Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : ESAPI vulnerabilities (USN-8181-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8181-1 advisory. Jaroslav Lobaevski discovered that ESAPI incorrectly validated directory paths during path verification. ...

USN-8181-1: ESAPI vulnerabilities

Jaroslav Lobačevski discovered that ESAPI incorrectly validated directory paths during path verification. An attacker could possibly use this issue to bypass directory validation checks, leading to control-flow bypass. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,...

Xen 安全漏洞

Xen is an open-source virtual machine monitor product developed by Xen. This product allows different and incompatible operating systems to run on the same computer. It also supports migration during runtime, ensuring smooth operation and avoiding downtime. Xen has a security vulnerability, which...

ZimaOS 安全漏洞

ZimaOS is an open-source operating system project by IceWhaleTech, aimed at providing a lightweight, high-performance, and secure operating system environment. Version ZimaOS 1.5.2-beta3 contains a security vulnerability, which stems from the API not properly verifying target paths. This could le...

ADB Explorer 安全漏洞

ADB Explorer is a ADB user interface developed by Alex B as an individual developer. Versions of ADB Explorer prior to 0.9.26020 contain security vulnerabilities. These vulnerabilities stem from the lack of verification of the integrity or authenticity of the ADB binary path before execution, whi...

CVE-2025-61318

Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to exploit this feature...

PT-2025-49559

Name of the Vulnerable Software and Affected Versions Emlog Pro version 2.5.20 Description Emlog Pro 2.5.20 contains a flaw that allows for arbitrary file deletion. This issue is present in the admin/template.php and admin/plugin.php components, which do not properly validate file paths or filter...

AstrBot 安全漏洞

AstrBot is a multi-platform LLM chatbot and development framework open-sourced by AstrBot. A security vulnerability exists in AstrBot version v3.5.22, which stems from the encodeimagebs64 function not verifying the legitimacy of an image path, which could lead to arbitrary file reads and data lea...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988756)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988756 advisory. In the Linux kernel, the following vulnerability has been resolved: s390/dasd: add missing discipline function Fix crash with illegal operation exception in...

EUVD-2019-3854

Malware in sbrugna...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986813)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986813 advisory. In the Linux kernel, the following vulnerability has been resolved: s390/dasd: add missing discipline function Fix crash with illegal operation exception in...

EUVD-2022-7292

Malicious code in bioql PyPI...

Directory Traversal

mobsf is vulnerable to Directory Traversal. The vulnerability is due to improper string path verification using os.path.commonprefix, which allows an attacker to download files outside the intended DWDDIR directory and access data from neighboring directories...

USN-7474-1 docker.io vulnerabilities

Cory Snider discovered that Docker incorrectly handled networking packet encapsulation. An attacker could use this issue to inject internet packets in established connection, possibly causing a denial of service or bypassing firewall protections. This issue only affected Ubuntu 22.04 LTS, Ubuntu...

ROS-20250403-09

Apache Tomcat application server vulnerability is related to accepting input path data as an internal point without verification. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected information and execute arbitrary code. unauthorized access to...

CVE-2024-39865

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP1. The affected application allows users to upload encrypted backup files. As part of this backup, files can be restored without correctly checking the path of the restored file. This could allow an attacker...

CVE-2024-35186

gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of...

CVE-2024-35186

gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of...

CVE-2024-35186

gitoxide, a pure Rust Git implementation, has a vulnerability in gix-worktree-state where checkout ignores that paths must reside in the working tree. A specially crafted repository can cause new files to be created anywhere writable by the application during clone, impacting confidentiality, int...

Traversal outside working tree enables arbitrary code execution

Summary During checkout, gitoxide does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. Details Although gix-worktree-state checks for collisions with existing files, it does not...