Lucene search
K

110 matches found

osv
osv
added 2022/11/07 7:0 p.m.7 views

GHSA-WV7W-RJ2X-556X Apache Ivy vulnerable to path traversal

When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which are valid characte...

7.5CVSS7.2AI score0.01596EPSS
Exploits0References3
github
github
added 2022/11/07 7:0 p.m.33 views

Apache Ivy vulnerable to path traversal

When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which are valid characte...

7.5CVSS8.1AI score0.01596EPSS
Exploits0References4Affected Software1
cve
cve
added 2022/11/07 12:0 a.m.325 views

CVE-2022-37866

Apache Ivy CVE-2022-37866 describes a directory traversal vulnerability where artifact coordinates with ".." can cause downloaded artifacts to be written outside Ivy’s local cache or overwrite other files. Exploitation requires collaboration from the remote repository, as Ivy will issue HTTP requ...

7.5CVSS7.4AI score0.01596EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2022/11/07 12:0 a.m.4 views

Apache Ivy 路径遍历漏洞

Apache Ivy is a deliverable package manager from the Apache Foundation USA. A path traversal vulnerability exists in Apache Ivy versions prior to 2.5.1, which stems from the fact that artifacts may be stored outside of Ivy's local cache or repository, or can overwrite different artifacts within t...

7.5CVSS7.3AI score0.01596EPSS
Exploits0References4
redhatcve
redhatcve
added 2020/02/01 4:4 a.m.24 views

CVE-2018-12385

A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally...

7CVSS1.9AI score0.00358EPSS
Exploits0References2
nvd
nvd
added 2019/07/30 9:15 p.m.27 views

CVE-2019-5454

SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmful query is executed requiring to resetup the account...

9.8CVSS9.3AI score0.02019EPSS
Exploits0References1
osv
osv
added 2019/07/30 9:15 p.m.21 views

CVE-2019-5454

SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmful query is executed requiring to resetup the account...

9.8CVSS7.7AI score
Exploits0References1
prion
prion
added 2019/07/30 9:15 p.m.24 views

Sql injection

SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmful query is executed requiring to resetup the account...

7.5CVSS9.2AI score0.02019EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2019/07/30 8:28 p.m.34 views

CVE-2019-5454

SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmful query is executed requiring to resetup the account...

9.3AI score0.02019EPSS
Exploits0References1
nextcloud
nextcloud
added 2019/07/26 12:0 a.m.54 views

SQL injection in Android app content provider (NC-SA-2019-005)

The content provider of the app accepted arbitrary strings in the field list of the returned file list. This allowed an attacker to run harmful queries, destroying the local cache of the android app. The server data however was never in danger, so removing the account and setting it up again can...

7.5CVSS2.7AI score0.02019EPSS
Exploits0Affected Software1
veracode
veracode
added 2019/05/16 3:19 a.m.27 views

Denial Of Service (DoS)

Firefox, Firefox ESR and Thunderbird are vulnerable to denial of service. The vulnerability exists in TransportSecurityInfo which is flawed and could be exploitable by local users, the local cache where the target user's profile directory can cause the browser to crash resulting in denial of...

7CVSS7.6AI score0.00358EPSS
Exploits0References20Affected Software2
osv
osv
added 2018/10/18 1:29 p.m.2 views

DEBIAN-CVE-2018-12385

A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally...

7CVSS8.6AI score0.00358EPSS
Exploits0References1
nvd
nvd
added 2018/10/18 1:29 p.m.16 views

CVE-2018-12385

A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally...

7CVSS6AI score0.00358EPSS
Exploits0References18
osv
osv
added 2018/10/18 1:29 p.m.8 views

CVE-2018-12385

A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally...

7CVSS6AI score0.00358EPSS
Exploits0References18
prion
prion
added 2018/10/18 1:29 p.m.17 views

Design/Logic Flaw

A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally...

4.4CVSS7AI score0.00358EPSS
Exploits0References18Affected Software11
cvelist
cvelist
added 2018/10/18 1:0 p.m.18 views

CVE-2018-12385

A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally...

6.2AI score0.00358EPSS
Exploits0References18
debiancve
debiancve
added 2018/10/18 1:0 p.m.34 views

CVE-2018-12385

A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally...

7CVSS8.2AI score0.00358EPSS
Exploits0
nessus
nessus
added 2018/10/16 12:0 a.m.29 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Thunderbird vulnerabilities (USN-3793-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3793-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a...

9.8CVSS7.8AI score0.03357EPSS
Exploits1References6
redhat
redhat
added 2018/09/27 8:51 p.m.9 views

Mozilla: Crash in TransportSecurityInfo due to cached data

A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally...

7CVSS7.3AI score0.00358EPSS
Exploits0References5
cnvd
cnvd
added 2018/09/25 12:0 a.m.1 views

Mozilla Firefox and Firefox ESR Denial of Service Vulnerability

Mozilla Firefox and Firefox ESR are both browser products developed by the Mozilla Foundation in the U.S. Firefox is an open source web browser; Firefox ESR is an extended support version of Firefox. A denial of service vulnerability exists in Mozilla Firefox versions prior to 62.0.2 and Firefox...

7CVSS7.4AI score0.00358EPSS
Exploits0References1
Rows per page
Query Builder