Lucene search
K

187 matches found

OSV
OSV
added 2025/05/26 2:15 p.m.5 views

ALPINE-CVE-2025-46804

A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available. Affected are older Screen versions, as well as version 5.0.0...

2CVSS6.6AI score0.00213EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/26 12:0 a.m.6 views

GNU Screen 安全漏洞

GNU Screen is an application from the American GNU community. It provides the effect of getting multiple virtual terminals on one physical terminal. GNU Screen suffers from an information disclosure vulnerability that can be exploited by attackers to infer path information...

3.3CVSS6AI score0.00213EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/21 8:10 p.m.4 views

CVE-2005-1570

forum.asp in bttlxeForum 2.0 allows remote attackers to obtain full path information via a certain hex-encoded argument to the page parameter, possibly due to a SQL injection vulnerability...

5CVSS7.7AI score0.01178EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/10 8:19 p.m.23 views

CVE-2025-21197

Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content...

6.5CVSS6.3AI score0.02947EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/05 3:55 a.m.5 views

CVE-2024-27901

SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the application...

7.2CVSS6.5AI score0.00726EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/18 1:49 p.m.23 views

Security Bulletin: There are multiple vulnerabilities that affect CICS Transaction Gateway Desktop Edition (CVE-2023-50310 and CVE-2023-50311).

Summary There are multiple vulnerabilities that affect CICS Transaction Gateway Desktop Edition. An update to CICS Transaction Gateway Desktop Edition has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2023-50311 DESCRIPTION: IBM CICS Transaction Gateway could...

7.5CVSS5.2AI score0.0039EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/20 3:46 p.m.42 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to IBM CICS Transaction Gateway (CVE-2023-50310, CVE-2023-50311)

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to IBM CICS Transaction Gateway. This bulletin identifies the steps to take to address these vulnerabilities. Vulnerability Details CVEID:CVE-2023-50310 DESCRIPTION: IBM CICS...

7.5CVSS5.3AI score0.0039EPSS
Exploits0Affected Software2
UbuntuCve
UbuntuCve
added 2024/06/20 12:0 a.m.24 views

CVE-2024-6162

A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processe...

7.5CVSS6.9AI score0.01702EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/31 12:0 a.m.7 views

PT-2024-13898 · Ibm · Ibm Cics Transaction Gateway For Multiplatforms

Name of the Vulnerable Software and Affected Versions: IBM CICS Transaction Gateway for Multiplatforms versions 9.2 through 9.3 Description: The issue could disclose sensitive path information to an attacker through debugging or error messages. It also involves the transmission or storage of...

4.9CVSS6.7AI score0.00322EPSS
Exploits0References6
NVD
NVD
added 2023/12/12 1:15 a.m.23 views

CVE-2023-49058

SAP Master Data Governance File Upload application allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent directory’ are passed through to the file APIs. As a result, it has a low impact to the confidentiality...

5.3CVSS0.00625EPSS
Exploits0References2
OSV
OSV
added 2023/12/05 6:15 p.m.24 views

GHSA-H56G-GQ9V-VC8R jupyter-server errors include tracebacks with path information

Impact Unhandled errors in API requests include traceback information, which can include path information. There is no known mechanism by which to trigger these errors without authentication, so the paths revealed are not considered particularly sensitive, given that the requesting user has...

4.3CVSS4.2AI score0.00841EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2023/12/05 6:15 p.m.17 views

jupyter-server errors include tracebacks with path information

Impact Unhandled errors in API requests include traceback information, which can include path information. There is no known mechanism by which to trigger these errors without authentication, so the paths revealed are not considered particularly sensitive, given that the requesting user has...

4.3CVSS7AI score0.00841EPSS
Exploits0References7Affected Software1
Veracode
Veracode
added 2023/12/05 7:3 a.m.17 views

Information Disclosure

jupyterserver is vulnerable to Information Disclosure. An information disclosure flaw exists due to unhandled errors in API requests. While not directly allowing unauthorized access, these errors may leak sensitive path information in responses, potentially revealing sensitive server details to...

4.3CVSS6.1AI score0.00841EPSS
Exploits0References4Affected Software2
Cvelist
Cvelist
added 2023/12/04 9:0 p.m.36 views

CVE-2023-49080 Jupyter Server errors include tracebacks with path information

The Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can include path information...

3.5CVSS4.9AI score0.00841EPSS
Exploits0References4
NVD
NVD
added 2023/03/14 6:15 a.m.17 views

CVE-2023-27501

SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory traversal flaw in an available service to delete...

9.6CVSS8.9AI score0.00974EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2023/02/21 7:27 p.m.40 views

K17453: Subversion vulnerabilities CVE-2015-0248, CVE-2015-0251, and CVE-2015-3187

Security Advisory Description CVE-2015-0248 The 1 moddavsvn and 2 svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service assertion failure and abort via crafted parameter combinations related to dynamically evaluated revisi...

5CVSS7.3AI score0.12841EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.5 views

SUSE CVE-2007-1349

PerlRun.pm in Apache modperl before 1.30, and RegistryCooker.pm in modperl 2.x, does not properly escape PATHINFO before use in a regular expression, which allows remote attackers to cause a denial of service resource consumption via a crafted URI...

5CVSS6.8AI score0.10111EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:7 a.m.3 views

SUSE CVE-2008-2783

Multiple cross-site scripting XSS vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to 1 week.php, 2 workweek.php, and 3 day.php; and 4 the horde parameter in the PATHINFO to the...

4.3CVSS5.9AI score0.01505EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:2 a.m.3 views

SUSE CVE-2009-3701

Multiple cross-site scripting XSS vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1...

4.3CVSS6AI score0.04832EPSS
Exploits8References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:42 a.m.5 views

SUSE CVE-2013-0262

rack/file.rb Rack::File in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATHINFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path...

4.3CVSS7AI score0.02952EPSS
Exploits0References6
Rows per page
Query Builder