Lucene search
K

558 matches found

RedHat Linux
RedHat Linux
added 2022/08/03 12:51 p.m.45 views

pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compilexclassmatchingpath function of the pcre2jitcompile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in...

9.1CVSS7.2AI score0.02993EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/07/19 9:7 p.m.2 views

nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite

A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain both a directory and a symlink with the same name, where the symlink and directory names in the archive entry used backslashes as a path separator, made it possible to bypass node-tar symlink checks on...

8.6CVSS7.4AI score0.03286EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/07/01 12:7 a.m.4 views

pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compilexclassmatchingpath function of the pcre2jitcompile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in...

9.1CVSS7.2AI score0.02993EPSS
Exploits0References4
Veracode
Veracode
added 2022/06/30 3:16 a.m.43 views

Authorization Bypass

shiro-core is vulnerable to authorization bypass. The vulnerability exists due to the case-insensitive regex pattern matching used in the matches function of RegExPatternMatcher.java, allowing an attacker to bypass the servlet container when RegExPatternMatcher with . in the regular expression...

9.8CVSS7.2AI score0.25431EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2022/06/28 7:58 a.m.5 views

nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite

A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain both a directory and a symlink with the same name, where the symlink and directory names in the archive entry used backslashes as a path separator, made it possible to bypass node-tar symlink checks on...

8.6CVSS7.4AI score0.03286EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/06/07 8:24 a.m.6 views

nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite

A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain both a directory and a symlink with the same name, where the symlink and directory names in the archive entry used backslashes as a path separator, made it possible to bypass node-tar symlink checks on...

8.6CVSS7.4AI score0.03286EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/06/06 9:29 a.m.3 views

nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite

A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain both a directory and a symlink with the same name, where the symlink and directory names in the archive entry used backslashes as a path separator, made it possible to bypass node-tar symlink checks on...

8.6CVSS7.4AI score0.03286EPSS
Exploits0References6
OSV
OSV
added 2022/05/16 9:15 p.m.1 views

UBUNTU-CVE-2022-1586

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compilexclassmatchingpath function of the pcre2jitcompile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in...

9.1CVSS6.8AI score0.02993EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/13 1:1 a.m.25 views

Exposure of Sensitive Information to an Unauthorized Actor in Jenkins

An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitiv...

5.3CVSS5.3AI score0.0197EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/05/13 1:1 a.m.2 views

GHSA-X6JW-2F23-MC5J Exposure of Sensitive Information to an Unauthorized Actor in Jenkins

An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitiv...

5.3CVSS7.2AI score0.0197EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/04/13 2:31 p.m.9 views

curl: Bad connection reuse due to flawed path name checks

A flaw was found in libcurl in the way libcurl handles previously used connections without accounting for 'issuer cert' and comparing the involved paths case-insensitively. This flaw allows libcurl to use the wrong connection. The highest threat from this vulnerability is to confidentiality...

4.3CVSS7.1AI score0.0627EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/02/16 12:0 a.m.3 views

PT-2022-13299 · Uri.Js · Uri.Js

Name of the Vulnerable Software and Affected Versions: urijs versions prior to 1.19.8 Description: The issue allows an attacker to bypass authorization through a user-controlled key. Specifically, it is possible to use case-insensitive protocol schemes, such as HTTP, htTP, HTtp, etc., to bypass...

6.5CVSS5.5AI score0.0158EPSS
Exploits1References13
RedHat Linux
RedHat Linux
added 2022/02/01 9:18 p.m.4 views

nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite

A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain both a directory and a symlink with the same name, where the symlink and directory names in the archive entry used backslashes as a path separator, made it possible to bypass node-tar symlink checks on...

8.6CVSS7.4AI score0.03286EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/01/25 9:28 a.m.0 views

nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite

A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain both a directory and a symlink with the same name, where the symlink and directory names in the archive entry used backslashes as a path separator, made it possible to bypass node-tar symlink checks on...

8.6CVSS7.4AI score0.03286EPSS
Exploits0References6
Kitploit
Kitploit
added 2021/09/10 8:30 p.m.36 views

WWWGrep - OWASP Foundation Web Respository

WWWGrep is a rapid search “grepping” mechanism that examines HTML elements by type and permits focused single, multiple file based URLs and recursive with respect to root domain or not searches to be performed. Header names and values may also be recursively searched in this manner. WWWGrep was...

7.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/09/09 12:0 a.m.45 views

Amazon Linux AMI : curl (ALAS-2021-1525)

The version of curl installed on the remote host is prior to 7.61.1-12.99. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1525 advisory. A flaw was found in libcurl in the way libcurl handles previously used connections without accounting for 'issuer cert' and...

4.3CVSS6.2AI score0.0627EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2021/09/01 7:1 p.m.37 views

CVE-2021-39134

A flaw was found in nodejs-arborist. On case-insensitive file systems such as macOS and Windows, Arborist’s internal data structure did not see multiple dependencies as separate items that could coexist within the same level in the nodemodules hierarchy when they differ only in the case of their...

8.2CVSS1.9AI score0.00576EPSS
Exploits0References4
OSV
OSV
added 2021/08/31 5:15 p.m.4 views

ALPINE-CVE-2021-39134

@npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder...

7.8CVSS7AI score0.00576EPSS
Exploits0References1
OSV
OSV
added 2021/08/31 5:15 p.m.3 views

DEBIAN-CVE-2021-39134

@npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder...

7.8CVSS7.4AI score0.00576EPSS
Exploits0References1
OSV
OSV
added 2021/08/31 5:15 p.m.1 views

DEBIAN-CVE-2021-37701

The npm package "tar" aka node-tar before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieve...

8.6CVSS8AI score0.03286EPSS
Exploits0References1
Rows per page
Query Builder