7 matches found
CVE-2026-24844
melange allows users to build apk packages using declarative pipelines. From version 0.3.0 to before 0.40.3, an attacker who can provide build input values, but not modify pipeline definitions, could execute arbitrary shell commands if the pipeline uses $vars. or $inputs. substitutions in...
GHSA-W29M-FJP4-QHMQ Unsafe Identifiers in Opencast
Impact Opencast allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape working directories and write...
CVE-2020-5230 Opencast uses unsafe identifiers
Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape working directorie...
Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure
VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...
Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure
VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...
GLSA-200904-07 : Xpdf: Untrusted search path
The remote host is affected by the vulnerability described in GLSA-200904-07 Xpdf: Untrusted search path Erik Wallin reported that Gentoo's Xpdf attempts to read the 'xpdfrc' file from the current working directory if it cannot find a '.xpdfrc' file in the user's home directory. This is caused by...
GLSA-200903-41 : gedit: Untrusted search path
The remote host is affected by the vulnerability described in GLSA-200903-41 gedit: Untrusted search path James Vega reported that gedit uses the current working directory when searching for python modules, a vulnerability related to CVE-2008-5983. Impact : A local attacker could entice a user to...