads plugin is vulnerable to a cross-site scripting vulnerability that stems from...

4.8CVSS5.6AI score0.0065EPSS
Exploits2References3
ThreatPost
ThreatPost
added 2014/03/12 11:28 a.m.8 views

Agent.btz Malware May Have Served as Starting Point for Red October, Turla

Researchers looking into the recently uncovered Turla, or Snake, cyber espionage campaign have discovered some similarities connecting it to older pieces of malware such as Agent.btz, the worm that several years ago infected U.S. military networks and eventually caused the Department of Defense t...

7AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2011/03/07 8:58 p.m.5 views

logwatch: Privilege escalation due improper sanitization of special characters in log file names

logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server...

10CVSS6.1AI score0.18321EPSS
Exploits0References4
Rows per page
Query Builder