Lucene search
K

19 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 5:42 p.m.8 views

CVE-2020-5301

SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in SimpleSAML\Module that processes requests for pages hosted by modules, has code to identify paths ending with .php and process those as PHP code. If no other suitable way of handling the...

3.5CVSS6.7AI score0.00922EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2021-39134

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - @npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarante...

8.2CVSS7.3AI score0.00576EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/27 3:6 p.m.15 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a TOCTOU Race Condition vulnerability in Apache Tomcat [CVE-2024-56337]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat, caused by JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. CVE-2024-56337. Apache Tomcat is used by our...

9.8CVSS9.8AI score0.08856EPSS
Exploits13Affected Software1
GithubExploit
GithubExploit
added 2024/12/18 7:53 p.m.788 views

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Apache Tomcat

CVE-2024-50379 Exploitation and POC This repository contains...

9.8CVSS9.5AI score0.43663EPSS
Exploits13
Github Security Blog
Github Security Blog
added 2024/12/17 3:31 p.m.43 views

Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability

Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from...

9.8CVSS8.9AI score0.43663EPSS
Exploits13References16Affected Software2
NVD
NVD
added 2024/12/17 1:15 p.m.50 views

CVE-2024-50379

Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from...

9.8CVSS0.43663EPSS
Exploits13References5
Vulnrichment
Vulnrichment
added 2024/12/17 12:34 p.m.48 views

CVE-2024-50379 Apache Tomcat: RCE due to TOCTOU issue in JSP compilation

Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from...

9AI score0.43663EPSS
Exploits13References1
Tenable Nessus
Tenable Nessus
added 2024/12/17 12:0 a.m.38 views

Apache Tomcat 10.1.0.M1 < 10.1.34 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 10.1.34. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.1.34security-10 advisory. - Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomc...

9.8CVSS7AI score0.43663EPSS
Exploits13References13
CVE
CVE
added 2024/01/19 7:43 p.m.353 views

CVE-2024-23331

CVE-2024-23331 (Vite) : The Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems by using case-augmented filenames. The issue occurs because picomatch defaults to case-sensitive glob matching, while the file server does not, enabling a blacklist bypass and potent...

7.5CVSS7.3AI score0.00791EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2023/03/02 2:46 a.m.20 views

OS Command Injection

github.com/gogs/gogs is vulnerable to OS Command Injection. The vulnerability exists because the isRepositoryGitPath function of repoeditor.go does not properly check the git path on case-insensitive file systems, which allows an attacker to upload malicious file configs into the system...

9.8CVSS9AI score0.97839EPSS
Exploits1References6Affected Software1
RedhatCVE
RedhatCVE
added 2021/09/01 7:1 p.m.37 views

CVE-2021-39134

A flaw was found in nodejs-arborist. On case-insensitive file systems such as macOS and Windows, Arborist’s internal data structure did not see multiple dependencies as separate items that could coexist within the same level in the nodemodules hierarchy when they differ only in the case of their...

8.2CVSS1.9AI score0.00576EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2021/08/31 4:5 p.m.40 views

Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links

Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in...

8.6CVSS7.3AI score0.03286EPSS
Exploits0References8Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/05/03 12:0 a.m.38 views

GLSA-202104-01 : Git: User-assisted execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-202104-01 Git: User-assisted execution of arbitrary code It was discovered that Git could be fooled into running remote code during a clone on case-insensitive file systems with support for symbolic links, if Git is configured...

8CVSS8.4AI score0.88644EPSS
Exploits5References2
OSV
OSV
added 2021/03/14 9:20 p.m.9 views

MGASA-2021-0137 Updated git packages fix a security vulnerability

On case-insensitive file systems with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters such as Git LFS, Git could be fooled into running remote code during a clone CVE-2021-21300...

8CVSS8AI score0.88644EPSS
Exploits5References3
Github Security Blog
Github Security Blog
added 2018/07/18 6:33 p.m.19 views

Information Exposure on Case Insensitive File Systems in serve

Versions of serve before 7.0.0 are vulnerable to information exposure, bypassing the ignore security control, but only on case insensitive file systems. Recommendation Update to version 7.0.0 or later...

5.3CVSS2.9AI score0.01048EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2018/07/18 6:33 p.m.18 views

GHSA-686G-3XR3-X4X6 Information Exposure on Case Insensitive File Systems in serve

Versions of serve before 7.0.0 are vulnerable to information exposure, bypassing the ignore security control, but only on case insensitive file systems. Recommendation Update to version 7.0.0 or later...

5.3CVSS5.1AI score0.01048EPSS
Exploits1References4
Node.js
Node.js
added 2018/06/01 10:41 p.m.658 views

Information Exposure on Case Insensitive File Systems

Overview Versions of serve before 7.0.0 are vulnerable to information exposure, bypassing the ignore security control, but only on case insensitive file systems. Recommendation Update to version 7.0.0 or later. References - HackerOne Report - GitHub Advisory...

5CVSS2.6AI score0.01048EPSS
Exploits1Affected Software1
Prion
Prion
added 2014/10/10 1:55 a.m.18 views

Unrestricted file upload

FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks by uploading a file with an executable extension that contains uppercase letters, as demonstrated...

5CVSS7.2AI score0.03002EPSS
Exploits2References6Affected Software1
Debian CVE
Debian CVE
added 2006/08/14 8:0 p.m.41 views

CVE-2006-4110

Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase or alternate case characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems...

4.3CVSS6.5AI score0.37365EPSS
Exploits1
Rows per page
Query Builder