Huawei EulerOS: Security Advisory for librsvg2 (EulerOS-SA-2026-1051)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for librsvg2 (EulerOS-SA-2026-1030)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

TencentOS Server 4: librsvg2 (TSSA-2025:0073)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0073 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Linux Distros Unpatched Vulnerability : CVE-2023-38633

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files on the local filesystem...

Librsvg: Arbitrary File Read

Background Librsvg is a library to render SVG files using cairo as a rendering engine. Description A directory traversal problem in the URL decoder of librsvg could be used by local or remote attackers to disclose files on the local filesystem outside of the expected area, as demonstrated by...

GLSA-202408-14 : Librsvg: Arbitrary File Read

The remote host is affected by the vulnerability described in GLSA-202408-14 Librsvg: Arbitrary File Read A directory traversal problem in the URL decoder of librsvg could be used by local or remote attackers to disclose files on the local filesystem outside of the expected area, as demonstrated ...

EulerOS 2.0 SP11 : librsvg2 (EulerOS-SA-2023-3035)

According to the versions of the librsvg2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files on the...

Updated librsvg packages fix security vulnerability

A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files on the local filesystem outside of the expected area, as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element. CVE-2023-3863...

Debian: Security Advisory (DSA-5484-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-5484-1 : librsvg - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5484 advisory. Zac Sims discovered a directory traversal in the URL decoder of librsvg, a SAX-based renderer library for SVG files, which could result in read of arbitrary files whe...

CVE-2023-38633

A directory traversal vulnerability was discovered in the URL decoder of Librsvg. This issue occurs when xinclude href has special characters; demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element, which can allow an attacker to send a specially crafted URL...

CVE-2023-38633

A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files on the local filesystem outside of the expected area, as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element...

CVE-2023-38633

A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files on the local filesystem outside of the expected area, as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element...

CVE-2023-38633

A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files on the local filesystem outside of the expected area, as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element...

Directory traversal

A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files on the local filesystem outside of the expected area, as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element...

CVE-2023-38633

CVE-2023-38633 relates to a directory traversal in the URL decoder of librsvg up to version 2.56.3. The vulnerability could allow local or remote attackers to disclose files on the local filesystem outside the intended area, demonstrated via href=".?../../../../../../../../../../etc/passwd" in an...

CVE-2023-38633

A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files on the local filesystem outside of the expected area, as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element...

CVE-2023-38633

A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files on the local filesystem outside of the expected area, as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element...

SUSE CVE-2016-4003

Cross-site scripting XSS vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter...

Locky Ransomware Distributed Via DOCM Attachments in Latest Email Campaigns

Throughout August, FireEye Labs has observed a few massive email campaigns distributing Locky ransomware. The campaigns have affected various industries, with the healthcare industry being hit the hardest based on our telemetry, as seen in Figure 1. Figure 1. Top 10 affected industries Numerous...