Lucene search
K

5 matches found

UbuntuCve
UbuntuCve
added 2023/07/25 4:15 a.m.93 views

CVE-2023-38745

Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF format. This allows an attacker to create or overwrite arbitrary files, depending on the privileges of...

6.3CVSS6.3AI score0.00247EPSS
Exploits0References5
CVE
CVE
added 2023/07/25 12:0 a.m.102 views

CVE-2023-38745

Pandoc-era vulnerability set affects Pandoc up to 3.1.6. CVE-2023-38745: before 3.1.6, an arbitrary file write is possible when processing crafted image elements with --extract-media or PDF output, depending on process privileges. Root cause ties to an incomplete/adjusted handling of paths and do...

6.3CVSS5.7AI score0.00247EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2023/07/25 12:0 a.m.38 views

CVE-2023-38745

Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF format. This allows an attacker to create or overwrite arbitrary files, depending on the privileges of...

6.3CVSS5.9AI score0.00247EPSS
Exploits0
Cvelist
Cvelist
added 2021/06/09 1:55 a.m.23 views

CVE-2021-28169

For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...

5.3CVSS6.4AI score0.7848EPSS
Exploits2References24
CNNVD
CNNVD
added 2021/06/09 12:0 a.m.4 views

Eclipse Jetty 安全漏洞

Eclipse Jetty is an open source, Java-based web server and Java Servlet container from the Eclipse Foundation. A security vulnerability exists in Eclipse Jetty that originates from accessing protected resources in the WEB-INF directory via a double-coded path request to a ConcatServlet. The...

5.3CVSS7.3AI score0.7848EPSS
Exploits2References54
Rows per page
Query Builder