scitokens 安全漏洞

Scitokens is an open-source science computing token library developed by SciTokens. Versions of Scitokens prior to 1.4.1 contained security vulnerabilities. These vulnerabilities stemmed from the executor’s use of a simple string comparison when checking whether the resource path in a request was...

MarkUs 安全漏洞

MarkUs is an open-source Ruby on Rails and React web application used for submitting and grading student assignments. Versions of MarkUs prior to 2.9.1 contained a security vulnerability due to insufficient file path checking, which could allow arbitrary file writing...

CVE-2019-11120

Insufficient path checking in the installer for IntelR Active System Console before version 8.0 Build 24 may allow an authenticated user to potentially enable escalation of privilege via local access...

EUVD-2019-0085

Malware in sbrugna...

EUVD-2019-6761

Malware in sbrugna...

EUVD-2021-20402

Malware in sbrugna...

EUVD-2019-0895

Malware in sbrugna...

EUVD-2019-2824

Malware in sbrugna...

CVE-2019-10465

A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file syste...

CVE-2024-39865

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP1. The affected application allows users to upload encrypted backup files. As part of this backup, files can be restored without correctly checking the path of the restored file. This could allow an attacker...

RHEL 8 : mercurial (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - mercurial: Path-checking logic bypass via symlinks and subrepositories CVE-2019-3902 Note that Nessus has not teste...

RHEL 7 : mercurial (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mercurial: arbitrary command execution in mercurial repo with a git submodule CVE-2017-17458 - The conver...

Amazon Linux 2 : ruby (ALAS-2024-2486)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2486 advisory. A flaw was discovered in Ruby in the way certain functions handled strings containing NULL bytes. Specifically, the...

Ubuntu 16.04 ESM : Mercurial vulnerabilities (USN-5102-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5102-2 advisory. USN-5102-1 fixed vulnerabilities in Mercurial. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tenable has...

AlmaLinux 8 : ruby:2.6 (ALSA-2021:2588)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:2588 advisory. rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code CVE-2019-3881 ruby: NUL injection vulnerability of...

gnutls security and bug fix update

3.7.6-18 - Update gnutls-3.7.8-fips-pct-dh.patch to the upstream version 2168610 3.7.6-17 - Fix timing side-channel in TLS RSA key exchange 2162600 3.7.6-16 - fips: extend PCT to DH key generation 2168610 3.7.6-14 - fips: remove library path checking from FIPS integrity check 2149638 - fips: rena...

SUSE CVE-2005-2874

The ispathabsolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service CPU consumption by tight loop via a "...." URL in an HTTP request...

qpress directory traversal vulnerability

qpress is a patched version of the qpress file archiver program by the individual developer EvgeniyPatlan. A directory traversal vulnerability exists in qpress versions 11.3 and prior to 2022.08.19, which stems from a lack of checking of paths when processing directory requests and can be exploit...

Moodle arbitrary file reading vulnerability

Moodle is a free and open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment.Moodle suffers from an arbitrary file reading vulnerability, which stems from insufficient path checking and can be exploited by...

Ubuntu 18.04 LTS : Mercurial vulnerabilities (USN-5102-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5102-1 advisory. It was discovered that Mercurial mishandled symlinks in subrepositories. An attacker could use this issue to write arbitrary files to the targets...