116 matches found
OPENSUSE-SU-2023:0345-1 Security update for roundcubemail
This update for roundcubemail fixes the following issues: Update to version 1.6.4 boo1216429: CVE-2023-5631: Fix cross-site scripting vulnerability in handling of SVG in HTML messages Fix PHP8 warnings Fix default 'mime.types' path on Windows Managesieve: Fix javascript error when relational or...
CVE-2023-28433 Minio Privilege Escalation on Windows via Path separator manipulation
Minio is a Multi-Cloud Object Storage framework. All users on Windows prior to version RELEASE.2023-03-20T20-16-18Z are impacted. MinIO fails to filter the \ character, which allows for arbitrary object placement across buckets. As a result, a user with low privileges, such as an access key,...
AZL-13738 CVE-2022-41722 affecting package msft-golang for versions less than 1.19.8-1
A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative if invalid path into an absolute path could enable a directory traversal...
AZL-37449 CVE-2022-41722 affecting package golang for versions less than 1.21.6-1
A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative if invalid path into an absolute path could enable a directory traversal...
SUSE CVE-2019-5443
A non-privileged user or program can put code and a config file in a known non-privileged path under C:/usr/local/ that will make curl = 7.65.1 automatically run the code as an openssl "engine" on invocation. If that curl is invoked by a privileged user it can do anything it wants...
SUSE CVE-2021-22004
An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software...
PT-2022-26318
Name of the Vulnerable Software and Affected Versions pgAdmin versions prior to 6.17 Description The pgAdmin server includes an HTTP API intended to validate the path a user selects to external PostgreSQL utilities such as pg dump and pg restore. This API is used to determine the PostgreSQL versi...
CVE-2022-45307
Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\tools\php81 and all files located in that folder...
PYSEC-2022-43179
Poetry is a dependency manager for Python. To handle dependencies that come from a Git repository, Poetry executes various commands, e.g. git config. These commands are being executed using the executable’s name and not its absolute path. This can lead to the execution of untrusted code due to th...
PT-2022-23158 · Poetry · Poetry
Name of the Vulnerable Software and Affected Versions: Poetry versions prior to 1.1.9 Poetry versions prior to 1.2.0b1 Description: The issue arises from Poetry executing commands like git config using the executable's name instead of its absolute path. This can lead to the execution of untrusted...
Poetry 代码问题漏洞
Poetry is a tool for dependency management and packaging in Python. It allows you to declare the libraries on which your project depends and will manage install/update them for you. A code issue vulnerability exists in Poetry versions prior to 1.1.9 and prior to 1.2.0b1 that stems from the...
CVE-2022-36565
Incorrect access control in the install directory C:\Wamp64 of Wamp v3.2.6 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory...
PT-2022-23472 · Unknown · Strawberryperl
Name of the Vulnerable Software and Affected Versions: StrawberryPerl versions 5.32.1.1 and below Description: The issue is related to incorrect access control in the install directory of StrawberryPerl, allowing authenticated attackers to execute arbitrary code by overwriting binaries in the...
The vulnerability of the distributed Git version control system, related to deficiencies in access control, allows a intruder to increase their privileges or execute arbitrary commands.
The vulnerability of the distributed Git version control system relates to the possibility of creating a folder named “C:.git”. Exploiting this vulnerability could allow an attacker to execute arbitrary commands...
PT-2022-6521 · Nomachine · Nomachine
Name of the Vulnerable Software and Affected Versions: NoMachine version 7.9.2 Description: The issue is related to incorrect permissions for the folder C:ProgramDataNoMachinevaruninstall of NoMachine, which allows attackers to perform a DLL hijacking attack and execute arbitrary code. This is du...
GHSA-4PW5-R58H-FV24 Path traversal vulnerability on Windows in Jenkins
The file browser for workspaces, archived artifacts, and userContent/ in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows. This results in a path traversal vulnerability allowing attackers with Overall/Read permission Windows controller o...
kardianos service 代码问题漏洞
kardianos service is a tool for running go programs as services. A code issue vulnerability exists in kardianos service, which stems from servicewindows.go omitting references that are sometimes required to execute the Windows service executable from the expected directory...
CVE-2022-28148
The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows...
CVE-2022-22528
SAP Adaptive Server Enterprise ASE - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. The...
UBUNTU-CVE-2021-22004
An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software...