Astra Linux - уязвимость в firefox

An attacker with temporary script access to a website could have set a cookie containing invalid characters using document.cookie, which could lead to unknown errors. This vulnerability affects Firefox versions earlier than 119...

Exploit for CVE-2026-30332

CVE-2026-30332 Description A Time-of-Check to Time-of-Use...

PT-2026-4296

Name of the Vulnerable Software and Affected Versions Rufus versions 4.11 and below Description Rufus, a utility for formatting and creating bootable USB flash drives, contains a time-of-check to time-of-use TOCTOU race condition in the src/net.c file. This occurs during the creation, validation,...

OS Command Injection

Jenkins Git Client Plugin is vulnerable to OS Command Injection. The vulnerability is due to improper escaping of the workspace directory path when constructing arguments in a temporary shell script, where an attacker who can control the workspace directory name can inject and execute arbitrary...

CVE-2025-67640

Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands...

CVE-2025-67640

Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands...

EUVD-2019-14002

Malware in sbrugna...

EUVD-2025-10672

Malicious code in bioql PyPI...

CVE-2023-5723

An attacker with temporary script access to a site could have set a cookie containing invalid characters using document.cookie that could have led to unknown errors. This vulnerability affects Firefox 119...

CVE-2025-24375

Charmed MySQL K8s operator is a Charmed Operator for running MySQL on Kubernetes. Before revision 221, the method for calling a SQL DDL or python based mysql-shell scripts can leak database users credentials. The method mysql-operator calls mysql-shell application rely on writing to a temporary...

CVE-2025-24375

The CVE-2025-24375 entry concerns the Charmed MySQL K8s operator (and machine operator) with credential leakage risk. Root cause: the operator calls the mysql-shell/DDL scripts by writing a temporary script file containing full URIs with user credentials, created with read permissions (0644); unp...

MySQL K8s operator 安全漏洞

MySQL K8s operator is a Canonical open source character operator for running MySQL on Kubernetes. A security vulnerability exists in versions prior to MySQL K8s operator 221, which stems from improperly set permissions on a temporary script file that could lead to the disclosure of database user...

IBM Cloud Orchestrator Information Disclosure Vulnerability (CNVD-2019-39200)

IBM Cloud Orchestrator is a suite of cloud management solutions from IBM in the United States. The program provides extended internal and external deployment of cloud services and application program interfaces and tools to extend the integration with existing environments and other functions. An...

CVE-2019-4395

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a local user to obtain sensitive information from temporary script files. IBM X-Force ID: 162333...

CVE-2019-4395

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a local user to obtain sensitive information from temporary script files. IBM X-Force ID: 162333...

CVE-2019-4395

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a local user to obtain sensitive information from temporary script files. IBM X-Force ID: 162333...

Security Bulletin: IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition is affected by ASoC vulnerability (CVE-2019-4395)

Summary IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise has addressed the ASoC vulnerability. Vulnerability Details CVEID: CVE-2019-4395 DESCRIPTION: IBM Cloud Orchestrator could allow a local user to obtain sensitive information from temporary script files. CVSS Base Score: 4 CVSS...

Private Internet Access (PIA) VPN Client Arbitrary Code Execution Vulnerability (CNVD-2019-24215)

Private Internet Access PIA is a commercial VPN service operated by London Trust Media. An arbitrary code execution vulnerability exists in the London Trust Media Private Internet Access PIA VPN client version 82 for macOS. A local, unprivileged user can exploit this vulnerability by modifying...

Scientific Linux Security Update : openldap on SL5.x i386/x86_64

A flaw was found in the way OpenLDAP handled NUL characters in the CommonName field of X.509 certificates. An attacker able to get a carefully-crafted certificate signed by a trusted Certificate Authority could trick applications using OpenLDAP libraries into accepting it by mistake, allowing the...