7 matches found
GHSA-555P-6GRF-MH7F Dulwich doesn't sanitize commit subjects in `porcelain.format_patch`
Impact dulwich.porcelain.formatpatchoutdir=... derives each patch filename from the commit's subject line. Prior to this fix, getsummary only replaced spaces with dashes - path separators /, , parent-directory components .., and other filename-hostile characters e.g. : were preserved verbatim and...
CVE-2026-5758
A flaw was found in the protocol-buffers-schema JavaScript library. This vulnerability, known as prototype pollution, allows an attacker to inject malicious properties into an object's core definition. This could enable an attacker to change how an application behaves, bypass security measures, o...
Risky Deserialization Calls - benryanconversion ( Office Connector Plugin)
The benryanconversion plugin contains a code path that eventually ends up with a partially user-controlled filename being treated as the input for a call to readObject see FileBackedCache.loadFile. To trigger this, an attacker would need to call the following, with a payload in the sheetName...
PT-2023-6760
Name of the Vulnerable Software and Affected Versions sudo-rs versions prior to 0.2.1 Description The issue is related to the handling of usernames in sudo-rs, a memory-safe implementation of sudo and su. Usernames containing the . and / characters can result in the corruption of specific files o...
Error Log Viewer < 1.1.2 - Arbitrary Text File Deletion via CSRF
The plugin does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server. PoC On Web Servers other than Windows, the...
Raptor WAF v0.5 - Web Application Firewall using DFA
Raptor is a Web application firewall made in C, uses DFA to block SQL injection, Cross site scripting and path traversal. to run: $ git clone https://github.com/CoolerVoid/raptorwaf $ cd raptorwaf; make; bin/raptor Note: Don't execute with "cd bin; ./raptor" use full path "bin/raptor" look detail...
yum-utils security update
1.1.31-46.0.1 - needs-restarting not checking kernel-uek for reboot message Orabug 27189714 - add bug27596617.patch to remove upstream URL reference 1.1.31-46 - reposync: prevent path traversal. - Resolves: bug1600617...