SUSE CVE-2016-7162

The gfileremovedirectory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive...

SUSE CVE-2017-3290

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Shared Folder. Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure wher...

SUSE CVE-2017-3538

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Shared Folder. Supported versions that are affected are Prior to 5.0.34 and Prior to 5.1.16. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle V...

SUSE CVE-2017-3587

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Shared Folder. Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle V...

SUSE CVE-2017-5081

Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files...

SUSE CVE-2017-7471

Quick Emulator Qemu built with the VirtFS, host directory sharing via Plan 9 File System 9pfs support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system...

SUSE CVE-2017-9606

Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks...

SUSE CVE-2017-12061

An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject arbitrary JavaScript code, as demonstrated by...

SUSE CVE-2017-12447

GdkPixBuf aka gdk-pixbuf, possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service stack corruption or possibly have unspecified other impact via a crafted file folder...

SUSE CVE-2017-1000104

The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords. Users with only Overall/Read access to Jenkins were able to access URLs directly that allowed viewing these files. Access to view these files now requires sufficient...

SUSE CVE-2019-0976

A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify contents of the intermediate build folder by default "obj", aka 'NuGet Package Manager Tampering Vulnerability'...

SUSE CVE-2019-15752

Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restar...

SUSE CVE-2019-16541

Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct folder scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope...

SUSE CVE-2019-19783

An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed 3.x or certain non-default sieve options are enabled 2.x, a user with a mail account on the service can use a sieve script containing a fileinto directive to...

SUSE CVE-2020-16094

In imapscantreerecursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree...

SUSE CVE-2021-23772

This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder...

SUSE CVE-2021-32766

Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud Text application returned different error messages depending on whether a folder existed in a public link share. This is problematic in case the public link sha...

Dell Command Configure Elevation of Privilege Vulnerability

Dell Command Configure is a Dell application that provides configuration capabilities for business client platforms. Dell Command Configure version 4.8 and prior versions contain an elevation of privilege vulnerability that stems from incorrect folder permissions, which could be exploited to modi...

PT-2023-5951 · Git · Git For Windows

Name of the Vulnerable Software and Affected Versions: Git for Windows versions prior to 2.39.2 Description: The issue is related to the Windows port of the revision control system Git. By carefully crafting a DLL and placing it into a subdirectory of a specific name next to the Git for Windows...

CVE-2022-45454

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Agent Windows before build 30161, Acronis Cyber Protect 15 Windows before build 30984...