15 matches found
CVE-2026-35345 uutils coreutils tail Privileged Information Disclosure via Symlink Replacement Race
A vulnerability in the tail utility of uutils coreutils allows for the exfiltration of sensitive file contents when using the --follow=name option. Unlike GNU tail, the uutils implementation continues to monitor a path after it has been replaced by a symbolic link, subsequently outputting the...
CVE-2026-35345
CVE-2026-35345 concerns the tail utility in uutils coreutils. The vulnerability arises with the --follow=name option: the implementation continues watching a path after it has been replaced by a symlink and then outputs the contents of the link’s target. In environments where a privileged user mo...
CRLF Injection
Overview org.webjars.npm:nodemailer is an Easy as cake e-mail sending from your Node.js applications Affected versions of this package are vulnerable to CRLF Injection via the name configuration configuration option. An attacker can inject arbitrary SMTP commands by supplying carriage return and...
CRLF Injection
Overview nodemailer is an Easy as cake e-mail sending from your Node.js applications Affected versions of this package are vulnerable to CRLF Injection via the name configuration configuration option. An attacker can inject arbitrary SMTP commands by supplying carriage return and line feed...
curl: Directory Traversal Vulnerability in cURL via Content-Disposition Header Processing
Vulnerability Description The parsefilename function in src/toolcbhdr.c does not adequately validate and sanitize filenames extracted from HTTP Content-Disposition headers, allowing directory traversal attacks when the -O remote-name and -J remote-header-name options are used together. Vulnerable...
EUVD-2014-0386
Malware in sbrugna...
SUSE-SU-2025:01807-1 Security update for 389-ds
This update for 389-ds fixes the following issues: Security fixes: - CVE-2025-3416: Fixed use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate bsc1242666 Other fixes: - Enable memory accounting as SUSE disables it by default bsc1241016. - Fix dsidm service getdn option failing...
GHSA-3965-HPX2-Q597 Pug allows JavaScript code execution if an application accepts untrusted input
Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would...
CVE-2022-26495
In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBDOPTINFO,...
DEBIAN-CVE-2022-26495
In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBDOPTINFO,...
CVE-2020-15779
A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir and rename options determine the path...
DEBIAN-CVE-2011-2716
The DHCP client udhcpc in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the 1 HOSTNAME, 2 DOMAINNAME, 3 NISDOMAIN, and 4 TFTPSERVERNAME host name options...
busybox: udhcpc insufficient checking of DHCP options
The DHCP client udhcpc in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the 1 HOSTNAME, 2 DOMAINNAME, 3 NISDOMAIN, and 4 TFTPSERVERNAME host name options...
busybox: udhcpc insufficient checking of DHCP options
The DHCP client udhcpc in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the 1 HOSTNAME, 2 DOMAINNAME, 3 NISDOMAIN, and 4 TFTPSERVERNAME host name options...
Joomla Component com_easygallery Persistent XSS Vulnerability
Exploit for php platform in category web applications =================================================== Joomla comeasygallery Persistent XSS Vulnerability =================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ ...