4 matches found
EUVD-2023-2746
Malicious code in bioql PyPI...
The vulnerability of the GLPI-Agent, a system agent for requests, incidents, and inventory management of computer equipment, arises due to insufficient validation of input data. This vulnerability allows attackers to trigger service failures or increase their privileges.
The vulnerability of the GLPI-Agent, a system agent for requests, incidents, and computer equipment inventory, exists due to insufficient validation of input data. Exploiting this vulnerability can allow attackers to cause service failures or increase their privileges by configuring the server wi...
Code injection
sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, IO.unzip allows writing of arbitrary file. This would have potential to overwrite /root/.ssh/authorizedkeys. Within sbt's main code, IO.unzip is used in pullRemoteCache task and Resolvers.remote; however...
CVE-2023-46122 Arbitrary file write via archive extraction (Zip Slip) vulnerability in sbt
sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, IO.unzip allows writing of arbitrary file. This would have potential to overwrite /root/.ssh/authorizedkeys. Within sbt's main code, IO.unzip is used in pullRemoteCache task and Resolvers.remote; however...