Lucene search
K

42 matches found

OSV
OSV
added 2024/04/12 11:7 a.m.7 views

OESA-2024-1398 rubygem-tzinfo security update

TZInfo provides daylight savings aware transformations between times in different time zones. Security Fixes: TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when use...

8.1CVSS7.2AI score0.01786EPSS
Exploits1References2
OSV
OSV
added 2024/04/12 11:7 a.m.5 views

OESA-2024-1399 rubygem-tzinfo security update

TZInfo provides daylight savings aware transformations between times in different time zones. Security Fixes: TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when use...

8.1CVSS7.2AI score0.01786EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:14 a.m.4 views

SUSE CVE-2006-4111

Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOADPATH variable, a different vulnerability than CVE-2006-4112...

7.5CVSS7.7AI score0.02214EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:25 a.m.5 views

SUSE CVE-2022-31163

TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source,...

7.5CVSS6.8AI score0.01786EPSS
Exploits1References5
NVD
NVD
added 2022/07/22 4:15 a.m.19 views

CVE-2022-31163

TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source,...

8.1CVSS0.01786EPSS
Exploits1References7
OSV
OSV
added 2022/07/22 4:15 a.m.2 views

DEBIAN-CVE-2022-31163

TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source,...

8.1CVSS6.8AI score0.01786EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2022/07/22 4:15 a.m.41 views

CVE-2022-31163

TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source,...

8.1CVSS6.8AI score0.01786EPSS
Exploits1References5
Prion
Prion
added 2022/07/22 4:15 a.m.20 views

Path traversal

TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source,...

5.1CVSS7.9AI score0.01786EPSS
Exploits1References6Affected Software2
Debian CVE
Debian CVE
added 2022/07/21 1:30 p.m.38 views

CVE-2022-31163

TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source,...

8.1CVSS6.7AI score0.01786EPSS
Exploits1
OSV
OSV
added 2021/03/25 4:15 p.m.6 views

CVE-2020-6787

Loading a DLL through an Uncontrolled Search Path Element in the Bosch Video Client installer up to and including version 1.7.6.079 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same...

7.8CVSS7.4AI score0.00347EPSS
Exploits0References1
OSV
OSV
added 2020/06/16 10:15 p.m.2 views

UBUNTU-CVE-2020-14212

FFmpeg through 4.3 has a heap-based buffer overflow in aviogetstr in libavformat/aviobuf.c because dnnbackendnative.c calls ffdnnloadmodelnative and a certain index check is omitted...

8.8CVSS7.5AI score0.01655EPSS
Exploits0References4
CNVD
CNVD
added 2017/01/17 12:0 a.m.6 views

Scada-os Configuration Software dll Hijacking Vulnerability

Scada-os is a SCADA system developed by several SCADA configuration software engineers. The TsStudio.exe component of the Scada-os configuration software is not safe to load library files, so an attacker can construct a malicious application and place it in a specific path, which will allow the...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2015/11/19 6:23 a.m.7 views

autofs: priv escalation via interpreter load path for program based automount maps

It was found that program-based automounter maps that used interpreted languages such as Python would use standard environment variables to locate and load modules of those languages. A local attacker could potentially use this flaw to escalate their privileges on the system...

4.4CVSS5.8AI score0.00335EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2015/06/10 12:0 a.m.15 views

SUSE SLED12 / SLES12 Security Update : autofs (SUSE-SU-2015:1020-1)

autofs was updated to fix one security issue. This security issue was fixed : - CVE-2014-8169: Prevent potential privilege escalation via interpreter load path for program-based automount maps bnc917977. The update package also includes non-security fixes. See advisory for details. Note that...

4.4CVSS5.3AI score0.00335EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2015/03/12 12:0 a.m.22 views

openSUSE Security Update : autofs (openSUSE-2015-220)

The automount service autofs was updated to prevent a potential privilege escalation via interpreter load path for program-based automount maps. bsc917977 CVE-2014-8169 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

4.4CVSS5.3AI score0.00335EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2012/02/11 12:0 a.m.25 views

Debian Security Advisory DSA 2324-1 (wireshark)

The remote host is missing an update to wireshark announced via advisory DSA 2324-1. OpenVAS Vulnerability Test $Id: deb23241.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2324-1 wireshark Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

9.3CVSS0.3AI score0.35528EPSS
Exploits9
OpenVAS
OpenVAS
added 2012/02/11 12:0 a.m.33 views

Debian: Security Advisory (DSA-2324-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS6.5AI score0.35528EPSS
Exploits9References3
Tenable Nessus
Tenable Nessus
added 2011/11/08 12:0 a.m.43 views

Debian DSA-2339-1 : nss - several vulnerabilities

This update to the NSS cryptographic libraries revokes the trust in the'DigiCert Sdn. Bhd' certificate authority. More information can be found in the Mozilla Security Blog. This update also fixes an insecure load path for pkcs11.txt configuration file CVE-2011-3640 . %NASLMINLEVEL 70300 C Tenabl...

7.1CVSS8.2AI score0.01395EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2011/10/21 12:0 a.m.43 views

Debian DSA-2324-1 : wireshark - programming error

The Microsoft Vulnerability Research group discovered that insecure load path handling could lead to execution of arbitrary Lua script code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...

9.3CVSS7.6AI score0.35528EPSS
Exploits9References3
myhack58
myhack58
added 2011/02/17 12:0 a.m.31 views

Windows Vista / 7 lpksetup. exe the DLL-hijacking-vulnerability warning-the black bar safety net

/ Exploit: Windows Vista/7 lpksetup.exe oci.dll DLL Hijacking Vulnerability Extension: the . mlc Author: Tyler Borland [email protected] Date: 10/20/2010 Tested on: Windows 7 Ultimate Windows Vista Ultimate/Enterpries and Windows 7 Enterprise should be vulnerable as well Effect: Remote Code...

8.1AI score
Exploits0
Rows per page
Query Builder