CVE-2022-25900

All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to insecure usage of regular expressions. PoC: js echo 'console.log/AB|C++D/.test"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX"' | npx terser -mc unsafe=true Details Denial of Service DoS describes a...

Insecure temporary file usage in SWHKD

SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service...

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Overview git-clone is a Clone a git repository Affected versions of this package are vulnerable to Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' due to insecure usage of the --upload-pack feature of git. Note: A note was added to the README file of the package t...

Unauthenticated remote code execution in Ignition

Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of filegetcontents and fileputcontents. This is exploitable on sites using debug mode with Laravel before 8.4.2. Module Options msf use...

Ignition Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unauthenticated remote code execution in Ignition', 'Description' = %q Ignition before 2.5.2, as used in Laravel and other products, allows...

Mageia: Security Advisory (MGASA-2017-0154)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-3726

Vulnerability in title function Description: the title function defined in lib/termsupport.zsh uses print to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the title function in a way that is unsafe. Fixed in:...

SUSE: Security Advisory (SUSE-SU-2015:0834-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Insecure Usage Of Boot Loader Addresses

Das U-Boot has an insecure usage of addresses in boot loader. The boot loader in Das U-Boot mishandles the use of unit addresses in a FIT...

Unauthenticated remote code execution in Ignition

Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of filegetcontents and fileputcontents. This is exploitable on sites using debug mode with Laravel before 8.4.2...

Regular Expression Denial Of Service (ReDoS)

express-validators is vulnerable to Regular Expression Denial of Service ReDoS. An attacker is able to crash the application via a malicious URL due to the insecure usage of regex to validate URLs...

Arbitrary Code Execution

blazar-dashboard is vulnerable to arbitrary code execution. An insecure usage of the eval function allows a user to execute arbitrary code on the Horizon host...

python-docutils allows insecure usage of temporary files

python-docutils allows insecure usage of temporary files...

Timing Attack

antonioribeiro/google2fa is vulnerable to timing attacks. This vulnerability is possible because of the insecure usage of == during the user specified key comparison in verifyKey function in Google2FA.php which may lead to an information disclosure...

PYSEC-2019-176

python-docutils allows insecure usage of temporary files...

CVE-2009-5042

python-docutils allows insecure usage of temporary files...

Information Disclosure

tapestry-core is vulnerable to information disclosure. The vulnerability exists due to the insecure usage of .equals for comparing hashes, allowing attackers to determine the correct signature for the payload...

[SECURITY] [DSA 3916-1] atril security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3916-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 21, 2017 https://www.debian.org/security/faq -...

CVE-2017-8934

PCManFM 1.2.5 insecurely uses /tmp for a socket file, enabling a local attacker to cause a denial of service (application unavailability). Multiple connected advisories confirm the issue and provide remediation: upgrade to pcmanfm 1.2.5-2 (or later) where the upstream fix was applied; Arch Linux ...