44 matches found
GHSA-8MH7-PHF8-XGFM OpenClaw skills.status could leak secrets to operator.read clients
Summary skills.status could disclose secrets to operator.read clients by returning raw resolved config values in configChecks for skill requires.config paths. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.14...
OpenClaw skills.status could leak secrets to operator.read clients
Summary skills.status could disclose secrets to operator.read clients by returning raw resolved config values in configChecks for skill requires.config paths. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.14...
MiracleLinux 7 : git-1.8.3.1-25.0.4.el7.AXS7 (AXSA:2025-10662:11)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10662:11 advisory. CVE-2025-48384: config: quote values containing CR character CVEs: CVE-2025-48384 Git is a fast, scalable, distributed revision control system with an...
PT-2025-52259
Name of the Vulnerable Software and Affected Versions ScreenConnect versions prior to 1.0.12 Description In deployments utilizing the Certificate Signing Extension, encrypted configuration values, potentially including an Azure Key Vault-related key, could be disclosed to unauthenticated users vi...
EulerOS 2.0 SP12 : git (EulerOS-SA-2025-2035)
According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full...
git: Git arbitrary code execution
A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return CR are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read,...
git: Git arbitrary code execution
A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return CR are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read,...
CLSA-2025-1753207140 Fix CVE(s): CVE-2025-48384
SECURITY UPDATE: security vulnerability discovered - debian/patches/CVE-2025-48384.patch: quote values containing CR character in config to prevent unintentional stripping when reading - CVE-2025-48384...
git: Git arbitrary code execution
A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return CR are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read,...
git: Git arbitrary code execution
A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return CR are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read,...
SUSE CVE-2025-48384
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed CRLF. When writing a config entry, values with ...
Git 安全漏洞
Git is a free, open source distributed version control system open-sourced by Git. A security vulnerability exists in Git that stems from improper handling of trailing carriage returns when processing configuration values, which could allow submodules to be incorrectly detected in a hook director...
CVE-2024-52792
LDAP Account Manager LAM is a php webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via mainmanage.php and confmain.php. This allows setting arbitrary config values...
DEBIAN-CVE-2024-52792
LDAP Account Manager LAM is a php webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via mainmanage.php and confmain.php. This allows setting arbitrary config values...
UBUNTU-CVE-2024-52792
LDAP Account Manager LAM is a php webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via mainmanage.php and confmain.php. This allows setting arbitrary config values...
CVE-2024-52792 Arbitrary config values override in lam
LDAP Account Manager LAM is a php webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via mainmanage.php and confmain.php. This allows setting arbitrary config values...
CVE-2024-52792 Arbitrary config values override in lam
LDAP Account Manager LAM is a php webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via mainmanage.php and confmain.php. This allows setting arbitrary config values...
CVE-2024-52792 Arbitrary config values override in lam
LDAP Account Manager LAM is a php webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via mainmanage.php and confmain.php. This allows setting arbitrary config values...
Cloudflare Public Bug Bounty: Extraction of Pages build scripts, config values, tokens, etc. via symlinks
A vulnerability was discovered in Pages build scripts that allowed malicious actors to extract build source/configuration and environment variables via symlinks due to broader permission set on certain folders within the filesystem structure. The issue was remediated by tightening permissions on...
CVE-2022-26026
A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to loss of communications. An attacker can send a network request to trigger this vulnerability...