52 matches found
EUVD-2019-2212
Malware in sbrugna...
EUVD-2019-0374
Malware in sbrugna...
EUVD-2018-0529
Malware in sbrugna...
EUVD-2020-17927
Malware in sbrugna...
EUVD-2023-58210
Malicious code in bioql PyPI...
EUVD-2025-0202
Malicious code in bioql PyPI...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal in the validLogFileName and validExecOutputFileName functions, which insufficiently validate log file names, allowing traversal sequences after certain prefixes. An attacker can access sensitive files on the host...
TencentOS Server 3: icedtea-web (TSSA-2022:0037)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0037 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Security Bulletin: Multiple vulnerabilities in IBM Tivoli Network Manager IP Edition (ITNM).
Summary Multiple vulnerabilities were addressed in ITNM version 4.2 Fix Pack 22 4.2.0.22 Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the...
Alibaba Cloud Linux 3 : 0037: icedtea-web (ALINUX3-SA-2022:0037)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0037 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-10181: It was found that in...
CVE-2024-43399
Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Before 4.0.7, there is a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension files, the measure...
GO-2025-3413 HashiCorp go-slug Vulnerable to Zip Slip Attack in github.com/hashicorp/go-slug
HashiCorp go-slug Vulnerable to Zip Slip Attack in github.com/hashicorp/go-slug...
GHSA-WPFP-CM49-9M9Q HashiCorp go-slug Vulnerable to Zip Slip Attack
Summary HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. This vulnerability, identified as CVE-2025-0377, is fixed in go-slug 0.16.3. Background HashiCorp’s go-slug shared library offers functions for...
HashiCorp go-slug Vulnerable to Zip Slip Attack
Summary HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. This vulnerability, identified as CVE-2025-0377, is fixed in go-slug 0.16.3. Background HashiCorp’s go-slug shared library offers functions for...
CVE-2025-0377
HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry...
CVE-2025-0377 HashiCorp go-slug Vulnerable to Zip Slip Attack
HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry...
CVE-2025-0377
CVE-2025-0377 – HashiCorp go-slug : Zip-slip style path traversal during tar extraction when a non-existent user-provided path is processed. This can allow writing arbitrary files during extraction. Remediation: upgrade go-slug to 0.16.3 or later (the advisory notes the fix is included in 0.16.3)...
CVE-2025-0377 HashiCorp go-slug Vulnerable to Zip Slip Attack
HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry...
PT-2025-3860 · Hashicorp +1 · Go-Slug +1
Name of the Vulnerable Software and Affected Versions: HashiCorp go-slug versions prior to 0.16.3 Description: The go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. This occurs because the unpacking step improperly...
CVE-2024-21542
Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip due to improper destination file path validation in the extractpackagesarchive function...