22 matches found
CVE-2026-2331
An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical filesystem directory was unintentionally exposed through the HTTP-based file access feature, allowing access witho...
EUVD-2026-10025
An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical filesystem directory was unintentionally exposed through the HTTP-based file access feature, allowing access witho...
CVE-2026-2331
An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical filesystem directory was unintentionally exposed through the HTTP-based file access feature, allowing access witho...
CVE-2026-2331
An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical filesystem directory was unintentionally exposed through the HTTP-based file access feature, allowing access witho...
CVE-2026-2331 CVE-2026-2331
An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical filesystem directory was unintentionally exposed through the HTTP-based file access feature, allowing access witho...
CVE-2026-2331
CVE-2026-2331 describes unauthenticated read/write access to sensitive filesystem areas via AppEngine Fileaccess over HTTP caused by improper access restrictions. A critical filesystem directory was exposed through the HTTP-based file access feature, allowing access without authentication. Impact...
SICK Lector85x和SICK SICK Lector83x 安全漏洞
SICK Lector85x and SICK SICK Lector83x are a series of QR code image recognition readers developed by the German company SICK. Both devices have security vulnerabilities. These vulnerabilities stem from incorrect access controls. Attackers could potentially perform unauthenticated read and write...
PT-2026-23660
Name of the Vulnerable Software and Affected Versions AppEngine affected versions not specified Description An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical...
com.google.appengine:jetty12-assembly (>=2.0.20 <=3.0.1), org.eclipse.jetty.ee9.demos:jetty-ee9-demo-embedded (>=12.0.0 <=12.0.29) +5 more potentially affected by CVE-2024-9823 via org.eclipse.jetty.ee9:jetty-ee9-servlets (>=12.0.0 <=12.0.29)
org.eclipse.jetty.ee9:jetty-ee9-servlets MAVEN version =12.0.0, =2.0.20, =12.0.0, =12.0.0, =12.0.0, =12.0.0, =12.0.12, =12.0.29 Source cves: CVE-2024-9823 Source advisory: OSV:GHSA-J26W-F9RQ-MR2Q...
Fedora: Security Advisory for golang-google-appengine (FEDORA-2022-37aef44d1e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for golang-google-appengine (FEDORA-2022-3969b64d4b)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 35 Update: golang-google-appengine-1.6.7-5.fc35
This package supports the Go runtime on App Engine standard. It provides APIs for interacting with App Engine services...
Fedora: Security Advisory for golang-google-appengine (FEDORA-2022-fae3ecee19)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 36 Update: golang-google-appengine-1.6.7-5.fc36
This package supports the Go runtime on App Engine standard. It provides APIs for interacting with App Engine services...
Path Traversal in WellKnownServlet
Description The WellKnownServlet is vulnerable to path traversal. This allows reading local files. For example the files in WEB-INF that contain secrets and API keys can be read. https://github.com/jgraph/drawio/blob/v18.0.4/src/main/java/com/mxgraph/online/WellKnownServlet.javaL40-L66 java Strin...
Path Traversal
io.spinnaker.clouddriver:clouddriver-appengine is vulnerable to path traversal. The utility to extract files locally for deployment does not validate the paths, allowing a local attacker to override files on a particular container resulting in path traversal vulnerability. Man in the middle attac...
CVE-2021-39143
Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TAR files by AppEngine for deployments. This uses a utility to extract files locally for deployment without validating the paths in that deployment don't override system...
CVE-2021-39143
Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TAR files by AppEngine for deployments. This uses a utility to extract files locally for deployment without validating the paths in that deployment don't override system...
Path traversal
Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TAR files by AppEngine for deployments. This uses a utility to extract files locally for deployment without validating the paths in that deployment don't override system...
CVE-2021-39143
Spinnaker path traversal (CVE-2021-39143) arises from TAR extraction in AppEngine deployments, where files are deployed without validating paths, allowing a container to overwrite system files and potentially enable MITM via library wrapper/file injection. Affected component: io.spinnaker.clouddr...