52 matches found
CVE-2024-35186
gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of...
Traversal outside working tree enables arbitrary code execution
Summary During checkout, gitoxide does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. Details Although gix-worktree-state checks for collisions with existing files, it does not...
WordPress Plugin Salon booking system 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
DEBIAN-CVE-2024-27009
In the Linux kernel, the following vulnerability has been resolved: s390/cio: fix race condition during online processing A race condition exists in ccwdevicesetonline that can cause the online process to fail, leaving the affected device in an inconsistent state. As a result, subsequent attempts...
CVE-2024-27009
In the Linux kernel, the following vulnerability has been resolved: s390/cio: fix race condition during online processing A race condition exists in ccwdevicesetonline that can cause the online process to fail, leaving the affected device in an inconsistent state. As a result, subsequent attempts...
UBUNTU-CVE-2024-27009
In the Linux kernel, the following vulnerability has been resolved: s390/cio: fix race condition during online processing A race condition exists in ccwdevicesetonline that can cause the online process to fail, leaving the affected device in an inconsistent state. As a result, subsequent attempts...
CVE-2024-27009 s390/cio: fix race condition during online processing
In the Linux kernel, the following vulnerability has been resolved: s390/cio: fix race condition during online processing A race condition exists in ccwdevicesetonline that can cause the online process to fail, leaving the affected device in an inconsistent state. As a result, subsequent attempts...
CVE-2024-27009
In the Linux kernel, the following vulnerability has been resolved: s390/cio: fix race condition during online processing A race condition exists in ccwdevicesetonline that can cause the online process to fail, leaving the affected device in an inconsistent state. As a result, subsequent attempts...
CVE-2023-52544
Vulnerability of file path verification being bypassed in the email module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
CVE-2023-52544
Vulnerability of file path verification being bypassed in the email module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
SUSE CVE-2021-47176
In the Linux kernel, the following vulnerability has been resolved: s390/dasd: add missing discipline function Fix crash with illegal operation exception in dasddevicetasklet. Commit b72949328869 "s390/dasd: Prepare for additional path event handling" renamed the verifypath function for ECKD but...
DEBIAN-CVE-2021-47176
In the Linux kernel, the following vulnerability has been resolved: s390/dasd: add missing discipline function Fix crash with illegal operation exception in dasddevicetasklet. Commit b72949328869 "s390/dasd: Prepare for additional path event handling" renamed the verifypath function for ECKD but...
CVE-2021-47176
In the Linux kernel, the following vulnerability has been resolved: s390/dasd: add missing discipline function Fix crash with illegal operation exception in dasddevicetasklet. Commit b72949328869 "s390/dasd: Prepare for additional path event handling" renamed the verifypath function for ECKD but...
UBUNTU-CVE-2021-47176
In the Linux kernel, the following vulnerability has been resolved: s390/dasd: add missing discipline function Fix crash with illegal operation exception in dasddevicetasklet. Commit b72949328869 "s390/dasd: Prepare for additional path event handling" renamed the verifypath function for ECKD but...
CVE-2021-47176
In the Linux kernel, the following vulnerability has been resolved: s390/dasd: add missing discipline function Fix crash with illegal operation exception in dasddevicetasklet. Commit b72949328869 "s390/dasd: Prepare for additional path event handling" renamed the verifypath function for ECKD but...
PT-2024-11223 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a missing discipline function in the s390/dasd component of the Linux kernel. This leads to a crash with an illegal operation exception in dasd device tasklet...
CVE-2022-37865 Apache Ivy allows creating/overwriting any file on the system
With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. For artifacts using the "zip", "jar" or "war" packaging Ivy prior to 2.5.1 doesn't verify the target path when extracting the archive. A...
Joomla! 4.1.0 Zip Slip File Overwrite / Path Traversal
------------------------------------------------- Joomla! getTarInfo$this-data; 114. 115. for $i = 0, $n = \count$this-metadata; $i metadata$i'type'; 118. 119. if $type == 'file' || $type == 'unix file' 120. 121. $buffer = $this-metadata$i'data'; 122. $path = Path::clean$destination . '/'...
CVE-2020-25846
The digest generation function of NHIServiSignAdapter has not been verified for source file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential...
CVE-2020-25845
Multiple functions of NHIServiSignAdapter failed to verify the users’ file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential...