15 matches found
USN-8199-1 glance vulnerabilities
Martin Kaesberger discovered that OpenStack Glance's image processing could return the contents of arbitrary files. An attacker could possibly use this issue to exfiltrate sensitive data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2024-32498 Hyeongeun Ji and Abhishek Keka...
EUVD-2023-0150
Malicious code in bioql PyPI...
CVE-2025-55746 Directus allows unauthenticated file upload and file modification due to lacking input sanitization
Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file update mechanism which allows an unauthenticated actor to modify existing files with arbitrary contents without changes being applied to the files'...
Linux Distros Unpatched Vulnerability : CVE-2022-47950
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the...
Vite 信息泄露漏洞
Vite is a new front-end builder tool open-sourced by Vite. An information disclosure vulnerability exists in Vite, which stems from the fact that the contents of an arbitrary file may be returned to the browser. The following versions are affected: versions prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18,...
Logpoint 安全漏洞
Logpoint is a network security application from the Danish company Logpoint. A security vulnerability exists in Logpoint versions prior to 7.4.0 that stems from the ability to view the contents of a specified file in incoming logs when an arbitrary file path is used in the file system collector...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Imagemagick
cve-2022-44268-detector - detect malicious PNGs cve-2022-4426...
CVE-2022-38170 Overly permissive umask for daemons
In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the --daemon flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via th...
Security Updates for Microsoft Visual Studio Products (January 2019)
The Microsoft Visual Studio Products are missing a security update. It is, therefore, affected by the following vulnerability : - An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a malicious .vscontent file. An...
Microsoft Internet Explorer Information Leakage Vulnerability (CNVD-2016-03017)
Microsoft Internet Explorer IE is a Web browser developed by the American company Microsoft and is the default browser that comes with the Windows operating system. An information leakage vulnerability exists in Microsoft IE versions 10 and 11, which stems from the program not properly handling...
Advantech WebAccess Dashboard Viewer openWidget Directory Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose arbitrary file contents on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebAccess Dashboard Viewer. Insufficient validation within the...
Novell ZENworks Configuration Management FileViewer Information Disclosure (CVE-2015-0783)
An information disclosure vulnerability exists in Novell ZENworks Configuration Management. The vulnerability is due to lack of sanitization on the filename parameter within the FileViewer class. By sending crafted requests to the target server, a remote attacker can leverage this vulnerability t...
CVE-2002-2312
Opera 6.0.1 allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript 1 event.ctrlKey or 2 event.shiftKey onkeydown event contained in a webpage...
Verity Ultraseek Request Proxying Vulnerability
This vulnerability allows remote attackers to proxy web attacks and scan internal hosts through vulnerable installations of Verity Ultraseek. Authentication is not required to exploit this vulnerability. The specific flaw exists within the highlight script used to highlight search terms on spider...
Security update for the information disclosure vulnerability in Visual Studio 2012 Update 5 (KB4476755)
An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a malicious .vscontent file...