224 matches found
Improper Input Validation
Overview spatie/browsershot is a library for converting a webpage to an image or pdf using headless Chrome. Affected versions of this package are vulnerable to Improper Input Validation due to improper URL validation in the setUrl method. An attacker can exploit this vulnerability by using leadin...
PT-2024-34647
Name of the Vulnerable Software and Affected Versions changedetection.io versions prior to 0.47.5 Description The issue allows retrieval of local system files when a WebDriver is used to fetch files, by utilizing source:file:///etc/passwd, which bypasses the block on traditional file:///etc/passw...
Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-15030059153 fixes several issues. The following security issues were fixed: CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. CVE-2023-52752: smb: client: fix use-after-free bug in cifsdebugdataprocshow bsc1225819. CVE-2024-35862:...
CLSA-2024-1725187614 kernel: Fix of 11 CVEs
drm/vmwgfx: Fix invalid reads in fence signaled events CVE-2024-36960 - afunix: Fix garbage collector racing against connect CVE-2024-26923 - ipv6: remove maxsize check inline with ipv4 CVE-2023-52340 - aoe: fix the potential use-after-free problem in aoecmdcfgpkts CVE-2023-6270 - smb: client:...
The vulnerability of the File Protocol Handler component in Cisco Webex Teams software allows attackers to disclose protected information.
The vulnerability of the File Protocol Handler component in Cisco Webex Meetings and Teams software lies in the lack of protection for sensitive data. Exploiting this vulnerability allows a malicious actor to disclose confidential information through a specially crafted link...
CVE-2024-20396
A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability exists because the affected application does not safely handle file protocol handlers. An attacker could exploit this vulnerabili...
CVE-2024-36527
puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the server...
PT-2024-27048 · Unknown · Puppeteer-Renderer
Name of the Vulnerable Software and Affected Versions: puppeteer-renderer versions 3.2.0 and earlier Description: The issue allows attackers to exploit the URL parameter using the file protocol to read sensitive information from the server. This is achieved through a Directory Traversal attack...
Puppeteer Security Vulnerabilities
Puppeteer is a web page renderer by the individual developer Yeongjin Lee. A security vulnerability exists in puppeteer-renderer v.3.2.0 and earlier versions that could allow an attacker to read sensitive information from the server using the URL parameter of the file protocol...
CVE-2024-36527
puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the server...
Netatalk Security Vulnerabilities
Netatalk is open source software that provides AFP file server functionality for Classic Mac OS and macOS on Unix-like OS. A security vulnerability exists in Netatalk version 3.2.0, which originates from a heap-based buffer overflow due to the setting of afpmapname FPMapName ibuflen to 0 in...
LoLLMs Security Vulnerabilities
LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs that stems from the installmodel function in lollmscore/lollms/binding.py that does not properly clean up the file protocol and other inputs, resulting...
CVE-2024-0440
Attacker, with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host files and other relatively stored files...
CVE-2024-0440
CVE-2024-0440 describes an SSRF-type flaw where an attacker with permission to submit a link or submit via POST a link using the file:// protocol can introspect host files and other relatively stored files. Affected exposure is described across multiple feeds; CVSS data vary by source (NVD: 3.1, ...
CVE-2024-0440 SSRF - file:// unsanitized access to underlying host files
Attacker, with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host files and other relatively stored files...
CVE-2024-0440 SSRF - file:// unsanitized access to underlying host files
Attacker, with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host files and other relatively stored files...
PT-2024-15564 · Git +2 · Anything-Llm +1
Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue allows an attacker, with permission to submit a link or submitting a link via POST to be collected that is using the file:// protocol, to introspect host files and other relative...
CVE-2023-5785
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/firewall/addaddressinterpret.php. The manipulation of the argument messagecontent leads to sql injection. The exploit has been...
SUSE CVE-2023-23597
A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefo...
git: exposure of sensitive information to a malicious actor
Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone where the source and target of the clone...