Lucene search
K

48 matches found

CVE
CVE
added 2026/03/18 6:13 p.m.19 views

CVE-2026-3479

CVE-2026-3479 concerns improper resource-argument validation in pkgutil.get_data(), which can enable path traversal. The DISPUTED description notes the function’s security model is the same as open(), and updated docs clarify there is no vulnerability when following the intended model. Connected ...

5.8AI score0.00238EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2014-1943

Malware in sbrugna...

7.5CVSS6.4AI score0.11208EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2014-1946

Malware in sbrugna...

7.5CVSS6.4AI score0.08196EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2014-1944

Malware in sbrugna...

7.5CVSS6.4AI score0.11683EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2015-4367

Malware in sbrugna...

5CVSS6.4AI score0.01439EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2015-6259

Malware in sbrugna...

6.8CVSS6.6AI score0.01455EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-0693

Malware in sbrugna...

4CVSS6.4AI score0.01327EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2011-1039

Malware in sbrugna...

2.1CVSS6AI score0.00386EPSS
Exploits0References28
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-0545

Malware in sbrugna...

9.8CVSS7.3AI score0.06363EPSS
Exploits0References10
BDU FSTEC
BDU FSTEC
added 2025/06/12 12:0 a.m.6 views

The vulnerability of Microsoft Office and Microsoft 365 Apps for Enterprise packages lies in the incorrect limitation of file names and other resources, allowing attackers to execute arbitrary code.

The vulnerability of Microsoft Office and Microsoft 365 Apps for Enterprise packages is related to incorrect restrictions on file names and other resources. Exploiting this vulnerability could allow a perpetrator to execute arbitrary code...

8.4CVSS5.8AI score0.00465EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/02/01 12:0 a.m.41 views

CentOS 8 : libreoffice (CESA-2020:4628)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4628 advisory. - libreoffice: 'stealth mode' remote resource restrictions bypass CVE-2020-12802 - libreoffice: forms allowed to be submitted to any URI could result i...

6.5CVSS6.4AI score0.01944EPSS
Exploits0References3
Veracode
Veracode
added 2020/11/05 3:18 a.m.28 views

Information Disclosure

libreoffice is vulnerable to information disclosure. The vulnerable exists due to retrieve remote resources which allows an attacker to gain access to information in the file system...

5.3CVSS5.6AI score0.01944EPSS
Exploits0References9Affected Software3
Tenable Nessus
Tenable Nessus
added 2020/11/04 12:0 a.m.25 views

RHEL 8 : libreoffice (RHSA-2020:4628)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4628 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor...

6.5CVSS6.6AI score0.01944EPSS
Exploits0References12
OSV
OSV
added 2020/11/03 12:21 p.m.23 views

ALSA-2020:4628 Low: libreoffice security, bug fix, and enhancement update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

6.5CVSS6.3AI score0.01944EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2018/10/19 4:16 p.m.42 views

Jetty contains an alias issue that could allow unauthenticated remote code execution due to specially crafted request

The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes...

9.8CVSS6.1AI score0.06363EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2017/04/13 2:59 p.m.36 views

CVE-2016-4800

The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes...

9.8CVSS9.4AI score0.06363EPSS
Exploits0References6
OSV
OSV
added 2017/04/13 2:59 p.m.23 views

CVE-2016-4800

The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes...

9.8CVSS6.9AI score
Exploits0References6
UbuntuCve
UbuntuCve
added 2017/04/13 2:59 p.m.21 views

CVE-2016-4800

The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes...

9.8CVSS6.9AI score0.06363EPSS
Exploits0References2
Veracode
Veracode
added 2017/02/02 4:46 a.m.23 views

Bypassing Device-Resource Restrictions

Cordova is vulnerable to the bypass of intended device-resource restrictions. Leveraging on an event-based bridge, a library clone, and an IFRAME script execution, a remote attacker is able to directly access bridge JavaScript objects as demonstrated by certain cordova.require calls...

7.5CVSS6.1AI score0.11683EPSS
Exploits0References7Affected Software1
Veracode
Veracode
added 2017/01/31 6:21 a.m.18 views

Bypassing Device-Resource Restrictions

Cordova is vulnerable to the bypass of intended device-resource restrictions. Leveraging on an event-based bridge, a library clone, and an IFRAME script execution, a remote attacker is able to wait for a certain amount of time for an OnJsPrompt handler return value as an alternative to correct...

7.5CVSS6.2AI score0.11208EPSS
Exploits1References10Affected Software1
Rows per page
Query Builder