48 matches found
CVE-2026-3479
CVE-2026-3479 concerns improper resource-argument validation in pkgutil.get_data(), which can enable path traversal. The DISPUTED description notes the function’s security model is the same as open(), and updated docs clarify there is no vulnerability when following the intended model. Connected ...
EUVD-2014-1943
Malware in sbrugna...
EUVD-2014-1946
Malware in sbrugna...
EUVD-2014-1944
Malware in sbrugna...
EUVD-2015-4367
Malware in sbrugna...
EUVD-2015-6259
Malware in sbrugna...
EUVD-2015-0693
Malware in sbrugna...
EUVD-2011-1039
Malware in sbrugna...
EUVD-2018-0545
Malware in sbrugna...
The vulnerability of Microsoft Office and Microsoft 365 Apps for Enterprise packages lies in the incorrect limitation of file names and other resources, allowing attackers to execute arbitrary code.
The vulnerability of Microsoft Office and Microsoft 365 Apps for Enterprise packages is related to incorrect restrictions on file names and other resources. Exploiting this vulnerability could allow a perpetrator to execute arbitrary code...
CentOS 8 : libreoffice (CESA-2020:4628)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4628 advisory. - libreoffice: 'stealth mode' remote resource restrictions bypass CVE-2020-12802 - libreoffice: forms allowed to be submitted to any URI could result i...
Information Disclosure
libreoffice is vulnerable to information disclosure. The vulnerable exists due to retrieve remote resources which allows an attacker to gain access to information in the file system...
RHEL 8 : libreoffice (RHSA-2020:4628)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4628 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor...
ALSA-2020:4628 Low: libreoffice security, bug fix, and enhancement update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
Jetty contains an alias issue that could allow unauthenticated remote code execution due to specially crafted request
The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes...
CVE-2016-4800
The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes...
CVE-2016-4800
The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes...
CVE-2016-4800
The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes...
Bypassing Device-Resource Restrictions
Cordova is vulnerable to the bypass of intended device-resource restrictions. Leveraging on an event-based bridge, a library clone, and an IFRAME script execution, a remote attacker is able to directly access bridge JavaScript objects as demonstrated by certain cordova.require calls...
Bypassing Device-Resource Restrictions
Cordova is vulnerable to the bypass of intended device-resource restrictions. Leveraging on an event-based bridge, a library clone, and an IFRAME script execution, a remote attacker is able to wait for a certain amount of time for an OnJsPrompt handler return value as an alternative to correct...