Astra Linux - уязвимость в dpkg

In dpkg, the Debian package management system, versions prior to 1.21.8, 1.20.10, 1.19.8, and 1.18.26 are vulnerable to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include debian.tar, the in-place extraction process may...

EUVD-2025-27474

Malicious code in bioql PyPI...

CVE-2025-58753

Copyparty is a portable file server. In versions prior to 1.19.8, there was a missing permission-check in the shares feature the shr global-option. When a share was created for just one file inside a folder, it was possible to access the other files inside that folder by guessing the filenames. I...

CVE-2025-58753

Copyparty is a portable file server. In versions prior to 1.19.8, there was a missing permission-check in the shares feature the shr global-option. When a share was created for just one file inside a folder, it was possible to access the other files inside that folder by guessing the filenames. I...

CVE-2025-58753 copyparty: Sharing a single file does not fully restrict access to other files in source folder

Copyparty is a portable file server. In versions prior to 1.19.8, there was a missing permission-check in the shares feature the shr global-option. When a share was created for just one file inside a folder, it was possible to access the other files inside that folder by guessing the filenames. I...

CVE-2025-58753 copyparty: Sharing a single file does not fully restrict access to other files in source folder

Copyparty is a portable file server. In versions prior to 1.19.8, there was a missing permission-check in the shares feature the shr global-option. When a share was created for just one file inside a folder, it was possible to access the other files inside that folder by guessing the filenames. I...

CVE-2025-58753

Copyparty vulnerability CVE-2025-58753 affects the Copyparty portable file server. The issue is a missing permission check in the shares feature (shr global option) that allowed access to other files in the same folder when a share was created for a single file, by guessing filenames. Subdirector...

CVE-2025-58753 copyparty: Sharing a single file does not fully restrict access to other files in source folder

Copyparty is a portable file server. In versions prior to 1.19.8, there was a missing permission-check in the shares feature the shr global-option. When a share was created for just one file inside a folder, it was possible to access the other files inside that folder by guessing the filenames. I...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the shr global-option. An attacker can access unauthorized sibling files within a shared folder by guessing their filenames. Remediation Upgrade copyparty to version 1.19.8 or higher. References - GitHub Commit...

PT-2025-36951

Name of the Vulnerable Software and Affected Versions: Copyparty versions prior to 1.19.8 Description: Copyparty is a portable file server. A missing permission-check in the shares feature shr global-option allowed access to sibling files within a shared folder by guessing filenames when a share...

Security fix for the ALT Linux 10 package golang version 1.19.8-alt1

1.19.8-alt1 built April 10, 2023 Alexey Shabalin in task 318045 April 4, 2023 Alexey Shabalin - New version 1.19.8 Fixes: CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538...

AZL-13738 CVE-2022-41722 affecting package msft-golang for versions less than 1.19.8-1

A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative if invalid path into an absolute path could enable a directory traversal...

dpkg 路径遍历漏洞

dpkg is a package management tool for Debian. A path traversal vulnerability exists in dpkg, which stems from a directory traversal issue. The following products and versions are affected: 1.21.8, 1.20.10, 1.19.8, 1.18.26...

Debian: Security Advisory (DSA-5147-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2022-0613

Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8...

PT-2022-13299 · Uri.Js · Uri.Js

Name of the Vulnerable Software and Affected Versions: urijs versions prior to 1.19.8 Description: The issue allows an attacker to bypass authorization through a user-controlled key. Specifically, it is possible to use case-insensitive protocol schemes, such as HTTP, htTP, HTtp, etc., to bypass...

urijs 安全漏洞

urijs is a Javascript URL mutation library. A security vulnerability exists in urijs prior to 1.19.8, which stems from a user control key bypassing authorization...

Debian Security Advisory DSA 2753-1 (mediawiki - information leak)

It was discovered that in Mediawiki, a wiki engine, several API modules allowed anti-CSRF tokens to be accessed via JSONP. These tokens protect against cross site request forgeries and are confidential. OpenVAS Vulnerability Test $Id: deb2753.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generat...