CVE-2025-55013

The CVE-2025-55013 issue affects Assemblyline 4 Service Client. The task_handler.py component accepts a SHA-256 value from the server and uses it directly as a local filename, enabling a path traversal when the server (or a MITM) returns a payload like ../../../etc/cron.d/evil. This can cause the...

CVE-2025-55013 Assemblyline 4 Service Client: Arbitrary Write through path traversal in Client code

The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. In versions below 4.6.1.dev138, the Assemblyline 4 Service Client taskhandler.py accepts a SHA-256 value returned by the service server and uses it directly as a local...

CVE-2025-55013 Assemblyline 4 Service Client: Arbitrary Write through path traversal in Client code

The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. In versions below 4.6.1.dev138, the Assemblyline 4 Service Client taskhandler.py accepts a SHA-256 value returned by the service server and uses it directly as a local...

Assemblyline 4 Service Client 安全漏洞

Assemblyline 4 Service Client is a Canadian Centre for Cyber Security open source service client for publishing service results in Assemblyline 4. A security vulnerability exists in Assemblyline 4 Service Client versions prior to 4.6.1.dev138, which stems from the direct use of SHA-256 values...

Arbitrary File Write

assemblyline-service-client is vulnerable to Arbitrary File Write. The vulnerability is due to insufficient validation of file paths, allowing attackers to write files outside the intended directory...

Relative Path Traversal

Overview assemblyline-service-client is an Assemblyline 4 - Service client Affected versions of this package are vulnerable to Relative Path Traversal via the downloadfile function in the taskhandler.py. An attacker can overwrite arbitrary files, corrupt system files, or potentially execute code ...

Assemblyline 4 service client vulnerable to Arbitrary Write through path traversal in Client code

Path-Traversal - Arbitrary File Write in Assemblyline Service Client IMPORTANT: This vulnerability is valid if you decide to use the assemblyline-service-client outside of the normal practice to using Assemblyline in a production environment. In practice, this code should always be executed withi...

GHSA-75JV-VFXF-3865 Assemblyline 4 service client vulnerable to Arbitrary Write through path traversal in Client code

Path-Traversal - Arbitrary File Write in Assemblyline Service Client IMPORTANT: This vulnerability is valid if you decide to use the assemblyline-service-client outside of the normal practice to using Assemblyline in a production environment. In practice, this code should always be executed withi...

PT-2025-31837 · Pypi · Assemblyline-Service-Client

Path-Traversal - Arbitrary File Write in Assemblyline Service Client IMPORTANT: This vulnerability is valid if you decide to use the assemblyline-service-client outside of the normal practice to using Assemblyline in a production environment. In practice, this code should always be executed withi...

PT-2025-32425 · Unknown · Assemblyline

Name of the Vulnerable Software and Affected Versions: Assemblyline versions prior to 4.6.1.dev138 Description: The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. The client accepts a SHA-256 value returned by the servi...

CVE-2025-53891

The timelineofficial/Time-Line- repository contains the source code for the TIME LINE website. A vulnerability was found in the TIME LINE website where uploaded files instruction/message media are not strictly validated for type and size. A user may upload renamed or oversized files that can...

CVE-2025-48367

Summary of CVE-2025-48367 (Redis) : An unauthenticated connection can trigger repeated IP protocol errors in Redis, leading to client starvation and a denial of service. The advisory notes fixes in Redis releases: 8.0.3, 7.4.5, 7.2.10, and 6.2.19. Public sources in the connected documents confirm...

CVE-2025-49178 Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: unprocessed client request due to bytes to ignore

A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service...

Malicious code in @metrics-service/mf-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4515e226dd4aafab225dd128f71075baadf1fc7b2176ed97b19e90ae8aadb642 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Security update for 389-ds

This update for 389-ds fixes the following issues: Persist extracted key path for ldapsslclientinit over repeat invocations bsc1230852 Re-enable use of .dsrc basedn for dsidm commands bsc1231462 Update to version 2.2.10git18.20ce9289: RFE: Use previously extracted key path Update dsidm to...

Linux kernel 缓冲区错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an out-of-bounds memory access due to the RDMA/rtrs-clt module's cid not being set correctly when cleaning u...

MAL-2024-8850 Malicious code in azure-iothub-service-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 39be68a1794d85382ecb02d31e4d56c310788c3eb8f0f552d464410ec90138a5 The OpenSSF Package Analysis project identified 'azure-iothub-service-client' @ 0.0.2 npm as malicious. It is considered malicious because: - Th...

Cato Networks Windows SDP Client 代码问题漏洞

Cato Networks Windows SDP Client is a secure remote access software from Cato Networks, Israel. A code issue vulnerability exists in Cato Networks Windows SDP Client versions prior to 5.10.34, which stems from the ability to implement a local elevation of privilege via an openssl configuration fi...

MAL-2025-4699 Malicious code in cugraph-service-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0246f55913ed7c36615843f23e434366bb7e1491332d526c91700a891ee8fde7 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in cugraph-service-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0246f55913ed7c36615843f23e434366bb7e1491332d526c91700a891ee8fde7 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...