Lucene search
K

159 matches found

Tenable Nessus
Tenable Nessus
added 2022/09/24 12:0 a.m.73 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : permissions (SUSE-SU-2022:3353-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3353-1 advisory. - CVE-2022-31252: Fixed chkstat group controlled paths bsc1203018. Tenable has extracted the preceding...

4.4CVSS5.8AI score0.00139EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/09/20 12:0 a.m.38 views

openSUSE 15 Security Update : permissions (openSUSE-SU-2022:10128-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:10128-1 advisory. - A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap...

4.4CVSS5.2AI score0.00139EPSS
Exploits0References4
PyPA
PyPA
added 2022/09/07 7:15 p.m.4 views

PYSEC-2022-43179

Poetry is a dependency manager for Python. To handle dependencies that come from a Git repository, Poetry executes various commands, e.g. git config. These commands are being executed using the executable’s name and not its absolute path. This can lead to the execution of untrusted code due to th...

7.3CVSS7.4AI score0.00341EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2022/09/07 7:15 p.m.23 views

CVE-2022-36070

Poetry is a dependency manager for Python. To handle dependencies that come from a Git repository, Poetry executes various commands, e.g. git config. These commands are being executed using the executable’s name and not its absolute path. This can lead to the execution of untrusted code due to th...

7.3CVSS0.00341EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/09/07 12:0 a.m.4 views

PT-2022-23158 · Poetry · Poetry

Name of the Vulnerable Software and Affected Versions: Poetry versions prior to 1.1.9 Poetry versions prior to 1.2.0b1 Description: The issue arises from Poetry executing commands like git config using the executable's name instead of its absolute path. This can lead to the execution of untrusted...

7.3CVSS7.2AI score0.00341EPSS
Exploits0References9
CNNVD
CNNVD
added 2022/09/07 12:0 a.m.27 views

Poetry 代码问题漏洞

Poetry is a tool for dependency management and packaging in Python. It allows you to declare the libraries on which your project depends and will manage install/update them for you. A code issue vulnerability exists in Poetry versions prior to 1.1.9 and prior to 1.2.0b1 that stems from the...

7.3CVSS7.6AI score0.00341EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/09/02 12:0 a.m.2 views

CVE-2022-31252

A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the...

4.4CVSS5.8AI score0.00139EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/03/04 7:15 p.m.6 views

CVE-2022-0855

Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcsplugin prior to 0.0.4...

7.4CVSS6.8AI score0.00973EPSS
Exploits1References3
OSV
OSV
added 2021/10/27 1:28 p.m.6 views

SUSE-SU-2021:3553-1 Security update for Salt

This update fixes the following issues: salt: - Support querying for JSON data in external sql pillar - Exclude the full path of a download URL to prevent injection of malicious code bsc1190265, CVE-2021-21996 - Fix wrong relative paths resolution with Jinja renderer when importing subdirectories...

7.5CVSS7.7AI score0.03514EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/08/31 12:0 a.m.29 views

CVE-2021-37712 Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links

The npm package "tar" aka node-tar before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achiev...

8.2CVSS9.1AI score0.0185EPSS
Exploits0References6
Prion
Prion
added 2021/07/13 1:15 p.m.13 views

Design/Logic Flaw

dandavison delta before 0.8.3 on Windows resolves an executable's pathname as a relative path from the current directory...

4.4CVSS7.5AI score0.00422EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2019/11/15 3:8 a.m.23 views

Directory Traversal

rack-cors is vulnerable to directory traversal. The vulnerability exists as it does not escape nor resolve the path before evaluating the resource rules, allowing access to files outside the /public folder...

5.3CVSS3.6AI score0.02462EPSS
Exploits0References6Affected Software3
CNVD
CNVD
added 2018/08/17 12:0 a.m.3 views

Pulp Arbitrary File Overwrite Vulnerability

Pulp is a free and open source repository platform for managing content. The platform supports pushing content from software packages to consumers. An arbitrary file overwrite vulnerability exists in Pulp version 2.16.x. The vulnerability stems from the program failing to properly resolve paths a...

6.8CVSS6.7AI score0.01067EPSS
Exploits0References1
OSV
OSV
added 2018/07/23 8:40 p.m.30 views

GHSA-4VCM-QFXH-P6C3 Directory Traversal in getcityapi.yoehoehne

Affected versions of getcityapi.yoehoehne resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable syste...

7.5CVSS7.4AI score0.02005EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2016/10/18 12:0 a.m.85 views

PHP 7.0.x < 7.0.12 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.12. It is, therefore, affected by multiple vulnerabilities : - A NULL pointer dereference flaw exists in the SimpleXMLElement::asXML function within file ext/simplexml/simplexml.c. An unauthenticate...

6.5AI score
Exploits0References1
Cisco
Cisco
added 2010/04/19 8:43 p.m.34 views

Sudo sudoedit Local Command Privilege Escalation Vulnerability

Sudo contains a vulnerability that could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges. This vulnerability exists due to an error in the affected software while matching commands due to incorrect path resolution. A local attacker with privileges to...

6CVSS6.8AI score0.00402EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2010/04/16 12:0 a.m.36 views

FreeBSD : sudo -- Privilege escalation with sudoedit (1a9f678d-48ca-11df-85f8-000c29a67389)

Todd Miller reports : Sudo's command matching routine expects actual commands to include one or more slash '/' characters. The flaw is that sudo's path resolution code did not add a './' prefix to commands found in the current working directory. This creates an ambiguity between a 'sudoedit'...

6.9CVSS5.4AI score0.00402EPSS
Exploits2References4
FreeBSD
FreeBSD
added 2010/04/09 12:0 a.m.46 views

sudo -- Privilege escalation with sudoedit

Todd Miller reports: Sudo's command matching routine expects actual commands to include one or more slash '/' characters. The flaw is that sudo's path resolution code did not add a "./" prefix to commands found in the current working directory. This creates an ambiguity between a "sudoedit" comma...

6.9CVSS6.7AI score0.00402EPSS
Exploits2References2
OSV
OSV
added 2009/09/14 4:30 p.m.2 views

DEBIAN-CVE-2009-2813

Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote...

6CVSS8.8AI score0.02725EPSS
Exploits2References1
Rows per page
Query Builder