CVE-2022-1285

Server-Side Request Forgery SSRF in GitHub repository gogs/gogs prior to 0.12.8...

CVE-2021-4299

A vulnerability classified as problematic was found in cronvel string-kit up to 0.12.7. This vulnerability affects the function naturalSort of the file lib/naturalSort.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. Upgrading to versi...

PT-2023-12403 · Unknown · Cronvel String-Kit

Name of the Vulnerable Software and Affected Versions: cronvel string-kit versions up to 0.12.7 Description: A problematic issue was found in the naturalSort function of the lib/naturalSort.js file, leading to inefficient regular expression complexity. The attack can be initiated remotely...

Gogs < 0.12.8 RCE Vulnerability

Gogs is prone to a remote command execution RCE vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...

Gogs 安全漏洞

Gogs Go Git Service is a self-service Git hosting service based on the Go language by the GOGS team, which supports creating and migrating public/private repositories, adding and deleting repository collaborators, and so on. A security vulnerability exists in Gogs versions prior to 0.12.8, which...

PT-2022-14171 · Gogs · Gogs

Name of the Vulnerable Software and Affected Versions: gogs/gogs versions =0.12.7 Description: A remote command execution issue exists due to improper validation of the tree path parameter during file uploads. An attacker can upload a file into the .git directory by setting tree path=.git.,...

Gogs < 0.12.8 SSRF Vulnerability

Gogs is prone to a server-side request forgery SSRF vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

OS Command Injection in gogs

Impact The malicious user is able to upload a crafted config file into repository's .git directory with to gain SSH access to the server. All Windows installations with repository upload enabled default are affected. Patches Repository file uploads are prohibited to its .git directory. Users shou...

Gogs server request forgery vulnerability

Gogs Go Git Service is a Go-based self-service Git hosting service from the GOGS team that supports creating and migrating public/private repositories, adding and removing repository collaborators, etc. A server-side request forgery vulnerability exists in versions prior to Gogs 0.12.8, for which...

CVE-2022-1285

Server-Side Request Forgery SSRF in GitHub repository gogs/gogs prior to 0.12.8...

CVE-2022-1285 Server-Side Request Forgery (SSRF) in gogs/gogs

Server-Side Request Forgery SSRF in GitHub repository gogs/gogs prior to 0.12.8...

PT-2022-13774 · Gogs · Gogs

Name of the Vulnerable Software and Affected Versions: gogs/gogs versions prior to 0.12.8 Description: The issue is related to a Server-Side Request Forgery SSRF in the GitHub repository gogs/gogs. This allows a malicious user to discover services in the internal network through webhook...

Gogs 代码问题漏洞

Gogs Go Git Service is a Go-based self-service Git hosting service from the GOGS team that supports creating and migrating public/private repositories, adding and removing repository collaborators, etc. A server-side request forgery vulnerability exists in versions prior to Gogs 0.12.8, for which...

CVE-2020-28348

HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8...

CVE-2020-28348

HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8...

PT-2020-16990 · Hashicorp +1 · Nomad +2

Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad and Nomad Enterprise versions 0.9.0 through 0.12.7 Description: The client Docker file sandbox feature in HashiCorp Nomad and Nomad Enterprise may be subverted when not explicitly disabled or when using a volume mount type. Th...

[SECURITY] [DSA 4375-1] spice security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4375-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 29, 2019 https://www.debian.org/security/faq -...

spice security update

0.12.8-2.1 - Redo build properly versioned as a zstream build Related: CVE-2017-7506 0.12.8-3 - Prevent potential buffer/integer overflows with invalid MonitorsConfig messages sent from an authenticated client Resolves: CVE-2017-7506...

Fedora 10 : gupnp-0.12.8-1.fc10 (2009-5861)

New upstream release that fixes a bug where the gupnp stack crashes when passed empty content ChangeLog here http://git.gupnp.org/cgit.cgi?url=gupnp/tree/NE WS&id=ce714a6700ce03953a2886a66ec57db59205f4e6 Bug report here http://bugzilla.openedhand.com/showbug.cgi?id=1604 Other bugs fixed here. -...

Fedora 11 : gupnp-0.12.8-1.fc11 (2009-5865)

New upstream release that fixes a bug where the gupnp stack crashes when passed empty content ChangeLog here http://git.gupnp.org/cgit.cgi?url=gupnp/tree/NE WS&id=ce714a6700ce03953a2886a66ec57db59205f4e6 Bug report here http://bugzilla.openedhand.com/showbug.cgi?id=1604 Other bugs fixed here. -...