Lucene search
K

2059 matches found

OSV
OSV
added 2023/10/05 9:15 p.m.2 views

UBUNTU-CVE-2023-39323

Line directives "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of...

8.1CVSS7.2AI score0.01762EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/09/23 2:8 a.m.5 views

SUSE CVE-2023-5115

An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path...

6.3CVSS7AI score0.00859EPSS
Exploits0References4
OSV
OSV
added 2023/09/22 7:15 p.m.4 views

CVE-2023-38346

An issue was discovered in Wind River VxWorks 6.9 and 7. The function tarExtract implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading...

8.8CVSS5.8AI score0.01239EPSS
Exploits1References3
NVD
NVD
added 2023/09/17 6:15 a.m.23 views

CVE-2023-5022

A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /include/dialog/selecttempletspost.php. The manipulation of the argument activepath leads to absolute path traversal. The associated identifie...

8.8CVSS6.5AI score0.00705EPSS
Exploits0References3
Prion
Prion
added 2023/09/17 6:15 a.m.28 views

Path traversal

A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /include/dialog/selecttempletspost.php. The manipulation of the argument activepath leads to absolute path traversal. The associated identifie...

5.2CVSS8.8AI score0.00705EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/17 5:31 a.m.5 views

CVE-2023-5022 DedeCMS select_templets_post.php absolute path traversal

A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /include/dialog/selecttempletspost.php. The manipulation of the argument activepath leads to absolute path traversal. The associated identifie...

5.5CVSS7.1AI score0.00705EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/09/17 5:31 a.m.33 views

CVE-2023-5022 DedeCMS select_templets_post.php absolute path traversal

A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /include/dialog/selecttempletspost.php. The manipulation of the argument activepath leads to absolute path traversal. The associated identifie...

5.5CVSS9AI score0.00705EPSS
Exploits0References3
CVE
CVE
added 2023/09/17 5:31 a.m.50 views

CVE-2023-5022

The CVE-2023-5022 entry describes a path-traversal flaw in DedeCMS up to 5.7.100, exploitable via the activepath parameter in the file /include/dialog/select_templets_post.php. The root cause is an absolute path traversal in the activepath handling, leading to potential unauthorized file access. ...

8.8CVSS7.2AI score0.00705EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.19 views

Oracle Linux 5 : gcc (ELSA-2011-0025)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-0025 advisory. - fix up fastjar directory traversal bugs CVE-2010-0831 Tenable has extracted the preceding description block directly from the Oracle Linux security...

5.8CVSS5.6AI score0.03681EPSS
Exploits2References3
NVD
NVD
added 2023/09/05 3:15 p.m.33 views

CVE-2023-2453

There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a ‘requireonce’ statement. This allows arbitrary files with the ‘.php’ extension for which the absolute path is known to be included and executed. There are no known...

8.8CVSS8.7AI score0.00738EPSS
Exploits0References1
NVD
NVD
added 2023/08/30 5:15 p.m.14 views

CVE-2023-40597

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk...

8.8CVSS8.2AI score0.00216EPSS
Exploits0References2
OSV
OSV
added 2023/08/30 5:15 p.m.4 views

CVE-2023-40597

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk...

8.8CVSS6.1AI score0.00216EPSS
Exploits0References2
Prion
Prion
added 2023/08/30 5:15 p.m.20 views

Path traversal

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk...

4.3CVSS8.9AI score0.00216EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2023/08/30 4:19 p.m.163 views

CVE-2023-40597

CVE-2023-40597 affects Splunk Enterprise if running versions before 8.2.12, 9.0.6, or 9.1.1. The vulnerability is an absolute path traversal in the runshellscript.py component that enables an attacker to execute arbitrary code located on a separate disk. Exploitation results in a high impact acro...

8.8CVSS8.6AI score0.00216EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2023/08/30 4:19 p.m.2 views

CVE-2023-40597 Absolute Path Traversal in Splunk Enterprise Using runshellscript.py

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk...

7.8CVSS8AI score0.00216EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/08/30 2:14 a.m.1 views

SUSE CVE-2023-40590

GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the git command, if a user runs GitPython from a repo has a git.exe or git...

7.8CVSS6.9AI score0.00465EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/08/30 12:0 a.m.42 views

Splunk Enterprise 8.2.0 < 8.2.12, 9.0.0 < 9.0.6, 9.1.0 < 9.1.1 (SVD-2023-0806)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0806 advisory. - In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to...

8.8CVSS8.5AI score0.00216EPSS
Exploits0References2
OSV
OSV
added 2023/08/29 11:33 p.m.5 views

GHSA-WFM5-V35H-VWF4 GitPython untrusted search path on Windows systems leading to arbitrary code execution

Summary When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment see big warning in https://docs.python.org/3/library/subprocess.htmlpopen-constructor. GitPython defaults to use the git command, if a user runs GitPython from a repo has a...

8.6CVSS7.3AI score0.00465EPSS
Exploits1References9
OSV
OSV
added 2023/08/28 6:15 p.m.5 views

PYSEC-2023-161

GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the git command, if a user runs GitPython from a repo has a git.exe or git...

7.8CVSS7.1AI score0.00465EPSS
Exploits1References2
PyPA
PyPA
added 2023/08/28 6:15 p.m.6 views

PYSEC-2023-161

GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the git command, if a user runs GitPython from a repo has a git.exe or git...

7.8CVSS7.6AI score0.00465EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder