Lucene search
K

10 matches found

OSV
OSV
added 2026/06/08 11:4 p.m.9 views

GHSA-555P-6GRF-MH7F Dulwich doesn't sanitize commit subjects in `porcelain.format_patch`

Impact dulwich.porcelain.formatpatchoutdir=... derives each patch filename from the commit's subject line. Prior to this fix, getsummary only replaced spaces with dashes - path separators /, , parent-directory components .., and other filename-hostile characters e.g. : were preserved verbatim and...

3.3CVSS5.5AI score0.00139EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/16 3:2 p.m.5 views

CVE-2026-5758

A flaw was found in the protocol-buffers-schema JavaScript library. This vulnerability, known as prototype pollution, allows an attacker to inject malicious properties into an object's core definition. This could enable an attacker to change how an application behaves, bypass security measures, o...

6.5CVSS5.9AI score0.00534EPSS
Exploits0References5
Atlassian
Atlassian
added 2024/09/09 12:9 p.m.18 views

Risky Deserialization Calls - benryanconversion ( Office Connector Plugin)

The benryanconversion plugin contains a code path that eventually ends up with a partially user-controlled filename being treated as the input for a call to readObject see FileBackedCache.loadFile. To trigger this, an attacker would need to call the following, with a payload in the sheetName...

7.3AI score
Exploits0Affected Software1
OSV
OSV
added 2024/05/06 9:50 a.m.3 views

SUSE-SU-2024:1525-1 Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master bsc1219430 - CVE-2024-22232: Prevent directory traversal attacks in the master's servefile method bsc1219431 - Convert oscap output to UTF-8 -...

7.7CVSS7.5AI score0.0083EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2023/09/21 12:0 a.m.4 views

PT-2023-6760

Name of the Vulnerable Software and Affected Versions sudo-rs versions prior to 0.2.1 Description The issue is related to the handling of usernames in sudo-rs, a memory-safe implementation of sudo and su. Usernames containing the . and / characters can result in the corruption of specific files o...

9CVSS7.8AI score0.00571EPSS
Exploits0References27
OSV
OSV
added 2022/01/13 9:15 p.m.3 views

CVE-2022-22988

File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources. It would be more difficult for an authenticated attacker to now traverse through the files and directories. This can only be exploited once an attacker has already found a way to...

9.1CVSS5.8AI score0.00714EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2021/12/29 12:0 a.m.15 views

Error Log Viewer < 1.1.2 - Arbitrary Text File Deletion via CSRF

The plugin does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server. PoC On Web Servers other than Windows, the...

6.5CVSS2.6AI score0.00599EPSS
Exploits2Affected Software1
OSV
OSV
added 2018/11/05 4:56 p.m.6 views

SUSE-SU-2018:3625-1 Security update for accountsservice

This update for accountsservice fixes the following issues: This security issue was fixed: - CVE-2018-14036: Prevent directory traversal caused by an insufficient path check in userchangeiconfileauthorizedcb bsc1099699 Thsese non-security issues were fixed: - Don't abort loading users when an...

6.5CVSS6.8AI score0.03086EPSS
Exploits1References5
Kitploit
Kitploit
added 2018/08/15 1:37 p.m.17 views

Raptor WAF v0.5 - Web Application Firewall using DFA

Raptor is a Web application firewall made in C, uses DFA to block SQL injection, Cross site scripting and path traversal. to run: $ git clone https://github.com/CoolerVoid/raptorwaf $ cd raptorwaf; make; bin/raptor Note: Don't execute with "cd bin; ./raptor" use full path "bin/raptor" look detail...

7.6AI score
Exploits0References3
Oracle linux
Oracle linux
added 2018/07/30 12:0 a.m.49 views

yum-utils security update

1.1.31-46.0.1 - needs-restarting not checking kernel-uek for reboot message Orabug 27189714 - add bug27596617.patch to remove upstream URL reference 1.1.31-46 - reposync: prevent path traversal. - Resolves: bug1600617...

9.3CVSS2.8AI score0.0571EPSS
Exploits0
Rows per page
Query Builder