Directory Traversal

Overview PyMuPDF is an A high performance Python library for data extraction, analysis, conversion & manipulation of PDF and other documents. Affected versions of this package are vulnerable to Directory Traversal via the embeddedget function if the derived output path is not supplied with...

Improper Certificate Validation

org.opensearch.dataprepper.plugins, opensearch is vulnerable to Improper Certificate Validation. The vulnerability is due to the plugins defaulting to a “trust-all” SSL configuration when no certificate path is provided, which allows an attacker to perform man-in-the-middle interception and...

SUSE CVE-2024-39719

An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist, it reflects the "File does not exist" error message to the attacker, providing a primitive for file existence on the...

PT-2024-40181 · Webpack · Webpack

Name of the Vulnerable Software and Affected Versions: Webpack versions affected versions not specified Description: A DOM Clobbering vulnerability was discovered in Webpack's AutoPublicPathRuntimeModule, which can lead to cross-site scripting XSS in web pages where scriptless attacker-controlled...

DEBIAN-CVE-2024-46721

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix possible NULL pointer dereference profile-parent-dentsAAFSPROFDIR could be NULL only if its parent is made from createmissingancestors.. and 'ent-old' is NULL in aareplaceprofiles... In that case, it must return an...

PT-2024-40065 · Typo3 +1 · Typo3 +1

Name of the Vulnerable Software and Affected Versions: TYPO3 affected versions not specified Description: The issue allows execution of arbitrary shell commands if the "From" header comes from a non-trusted source and no "Return-Path" is configured. This is specifically related to the swiftmailer...

PT-2024-40077 · Unknown · Swiftmailer

Name of the Vulnerable Software and Affected Versions: SwiftMailer versions prior to 5.2.1 Description: The issue allows for arbitrary shell execution if the From header comes from a non-trusted source and no Return-Path is configured. This can be exploited when using the sendmail transport,...

CVE-2022-23853

The LSP Language Server Protocol plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type. If this binary is absent from the PATH, it will try running the LSP server binary in the directory of the file th...

Schneider Electric Trio TView Software suffers from dll hijacking vulnerability

Schneider Electric Trio TView Software is a virtual diagnostic software. Schneider Electric Trio TView Software suffers from a dll hijacking vulnerability. The vulnerability is caused due to the Trio TView Software application containing a DLL that fails to specify an absolute path, which could b...

RTMPDump librtmp Denial of Service Vulnerability (CNVD-2016-04326)

RTMPDump is a toolkit for working with RTMP a network protocol used to transmit video and audio data over the Internet. librtmp is one of the libraries that supports the RTMP protocol. A security vulnerability exists in RTMPDump version 2.4 in librtmp version 1.0 in rtmpsrv. An attacker can explo...

Mandriva Update for beagle MDKA-2007:109 (beagle)

Check for the Version of beagle OpenVAS Vulnerability Test Mandriva Update for beagle MDKA-2007:109 beagle Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...