Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2026/06/03 9:15 p.m.13 views

Docling: Unsafe URI and Path Handling in HTML Backend

Impact The HTML backend did not perform sufficient validation during resource handling: - Accepted file:// URIs enabling local file system access when enablelocalfetch=True - Path resolution allowed traversal outside intended directories via ../ sequences and absolute paths - Did not block intern...

7.1CVSS5.8AI score0.00217EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/05/29 3:15 a.m.3 views

CVE-2023-24603

OX App Suite before backend 7.10.6-rev37 does not check size limits when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of data...

6.5CVSS5.9AI score0.00759EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/09/23 12:50 p.m.22 views

CVE-2022-2347 Unchecked Download size in Uboot

There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download...

7.7CVSS7.6AI score0.00586EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/09/23 12:0 a.m.5 views

DENX Software Engineering Das U-Boot 缓冲区错误漏洞

DENX Software Engineering Das U-Boot is a Universal Bootloader from DENX Software Engineering, Germany. A security vulnerability exists in DENX Software Engineering Das U-Boot that originates from an unchecked download size and direction in the USB DFU, which can be exploited by an attacker to...

7.7CVSS7.6AI score0.00586EPSS
Exploits1References4
Rows per page
Query Builder