14 matches found
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the shares feature when a single file is shared inside a folder and either the FTP or SFTP server is enabled and publicly accessible. An attacker can gain unauthorized read access to other files within the sam...
PYSEC-2026-32
Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note th...
PYSEC-2026-31
Copyparty is a portable file server. Prior to 1.20.12, there was a missing permission-check in the shares feature the shr global-option. This vulnerability only applies when the shares feature is used for the specific purpose of creating a share of just a single file inside a folder or either the...
CVE-2026-32108
Copyparty is a portable file server. Prior to 1.20.12, there was a missing permission-check in the shares feature the shr global-option. This vulnerability only applies when the shares feature is used for the specific purpose of creating a share of just a single file inside a folder or either the...
CVE-2026-32109 Copyparty has unexpected JavaScript execution via crafted URL to folder with `.prologue.html`
Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note th...
CVE-2026-32109
Copyparty (portable file server) contains a vulnerability where an attacker with both read and write permissions can upload a file named .prologue.html and craft a link to potentially execute arbitrary JavaScript in a victim’s context. The attack requires the target to click the crafted link; nor...
CVE-2026-32109 Copyparty has unexpected JavaScript execution via crafted URL to folder with `.prologue.html`
Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note th...
CVE-2026-32108 Copyparty ftp/sftp: Sharing a single file did not fully restrict source-folder access
Copyparty is a portable file server. Prior to 1.20.12, there was a missing permission-check in the shares feature the shr global-option. This vulnerability only applies when the shares feature is used for the specific purpose of creating a share of just a single file inside a folder or either the...
Copyparty 安全漏洞
Copyparty is a portable file server developed by Ed’s individual developer. Versions of Copyparty prior to 1.20.12 contained security vulnerabilities. These vulnerabilities stemmed from the lack of permission checks in the sharing function, which could allow users to access other files within...
PT-2026-24824
Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note th...
MiracleLinux 9 : golang-1.20.12-1.el9_3 (AXSA:2024-7583:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7583:01 advisory. golang: net/http/internal: Denial of Service DoS via Resource Consumption via HTTP requests CVE-2023-39326 golang: cmd/go: Protocol Fallback when...
golang security update
1.20.12-4 - Rebuild for z-stream - Related: RHEL-28939 1.20.12-3 - Fix CVE-2023-45288 - Resolves: RHEL-28939 - Temporarily disable FIPS tests RHELBLD-14822...
Golang 1.20.x < 1.20.12, 1.21.x < 1.21.5 Multiple Vulnerabilities
The version of Golang running on the remote host is prior to 1.20.12 or 1.21.x prior to 1.21.5. It is, therefore, is affected by multiple vulnerabilities : - A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from t...
CVE-2013-4419
The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitra...