Security update for gpg2

This update for gpg2 fixes the following issues: Security fix: Fixed GnuPG accepting Path Separators and Path Traversals in Literal Data bsc1256389 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...

CVE-2024-51747 Arbitrary File Read and Delete in kanboard

Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can read and delete arbitrary files from the server. File attachments, that are viewable or downloadable in Kanboard are resolved through its path entry in the projecthasfiles SQLite db...

QNAP QTS Multiple Vulnerabilities (QSA-24-02, QSA-24-04, QSA-24-06, QSA-24-07)

QNAP QTS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qts"; ifdescription...

CVE-2023-0862

The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges. This issue affects...

Design/Logic Flaw

The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges. This issue affects...

CVE-2023-0862

The CVE-2023-0862 entry describes a path-traversal vulnerability in NetModule NSRW web administration interface. Affected NSRW versions: 4.3.0.0 before 4.3.0.119, 4.4.0.0 before 4.4.0.118, 4.6.0.0 before 4.6.0.105, and 4.7.0.0 before 4.7.0.103. Attackers could upload malicious files to the web ro...

CVE-2022-22349

IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144...

CVE-2022-22349

IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144...

Security Bulletin: Multiple vulnerabilities were detected in IBM Sterling External Authentication Server (CVE-2022-22333, CVE-2022-22349)

Summary There are multiple vulnerabilities in IBM Sterling External Authentication Server detected by internal scans. IBM Sterling External Authentication Server has addressed the applicable vulnerabilities. Vulnerability Details CVEID: CVE-2022-22333 DESCRIPTION: IBM Sterling Secure Proxy and IB...

GHSA-85R7-W5MV-C849 Rack Vulnerable to Path Traversal

rack/file.rb Rack::File in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATHINFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path...

CollabNet Subversion Edge Management Show LFI

Vuln Title: Local file inclusion in CollabNet Subversion Edge Management Frontend via "fileName" parameter of the show action Date: 10.10.2014 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Local file...

CVE-2013-0262

rack/file.rb Rack::File in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATHINFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path...

Directory traversal

rack/file.rb Rack::File in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATHINFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path...

CVE-2013-0262

rack/file.rb Rack::File in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATHINFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path...

Google Chrome < 24.0.1312.52 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is earlier than 24.0.1312.52 and is, therefore, affected by the following vulnerabilities : - Use-after-free errors exist related to SVG layout, DOM handling, video seeking, PDF fields and printing. CVE-2012-5145, CVE-2012-5147,...

Google Chrome < 24.0.1312.52 Multiple Vulnerabilities

Binary data 800917.prm...