CVE-2026-1355 Missing Authorization Check in GitHub Enterprise Server Allows Unauthorized Uploads to Repository Migration Exports

A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to upload unauthorized content to another user’s repository migration export due to a missing authorization check in the repository migration upload endpoint. By supplying the migration...

MiracleLinux 8 : libtiff-4.0.9-23.el8 (AXSA:2022-4143:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4143:03 advisory. libtiff: Denial of Service via crafted TIFF file CVE-2022-0561 libtiff: Null source pointer lead to Denial of Service via crafted TIFF file...

TencentOS Server 4: vim (TSSA-2024:1005)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:1005 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

CVE-2020-1355

A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory.An attacker who successfully exploited the vulnerability would gain execution on a victim system.The security update addresses the vulnerability by correcting how the Windows Font Driver Host...

Linux Distros Unpatched Vulnerability : CVE-2023-1355

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402. CVE-2023-1355 Note that Nessus relies on the presence of the package as reported by the...

CVE-2025-1355

A vulnerability was found in needyamin Library Card System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /signup.php of the component Add Picture. The manipulation leads to unrestricted upload. The attack can be launched remotely. Th...

CVE-2025-1355 needyamin Library Card System Add Picture signup.php unrestricted upload

A vulnerability was found in needyamin Library Card System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /signup.php of the component Add Picture. The manipulation leads to unrestricted upload. The attack can be launched remotely. Th...

CVE-2025-1355 needyamin Library Card System Add Picture signup.php unrestricted upload

A vulnerability was found in needyamin Library Card System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /signup.php of the component Add Picture. The manipulation leads to unrestricted upload. The attack can be launched remotely. Th...

CVE-2025-1355

creationtimestamp| type| source ---|---|--- 2025-02-16 08:50:33+00:00| seen| https://infosec.exchange/users/vuldb/statuses/114012706146462640 2025-02-16 17:15:32+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3licqb3lacs2t 2025-02-16 18:30:13+00:00|...

CVE-2024-1355

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability...

CVE-2024-1355

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability...

CVE-2024-1355 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability...

CVE-2024-1355

CVE-2024-1355 describes a command injection in GitHub Enterprise Server. An attacker with the Management Console editor role could exploit the actions-console docker container to gain admin SSH access to the appliance by manipulating a service URL. Exploitation required access to the GitHub Enter...

GitHub: Management Console Editor Privilege Escalation to Root SSH Access in GitHub Enterprise Server via RCE in actions-console

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. The vulnerability affected all versio...

SUSE SLES12 Security Update : vim (SUSE-SU-2023:3463-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3463-1 advisory. - Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. CVE-2023-1127 - NULL Pointer Dereference in GitHub repository...

Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2023-1702)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : vim (SUSE-SU-2023:2103-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2103-1 advisory. - Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. CVE-2023-1127 - NULL Pointer...

CVE-2023-1355 affecting package vim 9.0.1247-1

CVE-2023-1355 affecting package vim 9.0.1247-1. An upgraded version of the package is available that resolves this issue...

Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2023-151)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-151 advisory. A heap-based buffer overflow vulnerability was found in GitHub repository vim/vim prior to 9.0.1376 in Vim's utfptr2char function of the src/mbyte.c file. This flaw occurs because there is acce...

Medium: vim

Issue Overview: A heap-based buffer overflow vulnerability was found in GitHub repository vim/vim prior to 9.0.1376 in Vim's utfptr2char function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into...