32 matches found
CVE-2026-27480
Static Web Server SWS is a production-ready web server suitable for static web files or assets. In versions 2.1.0 through 2.40.1, a timing-based username enumeration vulnerability in Basic Authentication allows attackers to identify valid users by exploiting early responses for invalid usernames,...
CVE-2026-27480
Static Web Server SWS is a production-ready web server suitable for static web files or assets. In versions 2.1.0 through 2.40.1, a timing-based username enumeration vulnerability in Basic Authentication allows attackers to identify valid users by exploiting early responses for invalid usernames,...
CVE-2026-27480 Static Web Server: Timing-Based Username Enumeration in Basic Authentication
Static Web Server SWS is a production-ready web server suitable for static web files or assets. In versions 2.1.0 through 2.40.1, a timing-based username enumeration vulnerability in Basic Authentication allows attackers to identify valid users by exploiting early responses for invalid usernames,...
CVE-2026-27480
Static Web Server SWS is a production-ready web server suitable for static web files or assets. In versions 2.1.0 through 2.40.1, a timing-based username enumeration vulnerability in Basic Authentication allows attackers to identify valid users by exploiting early responses for invalid usernames,...
CVE-2023-29012
Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted by an Uncontrolles Search Path Element vulnerability. Maliciously-placed doskey.exe would be executed silently upon running Git CMD. The problem ha...
CVE-2025-67487
Static Web Server SWS is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links symlinks which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping th...
CVE-2025-67487
Static Web Server SWS is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links symlinks which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping th...
CVE-2025-67487 Static Web Server is vulnerable to symbolic link Path Traversal
Static Web Server SWS is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links symlinks which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping th...
PT-2025-49798
Name of the Vulnerable Software and Affected Versions Static Web Server versions 2.40.0 and below Description Static Web Server SWS is a web server designed for static web files. Versions 2.40.0 and below do not adequately prevent symbolic links symlinks from being used to access files and...
EUVD-2023-32625
Malicious code in bioql PyPI...
OPENSUSE-SU-2024:12889-1 git-2.40.1-1.1 on GA media
These are all security issues fixed in the git-2.40.1-1.1 package on the GA media of openSUSE Tumbleweed...
EulerOS Virtualization 3.0.6.0 : git (EulerOS-SA-2023-3431)
According to the versions of the git packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3,...
WordPress Strong Testimonials Plugin < 2.40.1 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:machothemes:strongtestimonials"; ifdescription...
Amazon Linux 2 : git (ALAS-2023-2072)
The version of git installed on the remote host is prior to 2.40.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2072 advisory. Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5,...
Fedora 36 : git (2023-003e7d2867)
The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-003e7d2867 advisory. update to 2.40.1 CVE-2023-25652, CVE-2023-25815, CVE-2023-29007 Refer to the release notes for 2.30.9 for details of each CVE as well as the followi...
Fedora 37 : git (2023-d84a75ea52)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-d84a75ea52 advisory. update to 2.40.1 CVE-2023-25652, CVE-2023-25815, CVE-2023-29007 Refer to the release notes for 2.30.9 for details of each CVE as well as the followi...
Vulnerabilities fixed in Git for Windows
The Git community has fixed vulnerabilities in Git for Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Manipulation of data Circumvention of security measure Remote code execution Administrator/Root...
SUSE CVE-2023-25815
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the gettext function's implicit initialization no...
ALPINE-CVE-2023-25815
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the gettext function's implicit initialization no...
DEBIAN-CVE-2023-25815
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the gettext function's implicit initialization no...