11 matches found
CVE-2026-7791
Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin authenticated user to place arbitrary files into arbitrary locations bypassing file system permission protections, leadi...
CVE-2026-4215
A security flaw has been discovered in FlowCI flow-core-x up to 1.23.01. The impacted element is the function Save of the file core/src/main/java/com/flowci/core/config/service/ConfigServiceImpl.java of the component SMTP Host Handler. The manipulation results in server-side request forgery. The...
EUVD-2022-3800
Malicious code in bioql PyPI...
Apache Karaf vulnerable to relative path traversal
Apache Karaf Config service provides a install method via service or MBean that could be used to travel in any directory and overwrite existing file. The vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf version before 4.2.5 is impacted. Use...
GHSA-FJW4-39PG-VF4F Apache Karaf vulnerable to relative path traversal
Apache Karaf Config service provides a install method via service or MBean that could be used to travel in any directory and overwrite existing file. The vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf version before 4.2.5 is impacted. Use...
CVE-2019-0226
Apache Karaf Config service provides a install method via service or MBean that could be used to travel in any directory and overwrite existing file. The vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf version before 4.2.5 is impacted. Use...
Design/Logic Flaw
Apache Karaf Config service provides a install method via service or MBean that could be used to travel in any directory and overwrite existing file. The vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf version before 4.2.5 is impacted. Use...
CVE-2019-0226
Apache Karaf Config service provides a install method via service or MBean that could be used to travel in any directory and overwrite existing file. The vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf version before 4.2.5 is impacted. Use...
CVE-2019-0226
Apache Karaf Config service provides a install method via service or MBean that could be used to travel in any directory and overwrite existing file. The vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf version before 4.2.5 is impacted. Use...
CVE-2019-0226
CVE-2019-0226 affects Apache Karaf Config service. A relative path traversal via the install method (via service or MBean) could be used to traverse directories and overwrite files. Any Karaf version before 4.2.5 is affected; impact depends on the filesystem permissions of the Karaf process user....
Directory Traversal
Apache Karaf is vulnerable to directory traversal. The vulnerability exists as it does not prevent the use of relative path in the installation of the config service or MBean, allowing an attacker to overwrite existing files...