Lucene search
K

11 matches found

RedHat Linux
RedHat Linux
added 2025/08/12 12:47 a.m.11 views

setuptools: Path Traversal Vulnerability in setuptools PackageIndex

A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...

8.8CVSS7.2AI score0.01479EPSS
Exploits4References8
RedHat Linux
RedHat Linux
added 2025/07/28 10:19 a.m.7 views

setuptools: Path Traversal Vulnerability in setuptools PackageIndex

A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...

8.8CVSS7.2AI score0.01479EPSS
Exploits4References8
NVD
NVD
added 2023/09/12 9:15 p.m.32 views

CVE-2023-4904

Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. Chromium security severity: Medium...

4.3CVSS5.2AI score0.00616EPSS
Exploits0References7
OSV
OSV
added 2023/09/12 9:15 p.m.28 views

CVE-2023-4904

Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. Chromium security severity: Medium...

4.3CVSS5.4AI score
Exploits0References7
Prion
Prion
added 2023/09/12 9:15 p.m.23 views

Design/Logic Flaw

Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. Chromium security severity: Medium...

4.3CVSS5AI score0.00616EPSS
Exploits0References7Affected Software3
UbuntuCve
UbuntuCve
added 2023/09/12 9:15 p.m.27 views

CVE-2023-4904

Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. Chromium security severity: Medium...

4.3CVSS5.9AI score0.00616EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/09/12 8:47 p.m.20 views

CVE-2023-4904

Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. Chromium security severity: Medium...

5.6AI score0.00616EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2023/09/12 8:47 p.m.24 views

CVE-2023-4904

Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. Chromium security severity: Medium...

4.3CVSS4.4AI score0.00616EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/09/12 12:0 a.m.10 views

PT-2023-5487 · Google +2 · Google Chrome +2

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 117.0.5938.62 Description: The issue is related to insufficient policy enforcement in the Downloads component of Google Chrome, allowing a remote attacker to bypass Enterprise policy restrictions. This can be...

9.8CVSS6.7AI score0.99735EPSS
Exploits133References1113
Prion
Prion
added 2023/07/31 3:15 p.m.99 views

Cross site scripting

An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting XSS vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the...

5.8CVSS5.8AI score0.00533EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2017/12/07 12:0 a.m.6 views

The vulnerability of the software for automating the deployment of IBM UrbanCode Deploy (UCD) applications, related to lack of access control, allows a perpetrator to execute arbitrary code.

The vulnerability of the software for automating the deployment of IBM UrbanCode Deploy UCD applications is related to lack of access control. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary code on machines equipped with the UCD agent where client...

10CVSS8.3AI score0.02824EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder