Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2026/05/15 4:27 p.m.10 views

@joplin/onenote-converter: Path traversal in OneNote importer allows overwriting arbitrary files

Summary A path traversal vulnerability in the OneNote importer allows overwriting arbitrary files on disk. Details The OneNote converter does not sanitize the names of embedded files before writing them to disk. As a result, it's possible for an attacker to create a malicious .one file that...

8.2CVSS6.2AI score0.00206EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/05/15 4:27 p.m.6 views

GHSA-GCMJ-C9GG-9VH6 @joplin/onenote-converter: Path traversal in OneNote importer allows overwriting arbitrary files

Summary A path traversal vulnerability in the OneNote importer allows overwriting arbitrary files on disk. Details The OneNote converter does not sanitize the names of embedded files before writing them to disk. As a result, it's possible for an attacker to create a malicious .one file that...

8.2CVSS6.2AI score0.00206EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.16 views

PT-2026-41386

Name of the Vulnerable Software and Affected Versions Joplin versions prior to 3.5.7 Description A path traversal issue exists in the OneNote importer. The OneNote converter fails to sanitize the names of embedded files before writing them to disk. An attacker can create a malicious .one file...

8.2CVSS6.3AI score0.00206EPSS
Exploits0References10
CNNVD
CNNVD
added 2024/02/27 12:0 a.m.4 views

diffoscope security vulnerability

diffoscope is diffoscope open source a tool for checking the similarities and differences of files or directories. A security vulnerability exists in versions prior to diffoscope 256 that stems from allowing directory traversal via file names embedded in GPG files...

7.5CVSS6.8AI score0.00979EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:22 a.m.4 views

SUSE CVE-2018-19060

An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path...

3.3CVSS9.4AI score0.01946EPSS
Exploits1References7
Rows per page
Query Builder