196 matches found
RUSTSEC-2024-0351 Refs and paths with reserved Windows device names access the devices
Summary On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that...
RUSTSEC-2024-0353 Refs and paths with reserved Windows device names access the devices
Summary On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that...
Refs and paths with reserved Windows device names access the devices
Summary On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that...
Refs and paths with reserved Windows device names access the devices
Summary On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that...
PT-2024-4191 · Gitoxide · Gitoxide
Name of the Vulnerable Software and Affected Versions: gitoxide affected versions not specified Description: The issue is related to how gitoxide handles legacy device names on Windows. When fetching refs or checking out paths that clash with these names, it can read from or write to devices,...
CVE-2024-26644 btrfs: don't abort filesystem when attempting to snapshot deleted subvolume
In the Linux kernel, the following vulnerability has been resolved: btrfs: don't abort filesystem when attempting to snapshot deleted subvolume If the source file descriptor to the snapshot ioctl refers to a deleted subvolume, we get the following abort: BTRFS: Transaction aborted error -2 WARNIN...
CVE-2021-47124
In the Linux kernel, the following vulnerability has been resolved: iouring: fix link timeout refs WARNING: CPU: 0 PID: 10242 at lib/refcount.c:28 refcountwarnsaturate+0x15b/0x1a0 lib/refcount.c:28 RIP: 0010:refcountwarnsaturate+0x15b/0x1a0 lib/refcount.c:28 Call Trace: refcountsubandtest...
CVE-2021-47124 io_uring: fix link timeout refs
In the Linux kernel, the following vulnerability has been resolved: iouring: fix link timeout refs WARNING: CPU: 0 PID: 10242 at lib/refcount.c:28 refcountwarnsaturate+0x15b/0x1a0 lib/refcount.c:28 RIP: 0010:refcountwarnsaturate+0x15b/0x1a0 lib/refcount.c:28 Call Trace: refcountsubandtest...
DEBIAN-CVE-2024-25817
Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components...
CVE-2024-25817
Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components...
CVE-2024-25817
Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components...
UBUNTU-CVE-2024-25817
Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components...
eza Security breaches
eza is eza open source a modern maintenance replacement for the venerable file-listing command-line program ls that comes with Unix and Linux operating systems. A security vulnerability exists in eza versions prior to 0.18.2, which stems from a buffer overflow vulnerability that can be exploited ...
CVE-2024-25817
Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components...
CVE-2024-25817
Affected software: eza (before v0.18.2). Root cause / vulnerability: Buffer overflow allowing local attackers to execute arbitrary code through .git/HEAD, .git/refs, and .git/objects components.** Impact:** Local code execution with high impact as described in multiple advisories. References from...
CVE-2024-25817
Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components...
CVE-2024-25817
Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components...
UBUNTU-CVE-2021-46981
In the Linux kernel, the following vulnerability has been resolved: nbd: Fix NULL pointer in flushworkqueue Open /dev/nbdX first, the configrefs will be 1 and the pointers in nbddevice are still null. Disconnect /dev/nbdX, then reference a null recvworkq. The protection by configrefs in...
mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref
getsortbytable in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY...
Privilege escalation
Microsoft Resilient File System ReFS Elevation of Privilege Vulnerability...