Lucene search
K

116 matches found

OSV
OSV
added 2023/11/02 11:5 a.m.7 views

OPENSUSE-SU-2023:0345-1 Security update for roundcubemail

This update for roundcubemail fixes the following issues: Update to version 1.6.4 boo1216429: CVE-2023-5631: Fix cross-site scripting vulnerability in handling of SVG in HTML messages Fix PHP8 warnings Fix default 'mime.types' path on Windows Managesieve: Fix javascript error when relational or...

6.1CVSS6AI score0.73445EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2023/03/22 8:33 p.m.13 views

CVE-2023-28433 Minio Privilege Escalation on Windows via Path separator manipulation

Minio is a Multi-Cloud Object Storage framework. All users on Windows prior to version RELEASE.2023-03-20T20-16-18Z are impacted. MinIO fails to filter the \ character, which allows for arbitrary object placement across buckets. As a result, a user with low privileges, such as an access key,...

8.8CVSS8.6AI score0.00981EPSS
Exploits0References4
OSV
OSV
added 2023/02/28 6:15 p.m.10 views

AZL-13738 CVE-2022-41722 affecting package msft-golang for versions less than 1.19.8-1

A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative if invalid path into an absolute path could enable a directory traversal...

7.5CVSS6.9AI score0.01678EPSS
Exploits0References1
OSV
OSV
added 2023/02/28 6:15 p.m.7 views

AZL-37449 CVE-2022-41722 affecting package golang for versions less than 1.21.6-1

A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative if invalid path into an absolute path could enable a directory traversal...

7.5CVSS6.9AI score0.01678EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:17 a.m.4 views

SUSE CVE-2019-5443

A non-privileged user or program can put code and a config file in a known non-privileged path under C:/usr/local/ that will make curl = 7.65.1 automatically run the code as an openssl "engine" on invocation. If that curl is invoked by a privileged user it can do anything it wants...

7.8CVSS6.2AI score0.00717EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:46 a.m.2 views

SUSE CVE-2021-22004

An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software...

6.4CVSS9.5AI score0.00346EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/11/30 12:0 a.m.2 views

PT-2022-26318

Name of the Vulnerable Software and Affected Versions pgAdmin versions prior to 6.17 Description The pgAdmin server includes an HTTP API intended to validate the path a user selects to external PostgreSQL utilities such as pg dump and pg restore. This API is used to determine the PostgreSQL versi...

10CVSS6.3AI score0.79933EPSS
Exploits0References13
OSV
OSV
added 2022/11/29 2:15 a.m.6 views

CVE-2022-45307

Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\tools\php81 and all files located in that folder...

4.3CVSS5.8AI score0.00353EPSS
Exploits0References1
PyPA
PyPA
added 2022/09/07 7:15 p.m.4 views

PYSEC-2022-43179

Poetry is a dependency manager for Python. To handle dependencies that come from a Git repository, Poetry executes various commands, e.g. git config. These commands are being executed using the executable’s name and not its absolute path. This can lead to the execution of untrusted code due to th...

7.3CVSS7.4AI score0.00341EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/07 12:0 a.m.4 views

PT-2022-23158 · Poetry · Poetry

Name of the Vulnerable Software and Affected Versions: Poetry versions prior to 1.1.9 Poetry versions prior to 1.2.0b1 Description: The issue arises from Poetry executing commands like git config using the executable's name instead of its absolute path. This can lead to the execution of untrusted...

7.3CVSS7.2AI score0.00341EPSS
Exploits0References9
CNNVD
CNNVD
added 2022/09/07 12:0 a.m.27 views

Poetry 代码问题漏洞

Poetry is a tool for dependency management and packaging in Python. It allows you to declare the libraries on which your project depends and will manage install/update them for you. A code issue vulnerability exists in Poetry versions prior to 1.1.9 and prior to 1.2.0b1 that stems from the...

7.3CVSS7.6AI score0.00341EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/08/30 9:15 p.m.4 views

CVE-2022-36565

Incorrect access control in the install directory C:\Wamp64 of Wamp v3.2.6 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory...

8.8CVSS7.7AI score0.00814EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/08/30 12:0 a.m.7 views

PT-2022-23472 · Unknown · Strawberryperl

Name of the Vulnerable Software and Affected Versions: StrawberryPerl versions 5.32.1.1 and below Description: The issue is related to incorrect access control in the install directory of StrawberryPerl, allowing authenticated attackers to execute arbitrary code by overwriting binaries in the...

8.8CVSS8.7AI score0.00814EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2022/07/15 12:0 a.m.7 views

The vulnerability of the distributed Git version control system, related to deficiencies in access control, allows a intruder to increase their privileges or execute arbitrary commands.

The vulnerability of the distributed Git version control system relates to the possibility of creating a folder named “C:.git”. Exploiting this vulnerability could allow an attacker to execute arbitrary commands...

7.8CVSS7.5AI score0.00445EPSS
Exploits0References11Affected Software5
Positive Technologies
Positive Technologies
added 2022/06/29 12:0 a.m.4 views

PT-2022-6521 · Nomachine · Nomachine

Name of the Vulnerable Software and Affected Versions: NoMachine version 7.9.2 Description: The issue is related to incorrect permissions for the folder C:ProgramDataNoMachinevaruninstall of NoMachine, which allows attackers to perform a DLL hijacking attack and execute arbitrary code. This is du...

7.3CVSS7.3AI score0.00331EPSS
Exploits1References5
OSV
OSV
added 2022/05/24 7:16 p.m.5 views

GHSA-4PW5-R58H-FV24 Path traversal vulnerability on Windows in Jenkins

The file browser for workspaces, archived artifacts, and userContent/ in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows. This results in a path traversal vulnerability allowing attackers with Overall/Read permission Windows controller o...

6.5CVSS6AI score0.02103EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/04/22 12:0 a.m.3 views

kardianos service 代码问题漏洞

kardianos service is a tool for running go programs as services. A code issue vulnerability exists in kardianos service, which stems from servicewindows.go omitting references that are sometimes required to execute the Windows service executable from the expected directory...

7.8CVSS7.5AI score0.00306EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/03/29 1:15 p.m.2 views

CVE-2022-28148

The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows...

6.5CVSS6AI score0.01764EPSS
Exploits0References3
OSV
OSV
added 2022/02/09 11:15 p.m.2 views

CVE-2022-22528

SAP Adaptive Server Enterprise ASE - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. The...

7.8CVSS5.9AI score0.00316EPSS
Exploits0References2
OSV
OSV
added 2021/09/08 3:15 p.m.1 views

UBUNTU-CVE-2021-22004

An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software...

6.4CVSS7.3AI score0.00346EPSS
Exploits0References3
Rows per page
Query Builder