CVE-2025-23395

A flaw was found in Screen. When running with setuid-root privileged, the logfilereopen function does not drop privileges while operating on a user-supplied path. This vulnerability allows an unprivileged user to create files in arbitrary locations with root ownership. Mitigation No mitigation is...

PT-2025-20829 · Gnu · Gnu Screen

Name of the Vulnerable Software and Affected Versions: Screen versions 5.0.0 Description: The issue is related to the logfile reopen function in the GNU screen terminal multiplexer. When Screen runs with setuid-root privileges, it does not drop privileges while operating on a user-supplied path...

CVE-2025-47730

The TeleMessage archiving backend through 2025-05-05 accepts API calls to request an authentication token from the TM SGNL aka Archive Signal app with the credentials of logfile for the user and enRR8UVVywXYbFkqUQDPRkO for the password...

VulnCheck KEV: CVE-2025-47730

The TeleMessage archiving backend through 2025-05-05 accepts API calls to request an authentication token from the TM SGNL aka Archive Signal app with the credentials of logfile for the user and enRR8UVVywXYbFkqUQDPRkO for the password...

CVE-2025-1228

CVE-2025-1228 affects olajowon Loggrove (Logfile Update Handler) with a path traversal vulnerability in the /read/?page=1&logfile=LOG_Monitor parameter. Affected is an unknown function within the Logfile Update Handler; manipulation of the path argument allows remote exploitation. The exploit has...

CVE-2025-1228 olajowon Loggrove Logfile Update page path traversal

A vulnerability classified as problematic has been found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. Affected is an unknown function of the file /read/?page=1&logfile=LOGMonitor of the component Logfile Update Handler. The manipulation of the argument path leads to path...

CVE-2025-1228 olajowon Loggrove Logfile Update page path traversal

A vulnerability classified as problematic has been found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. Affected is an unknown function of the file /read/?page=1&logfile=LOGMonitor of the component Logfile Update Handler. The manipulation of the argument path leads to path...

Loggrove 路径遍历漏洞

Loggrove is a web platform service by olajowon individual developer. Loggrove has a path traversal vulnerability that originates in the path parameter of /read/?page=1&logfile=LOGMonitor of the Logfile Update Handler component that contains a path traversal vulnerability...

CVE-2024-36622

In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter...

USN-7011-2 clamav vulnerabilities

USN-7011-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that ClamAV incorrectly handled certain PDF files. A remote attacker could possibly use this issue to cause...

USN-7011-1 clamav vulnerabilities

It was discovered that ClamAV incorrectly handled certain PDF files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. CVE-2024-20505 It was discovered that ClamAV incorrectly handled logfile privileges. A local attacker could use this iss...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : ClamAV vulnerabilities (USN-7011-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7011-1 advisory. It was discovered that ClamAV incorrectly handled certain PDF files. A remote attacker could possibly use this issue to cause...

CVE-2024-20506 ClamAV Privilege Handling Escalation Vulnerability

A vulnerability in the ClamD service module of Clam AntiVirus ClamAV versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt...

CVE-2024-20506

A vulnerability in the ClamD service module of Clam AntiVirus ClamAV versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt...

Fedora 39 : et (2024-94a155818c)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-94a155818c advisory. Update to 6.2.8, fixing CVE-2022-48257 and CVE-2022-48258 ---- Unbundle cpp-httlib, fixing CVE-2023-26130 Tenable has extracted the preceding...

Fedora 38 : et (2024-bd9e67c117)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bd9e67c117 advisory. Update to 6.2.8, fixing CVE-2022-48257 and CVE-2022-48258 ---- Unbundle cpp-httlib, fixing CVE-2023-26130 Tenable has extracted the preceding...

DICOM Connectivity Framework Security Vulnerability

The DICOM Connectivity Framework is an advanced, object-oriented collection of native software components that implements the DICOM protocol for medical imaging systems. A security vulnerability exists in DICOM Connectivity Framework prior to version v.2.7.6b, which stems from a directory travers...

CVE-2022-41761

An issue was discovered in NOKIA NFM-T R19.9. An Absolute Path Traversal vulnerability exists under /cgi-bin/R19.9/viewlog.pl of the VM Manager WebUI via the logfile parameter, allowing a remote authenticated attacker to read arbitrary files...

CVE-2022-41761

An issue was discovered in NOKIA NFM-T R19.9. An Absolute Path Traversal vulnerability exists under /cgi-bin/R19.9/viewlog.pl of the VM Manager WebUI via the logfile parameter, allowing a remote authenticated attacker to read arbitrary files...

CVE-2022-41761

An issue was discovered in NOKIA NFM-T R19.9. An Absolute Path Traversal vulnerability exists under /cgi-bin/R19.9/viewlog.pl of the VM Manager WebUI via the logfile parameter, allowing a remote authenticated attacker to read arbitrary files...