GHSA-GCMJ-C9GG-9VH6 @joplin/onenote-converter: Path traversal in OneNote importer allows overwriting arbitrary files

Summary A path traversal vulnerability in the OneNote importer allows overwriting arbitrary files on disk. Details The OneNote converter does not sanitize the names of embedded files before writing them to disk. As a result, it's possible for an attacker to create a malicious .one file that...

@joplin/onenote-converter: Path traversal in OneNote importer allows overwriting arbitrary files

Summary A path traversal vulnerability in the OneNote importer allows overwriting arbitrary files on disk. Details The OneNote converter does not sanitize the names of embedded files before writing them to disk. As a result, it's possible for an attacker to create a malicious .one file that...

PT-2026-41386

Name of the Vulnerable Software and Affected Versions Joplin versions prior to 3.5.7 Description A path traversal issue exists in the OneNote importer. The OneNote converter fails to sanitize the names of embedded files before writing them to disk. An attacker can create a malicious .one file...

Cross-site Scripting (XSS)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS via the HTML rendering view. An attacker can execute arbitrary HTML or JavaScript in the user's context by injecting malicious scripts into embedded file in the chat that later shared...

Astra Linux - уязвимость в poppler

A issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, which can lead to a denial of service. This issue is evident in utils/pdfdetach.cc, where it does not validate the filename of an embedded file before constructing a save path...

Astra Linux - уязвимость в poppler-22, poppler

A issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h; this could lead to a denial of service. This issue arises because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file...

Astra Linux - уязвимость в poppler

An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file...

dhtmlx FileExplorer 安全漏洞

dhtmlx FileExplorer is a JavaScript file system developed by the dhtmlx company. There is a security vulnerability in dhtmlx FileExplorer, which stems from an authentication bypass in the embedded SwiFTP FTP server component. This vulnerability allows network attackers to log in and perform file...

EUVD-2018-10773

Malware in sbrugna...

EUVD-2014-9746

Malware in sbrugna...

SUSE CVE-2023-2664

In Xpdf 4.04 and earlier, a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow...

GO-2024-3293 Full access to the host's OS file system using osfs.FS with Router.Static in goyave.dev/goyave/v5

Static file serving using router.Static and osfs.FS allows clients to access any file on the host file system using relative paths because the requested path is not sanitized and . and .. segments are accepted. The files will be returned as a response, provided the system user running the Go...

Oracle Linux 8 : poppler (ELSA-2024-2979)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2979 advisory. - Fix crash when Object has negative number CVE-2018-13988 - Fix infinite recursion CVE-2017-18267 - Resolves: rhbz1494583 CVE-2017-14520 - Resolves: rhbz145906...

diffoscope security vulnerability

diffoscope is diffoscope open source a tool for checking the similarities and differences of files or directories. A security vulnerability exists in versions prior to diffoscope 256 that stems from allowing directory traversal via file names embedded in GPG files...

Debian dla-3620 : gir1.2-poppler-0.18 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3620 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3620-1 [email protected]...

Denial Of Service (DoS)

libpoppler is vulnerable to Denial of Service DoS. The vulnerability is due to the PDFDoc::replacePageDict inPDFDoc.cc, which allows an attacker to cause an application crash by saving an embedded file...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : poppler (SUSE-SU-2023:3947-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3947-1 advisory. - In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a...

OESA-2023-1613 poppler security update

Poppler is a free software utility library for rendering Portable Document Format PDF documents. \ Its development is supported by freedesktop.org. It is commonly used on Linux systems,and is used by \ the PDF viewers of the open source GNOME and KDE desktop environments. Security Fixes:...

OESA-2023-1611 poppler security update

Poppler is a free software utility library for rendering Portable Document Format PDF documents. \ Its development is supported by freedesktop.org. It is commonly used on Linux systems,and is used by \ the PDF viewers of the open source GNOME and KDE desktop environments. Security Fixes:...

OESA-2023-1612 poppler security update

Poppler is a free software utility library for rendering Portable Document Format PDF documents. \ Its development is supported by freedesktop.org. It is commonly used on Linux systems,and is used by \ the PDF viewers of the open source GNOME and KDE desktop environments. Security Fixes:...