23 matches found
USN-8199-1: OpenStack Glance vulnerabilities
Martin Kaesberger discovered that OpenStack Glance's image processing could return the contents of arbitrary files. An attacker could possibly use this issue to exfiltrate sensitive data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2024-32498 Hyeongeun Ji and Abhishek Keka...
EUVD-2025-33798
Flowise is vulnerable to arbitrary file exposure through its ReadFileTool...
CVE-2021-37126
Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause the directory is traversed...
SUSE CVE-2025-32395
Vite is a frontend tooling framework for javascript. Prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13, the contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. HTTP 1.1 spec RFC 9112 does not allow in request-target. Although an attacker can sen...
GHSA-356W-63V5-8WF4 Vite has an `server.fs.deny` bypass with an invalid `request-target`
Summary The contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. Impact Only apps with the following conditions are affected. - explicitly exposing the Vite dev server to the network using --host or server.host config option - running the Vite de...
Arbitrary File Exposure
@vitest/browser is vulnerable to Arbitrary File Exposure. The vulnerability is due to the screenshot-error handler on the browser mode HTTP server improperly responding with any file on the file system when browser.api.host: true is set, allowing remote attackers to access arbitrary files...
USN-6882-2 cinder regression
USN-6882-1 fixed vulnerabilities in Cinder. The update caused a regression in certain environments due to incorrect privilege handling. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Martin Kaesberger discovered that Cinder incorrectly handled QCOW2...
Local File Inclusion (LFI)
vite is vulnerable to arbitrary file exposure. The vulnerability is due to improper enforcement of file access restrictions in the @fs mechanism, allowing attackers to bypass the allow list by adding ?import to the URL and retrieving the contents of arbitrary files...
GHSA-9CWX-2883-4WFX Vite's `server.fs.deny` is bypassed when using `?import&raw`
Summary The contents of arbitrary files can be returned to the browser. Details @fs denies access to files outside of Vite serving allow list. Adding ?import&raw to the URL bypasses this limitation and returns the file content if it exists. PoC sh $ npm create vite@latest $ cd vite-project/ $ npm...
IBM Security Directory Server Path Traversal Vulnerability
IBM Security Directory Server is a suite of enterprise identity management software from International Business Machines IBM that uses the Lightweight Directory Access Protocol LDAP. The software provides a trusted identity data infrastructure for authentication. A security vulnerability exists i...
Vulnerability fixed in IBM License Metric Tool
A vulnerability has been fixed in IBM License Metric Tool A malicious party can send a specially crafted URL request with "dot dot" strings /../ to send arbitrary files on the system. IBM has released updates to fix the vulnerability. More information can be found on the page below:...
Race condition
In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the --daemon flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via th...
CVE-2021-37126
Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause the directory is traversed...
CVE-2021-37126
Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause the directory is traversed...
CVE-2021-37125
Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause confidentiality is affected...
Design/Logic Flaw
Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause the directory is traversed...
Design/Logic Flaw
Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause confidentiality is affected...
CVE-2021-37125
Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause confidentiality is affected...
DEBIAN-CVE-2019-5418
There is a File Content Disclosure vulnerability in Action View 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed...
UBUNTU-CVE-2019-5418
There is a File Content Disclosure vulnerability in Action View 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed...