9 matches found
EUVD-2023-29700
Malicious code in bioql PyPI...
CVE-2025-2170
A Server-side request forgery SSRF vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests to an unintended location...
CVE-2025-2170
CVE-2025-2170 is a Server-side request forgery (SSRF) affecting the SonicWall SMA1000 Appliance Work Place interface. Under certain conditions a remote unauthenticated attacker could cause the appliance to make requests to an unintended location. SonicWall PSIRT advises upgrading to the latest ho...
SUSE-SU-2024:3163-1 Security update for gradle
This update for gradle fixes the following issues: - CVE-2023-35946: Fixed a dependency issue leading the cache to write files into an unintended location. bsc1212930...
GHSA-7X45-PHMR-9WQP Arbitrary file write in mindsdb when Extracting Tarballs retrieved from a remote location
Summary An unsafe extraction is being performed using shutil.unpackarchive from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a TarSlip or a ZipSlip variant. Details Unpacking files using the...
CVE-2023-25804
Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a limited path traversal vulnerability. An SSH key can be saved into an unintended location, for example the /tmp folder using a payload ../../../../../tmp/test111dev. This issue...
Path traversal
Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a limited path traversal vulnerability. An SSH key can be saved into an unintended location, for example the /tmp folder using a payload ../../../../../tmp/test111dev. This issue...
Integer overflow in realloc call
Description Integer overflow in realloc and memcpy calls in coreanalgraphlabel. In the process of concatenating source lines based on DWARF data, the resulting size 32bit signed int can overflow. The sizes of the realloc and memcpy calls differ, and potentially can lead to writes in an unintended...
JVN#62171179 Kiri directory traversal vulnerability
Impact If the email analysis command processes an email with an attachment with a particular file name, the attachment may be written to an unintended location. Solution Products Affected Kiri ver9-2006 Kiri ver9-2005 Kiri ver9-2004...