scitokens 安全漏洞

Scitokens is an open-source science computing token library developed by SciTokens. Versions of Scitokens prior to 1.4.1 contained security vulnerabilities. These vulnerabilities stemmed from the executor’s use of a simple string comparison when checking whether the resource path in a request was...

MarkUs 安全漏洞

MarkUs is an open-source Ruby on Rails and React web application used for submitting and grading student assignments. Versions of MarkUs prior to 2.9.1 contained a security vulnerability due to insufficient file path checking, which could allow arbitrary file writing...

CVE-2019-11120

Insufficient path checking in the installer for IntelR Active System Console before version 8.0 Build 24 may allow an authenticated user to potentially enable escalation of privilege via local access...

EUVD-2019-0895

Malware in sbrugna...

EUVD-2019-2824

Malware in sbrugna...

EUVD-2019-0085

Malware in sbrugna...

EUVD-2021-20402

Malware in sbrugna...

EUVD-2019-6761

Malware in sbrugna...

CVE-2019-10465

A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file syste...

CVE-2024-39865

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP1. The affected application allows users to upload encrypted backup files. As part of this backup, files can be restored without correctly checking the path of the restored file. This could allow an attacker...

RHEL 8 : mercurial (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - mercurial: Path-checking logic bypass via symlinks and subrepositories CVE-2019-3902 Note that Nessus has not teste...

RHEL 7 : mercurial (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mercurial: arbitrary command execution in mercurial repo with a git submodule CVE-2017-17458 - The conver...

The vulnerability of the software file loading function of the Cisco AppDynamics Controller allows a perpetrator to gain access to protected information.

The vulnerability of the software file loading function of the Cisco AppDynamics Controller is related to deficiencies in path name checking for the directory. Exploiting this vulnerability could allow an attacker operating remotely to gain access to protected information...

Amazon Linux 2 : ruby (ALAS-2024-2486)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2486 advisory. A flaw was discovered in Ruby in the way certain functions handled strings containing NULL bytes. Specifically, the...

Ubuntu 16.04 ESM : Mercurial vulnerabilities (USN-5102-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5102-2 advisory. USN-5102-1 fixed vulnerabilities in Mercurial. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tenable has...

AlmaLinux 8 : ruby:2.6 (ALSA-2021:2588)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:2588 advisory. rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code CVE-2019-3881 ruby: NUL injection vulnerability of...

The vulnerability of the Command Line Interface (CLI) of the Cisco Identity Services Engine (ISE) management platform allows a hacker to escape from the isolated software environment and elevate their privileges to the root level.

The vulnerability of the Command Line Interface CLI of the Cisco Identity Services Engine ISE management platform relates to deficiencies in the name checking of paths to restricted directories. Exploiting this vulnerability could allow an attacker to exit from a isolated software environment and...

gnutls security and bug fix update

3.7.6-18 - Update gnutls-3.7.8-fips-pct-dh.patch to the upstream version 2168610 3.7.6-17 - Fix timing side-channel in TLS RSA key exchange 2162600 3.7.6-16 - fips: extend PCT to DH key generation 2168610 3.7.6-14 - fips: remove library path checking from FIPS integrity check 2149638 - fips: rena...

SUSE CVE-2005-2874

The ispathabsolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service CPU consumption by tight loop via a "...." URL in an HTTP request...

qpress directory traversal vulnerability

qpress is a patched version of the qpress file archiver program by the individual developer EvgeniyPatlan. A directory traversal vulnerability exists in qpress versions 11.3 and prior to 2022.08.19, which stems from a lack of checking of paths when processing directory requests and can be exploit...