Lucene search
K

52 matches found

Debian CVE
Debian CVE
added 2024/05/23 8:55 a.m.10 views

CVE-2024-35186

gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of...

8.8CVSS8.7AI score0.00816EPSS
Exploits0
RustSec
RustSec
added 2024/05/22 12:0 p.m.8 views

Traversal outside working tree enables arbitrary code execution

Summary During checkout, gitoxide does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. Details Although gix-worktree-state checks for collisions with existing files, it does not...

8.8CVSS8AI score0.00816EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2024/05/21 12:0 a.m.6 views

WordPress Plugin Salon booking system 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

9.1CVSS6.8AI score0.01236EPSS
Exploits0References4
OSV
OSV
added 2024/05/01 6:15 a.m.2 views

DEBIAN-CVE-2024-27009

In the Linux kernel, the following vulnerability has been resolved: s390/cio: fix race condition during online processing A race condition exists in ccwdevicesetonline that can cause the online process to fail, leaving the affected device in an inconsistent state. As a result, subsequent attempts...

4.7CVSS6.1AI score0.00175EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/05/01 6:15 a.m.23 views

CVE-2024-27009

In the Linux kernel, the following vulnerability has been resolved: s390/cio: fix race condition during online processing A race condition exists in ccwdevicesetonline that can cause the online process to fail, leaving the affected device in an inconsistent state. As a result, subsequent attempts...

4.7CVSS6.2AI score0.00175EPSS
Exploits0References19
OSV
OSV
added 2024/05/01 6:15 a.m.5 views

UBUNTU-CVE-2024-27009

In the Linux kernel, the following vulnerability has been resolved: s390/cio: fix race condition during online processing A race condition exists in ccwdevicesetonline that can cause the online process to fail, leaving the affected device in an inconsistent state. As a result, subsequent attempts...

4.7CVSS6.1AI score0.00175EPSS
Exploits0References20
Vulnrichment
Vulnrichment
added 2024/05/01 5:29 a.m.16 views

CVE-2024-27009 s390/cio: fix race condition during online processing

In the Linux kernel, the following vulnerability has been resolved: s390/cio: fix race condition during online processing A race condition exists in ccwdevicesetonline that can cause the online process to fail, leaving the affected device in an inconsistent state. As a result, subsequent attempts...

6.8AI score0.00175EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2024/05/01 5:29 a.m.27 views

CVE-2024-27009

In the Linux kernel, the following vulnerability has been resolved: s390/cio: fix race condition during online processing A race condition exists in ccwdevicesetonline that can cause the online process to fail, leaving the affected device in an inconsistent state. As a result, subsequent attempts...

4.7CVSS7.2AI score0.00175EPSS
Exploits0
OSV
OSV
added 2024/04/08 9:15 a.m.4 views

CVE-2023-52544

Vulnerability of file path verification being bypassed in the email module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

4.3CVSS5.8AI score0.00323EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/08 8:52 a.m.12 views

CVE-2023-52544

Vulnerability of file path verification being bypassed in the email module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

6.9AI score0.00323EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/03/27 4:25 a.m.3 views

SUSE CVE-2021-47176

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: add missing discipline function Fix crash with illegal operation exception in dasddevicetasklet. Commit b72949328869 "s390/dasd: Prepare for additional path event handling" renamed the verifypath function for ECKD but...

5.5CVSS7.7AI score0.00222EPSS
Exploits0References5
OSV
OSV
added 2024/03/25 10:15 a.m.3 views

DEBIAN-CVE-2021-47176

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: add missing discipline function Fix crash with illegal operation exception in dasddevicetasklet. Commit b72949328869 "s390/dasd: Prepare for additional path event handling" renamed the verifypath function for ECKD but...

5.5CVSS5.5AI score0.00222EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/03/25 10:15 a.m.6 views

CVE-2021-47176

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: add missing discipline function Fix crash with illegal operation exception in dasddevicetasklet. Commit b72949328869 "s390/dasd: Prepare for additional path event handling" renamed the verifypath function for ECKD but...

5.5CVSS6.4AI score0.00222EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/03/25 10:15 a.m.4 views

UBUNTU-CVE-2021-47176

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: add missing discipline function Fix crash with illegal operation exception in dasddevicetasklet. Commit b72949328869 "s390/dasd: Prepare for additional path event handling" renamed the verifypath function for ECKD but...

5.5CVSS6.6AI score0.00222EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2024/03/25 12:0 a.m.39 views

CVE-2021-47176

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: add missing discipline function Fix crash with illegal operation exception in dasddevicetasklet. Commit b72949328869 "s390/dasd: Prepare for additional path event handling" renamed the verifypath function for ECKD but...

5.5CVSS6.3AI score0.00222EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/03/25 12:0 a.m.7 views

PT-2024-11223 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a missing discipline function in the s390/dasd component of the Linux kernel. This leads to a crash with an illegal operation exception in dasd device tasklet...

7.8CVSS6.5AI score0.01549EPSS
Exploits5References802
Vulnrichment
Vulnrichment
added 2022/11/07 12:0 a.m.7 views

CVE-2022-37865 Apache Ivy allows creating/overwriting any file on the system

With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. For artifacts using the "zip", "jar" or "war" packaging Ivy prior to 2.5.1 doesn't verify the target path when extracting the archive. A...

9AI score0.01819EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2022/03/30 12:0 a.m.262 views

Joomla! 4.1.0 Zip Slip File Overwrite / Path Traversal

------------------------------------------------- Joomla! getTarInfo$this-data; 114. 115. for $i = 0, $n = \count$this-metadata; $i metadata$i'type'; 118. 119. if $type == 'file' || $type == 'unix file' 120. 121. $buffer = $this-metadata$i'data'; 122. $path = Path::clean$destination . '/'...

0.1AI score0.02007EPSS
Exploits3
OSV
OSV
added 2020/12/31 8:15 a.m.2 views

CVE-2020-25846

The digest generation function of NHIServiSignAdapter has not been verified for source file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential...

7.4CVSS7.1AI score0.00962EPSS
Exploits0References1
OSV
OSV
added 2020/12/31 8:15 a.m.5 views

CVE-2020-25845

Multiple functions of NHIServiSignAdapter failed to verify the users’ file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential...

7.4CVSS7.1AI score0.00962EPSS
Exploits0References1
Rows per page
Query Builder