12 matches found
PT-2026-41862
The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...
EUVD-2025-209090
Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended files on the system to be indexed and subsequently ending up in FTS indexes. Do not use the provided...
ALPINE-CVE-2025-59031
Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended files on the system to be indexed and subsequently ending up in FTS indexes. Do not use the provided...
golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...
golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...
EUVD-2025-206432
archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents
Summary Multiple vulnerabilities in OpenSSL affect the IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents. These vulnerabilities include execution of arbitrary commands, weaker than expected security, and denial of service. Vulnerability Details CVEID:CVE-2022-1292 DESCRIPTION:...
Security Bulletin: Vulnerabilities in libcurl affect IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents
Summary Multiple vulnerabilities in libcurl affect the IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents. These vulnerabilities include obtaining sensitive information, man-in-the-middle attacks, denial of service, and bypassing of security restrictions. Vulnerability Details...
IPED - Digital Forensic Tool - Process And Analyze Digital Evidence, Often Seized At Crime Scenes By Law Enforcement Or In A Corporate Investigation By Private Examiners
IPED is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners. Introduction IPED - Digital Evidence Processor and Indexer translated from Portuguese is a tool implement...
SUSE: Security Advisory (SUSE-SU-2016:3296-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Legal Robot: AWS hosting bucket for Legal Robots set as public browse and list contents: s3://legalrobot
Good day, I hope it treats you kindly : Legal Robot looks to use AWS hosting for your website. Description of issue: ===================== The Amazon Bucket s3://legalrobot has been configured to allow Public users access to browse all files on the server. This is a risk as described as it allows...
Multiple Hyper Estraier vulnerabilities
DoS on indexing files with special Unicode characters in the names. Files from non-searchable directories are indexed...