17 matches found
EUVD-2015-1934
Malware in sbrugna...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal in the path.join function. An attacker can bypass the path traversal protection and access restricted files by crafting specific path inputs that leverage Windows reserved driver names such as CON, PRN, and AUX. Note...
CVE-2024-35197 gix refs and paths with reserved Windows device names access the devices
gitoxide is a pure Rust implementation of Git. On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the...
Medium: golang
Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...
Medium: golang
Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...
Medium: golang
Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...
AZL-37513 CVE-2023-45284 affecting package golang for versions less than 1.21.6-1
On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports the...
DEBIAN-CVE-2023-45284
On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports the...
GHSA-37WM-28RM-56VW Jenkins does not Restrict Reserved Names Allowing for Privilege Escalation
The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name...
Jenkins does not Restrict Reserved Names Allowing for Privilege Escalation
The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name...
Privilege Escalation
jenkins is vulnerable to privilege escalation. Access to reserved names are not restricted in the HudsonPrivateSecurityRealm class when using jenkins' user database, which allows remote attackers to gain privileges by creating a reserved name...
jenkins: HudsonPrivateSecurityRealm allows creation of reserved names (SECURITY-166)
It was discovered that the internal Jenkins user database did not restrict access to reserved names, allowing users to escalate privileges...
CVE-2015-1810
The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name...
CVE-2015-1810
The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name...
jenkins: HudsonPrivateSecurityRealm allows creation of reserved names (SECURITY-166)
It was discovered that the internal Jenkins user database did not restrict access to reserved names, allowing users to escalate privileges...
FreeBSD : jenkins -- multiple vulnerabilities (7480b6ac-adf1-443e-a33c-3a3c0becba1e)
Kohsuke Kawaguchi from Jenkins team reports : DescriptionSECURITY-125 Combination filter Groovy script unsecured This vulnerability allows users with the job configuration privilege to escalate his privileges, resulting in arbitrary code execution to the master. SECURITY-162 directory traversal...
CVE-2006-0384
automount in Mac OS X 10.4.5 and earlier allows remote file servers to cause a denial of service unresponsiveness or execute arbitrary code via unspecified vectors that cause automount to "mount file systems with reserved names"...