RHEL 8 : java-11-openjdk (RHSA-2023:5741)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5741 advisory. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: OpenJD...

RHEL 9 : java-17-openjdk (RHSA-2023:5752)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5752 advisory. The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixe...

ALSA-2023:5733 Moderate: java-1.8.0-openjdk security update

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: OpenJDK: segmentation fault in ciMethodBlocks CVE-2022-40433 OpenJDK: IOR deserialization issue in CORBA 8303384 CVE-2023-22067 OpenJDK: certificate path...

ALSA-2023:5731 Moderate: java-1.8.0-openjdk security update

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: OpenJDK: segmentation fault in ciMethodBlocks CVE-2022-40433 OpenJDK: IOR deserialization issue in CORBA 8303384 CVE-2023-22067 OpenJDK: certificate path...

CVE-2023-45686

Insufficient path validation when writing a file via WebDAV in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal...

CVE-2023-45689

Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker with administrative privileges to read any file on the filesystem via path traversal...

CVE-2023-45685

Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal...

CVE-2023-45689

CVE-2023-45689 is a path traversal information-disclosure flaw in South River Technologies’ Titan MFT and Titan SFTP servers running on Windows and Linux. The root cause is insufficient path validation in the admin interface, enabling an authenticated user with administrative privileges to read a...

CVE-2023-45688

The CVE-2023-45688 entry concerns South River Technologies' Titan MFT and Titan SFTP servers (Linux) where an authenticated attacker can perform path traversal via FTP SIZE to determine the size of arbitrary files. This is an information-disclosure vulnerability (confidentiality impact); attack v...

CVE-2023-45686

CVE-2023-45686 affects South River Technologies’ Titan MFT and Titan SFTP servers. The root cause is insufficient path validation in WebDAV handling, enabling an authenticated attacker to perform path traversal and write a file to an arbitrary location on the filesystem (Linux). The issue is post...

CVE-2023-45686 Arbitrary file write via WebDAV path traversal in Titan MFT and Titan SFTP servers

Insufficient path validation when writing a file via WebDAV in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal...

CVE-2023-45686 Arbitrary file write via WebDAV path traversal in Titan MFT and Titan SFTP servers

Insufficient path validation when writing a file via WebDAV in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal...

CVE-2023-45685 Arbitrary file write via "zip slip" in Titan MFT and Titan SFTP servers

Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal...

CVE-2023-45685

CVE-2023-45685 (and related CVEs 45686–45690) affect South River Technologies Titan MFT and Titan SFTP servers on Windows and Linux. The issues stem from insufficient path validation and path traversal, enabling an authenticated attacker (often with administrative/privileged access) to perform ac...

CVE-2023-45685 Arbitrary file write via "zip slip" in Titan MFT and Titan SFTP servers

Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal...

PT-2023-6114 · A10 · A10 Thunder Adc

Name of the Vulnerable Software and Affected Versions: A10 Thunder ADC affected versions not specified Description: The issue is related to the FileMgmtExport class in the Advanced Core Operating System ACOS of A10 Thunder ADC controllers, where there is improper restriction of a directory path...

PT-2023-6115 · A10 · A10 Thunder Adc

Name of the Vulnerable Software and Affected Versions: A10 Thunder ADC affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of A10 Thunder ADC. The specific flaw exists within the ShowTechDownloadView class,...

GHSA-GHP8-52VX-77J4 pgAdmin failed to properly control the server code

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. Versions of pgAdmin prior to 7.7 failed to properly control the server code executed on this API, allowing an...

CVE-2023-5002

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an...

Input validation

Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the...