GHSA-884P-74JH-XRG2 Command Injection in tree-kill

Versions of tree-kill prior to 1.2.2 are vulnerable to Command Injection. The package fails to sanitize values passed to the kill function. If this value is user-controlled it may allow attackers to run arbitrary commands in the server. The issue only affects Windows systems. Recommendation Upgra...

Cross-Site Scripting in jqtree

Affected versions of jqtree are vulnerable to cross-site scripting in the drag and drop functionality for modifying tree data. When a user attempts to drag a node to a different position in the hierarchy, script content existing within the node will be executed. Recommendation Update to 1.3.4 or...

CVE-2020-15154

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting XSS via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components are: contentfields.php, contentinfo.php, contentoptions.php, contentrelated.php, indexlisttree.php, jquery.bcTree.js...

Cross Site Scripting in baserCMS

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting XSS. Impact: XSS via Arbitrary script execution. Attack vector is: Administrator must be logged in. Components are: contentfields.php, contentinfo.php, contentoptions.php, contentrelated.php, indexlisttree.php, jquery.bcTree.js Tested...

The vulnerability in the implementation of the XML::Twig Perl module for processing XML documents in a tree-like mode allows a attacker to cause a service failure or gain unauthorized access to protected information.

The vulnerability of the expandexternalents configuration implementation in the Perl module for processing XML documents in a tree-like mode, implemented via XML::Twig, is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability could allow an attack...

SUSE-SU-2020:2269-1 Security update for libvirt

This update for libvirt fixes the following issues: - CVE-2020-14339: Don't leak /dev/mapper/control into QEMU. Use ioctl's to obtain the dependency tree of disks and drop use of libdevmapper. bsc1161883, bsc1174458...

PE Tree - Python Module For Viewing Portable Executable (PE) Files In A Tree-View

Python module for viewing Portable Executable PE files in a tree-view using pefile and PyQt5. Can also be used with IDA Pro to dump in-memory PE files and reconstruct imports. Features Standalone application and IDAPython plugin Supports Windows/Linux/Mac Rainbow PE ratio map: High-level overview...

CVE-2020-16162

An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14.28. Missing validation checks on CRL presence or CRL staleness in the X509-based RPKI certificate-tree validation procedure allow remote attackers to bypass intended access restrictions by using revoked certificates...

CVE-2020-16162

An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14.28. Missing validation checks on CRL presence or CRL staleness in the X509-based RPKI certificate-tree validation procedure allow remote attackers to bypass intended access restrictions by using revoked certificates...

PT-2020-14784 · Ripe Ncc · Ripe Ncc Rpki Validator

Name of the Vulnerable Software and Affected Versions: RIPE NCC RPKI Validator versions 3.x through 3.1-2020.07.06.14.28 Description: An issue was discovered in the X509-based RPKI certificate-tree validation procedure, where missing validation checks on CRL presence or CRL staleness allow remote...

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

UBUNTU-CVE-2020-16094

In imapscantreerecursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree...

CVE-2020-16094

In imapscantreerecursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree...

CVE-2020-16094

In imapscantreerecursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree...

pdfbox: unbounded computation in parser resulting in a denial of service

In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree...

Marked-tree path traversal vulnerability

Marked-tree is a Markdown viewer. A path traversal vulnerability exists in fs.readFile in the index.js file in marked-tree all versions, which stems from the program's failure to clean up paths, and can be exploited by an attacker to gain unauthorized access and overwrite or read arbitrary files...

Directory Traversal

marked-tree is vulnerable to directory traversal. Lack of sanitization of the file path allows an attacker to access arbitrary system files outside of the web root...

CVE-2020-7682

This affects all versions of package marked-tree. There is no path sanitization in the path provided at fs.readFile in index.js...

CVE-2020-7682

CVE-2020-7682 concerns all versions of the npm package marked-tree, with no path sanitization in fs.readFile called from index.js. The connected Snyk entry confirms a Directory Traversal vulnerability that can read arbitrary files outside the web root and provides a PoC demonstrating traversal vi...

TYPO3 9.x < 9.5.6 Information Disclosure

The version of TYPO3 installed on the remote host is 9.x prior to 9.5.6. It is, therefore, affected by information disclosure vulnerabilities in its login & page tree components due to a failure to properly restrict access to sensitive information. An authenticated, remote attacker can exploit...