36 matches found
Powerline Gitstatus vulnerable to arbitrary code execution
powerline-gitstatus aka Powerline Gitstatus before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using powerline-gitstatus, changing to a directory automatically runs gi...
CVE-2022-42906
powerline-gitstatus aka Powerline Gitstatus before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using powerline-gitstatus, changing to a directory automatically runs gi...
DEBIAN-CVE-2022-42906
powerline-gitstatus aka Powerline Gitstatus before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using powerline-gitstatus, changing to a directory automatically runs gi...
CVE-2022-42906
powerline-gitstatus aka Powerline Gitstatus before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using powerline-gitstatus, changing to a directory automatically runs gi...
Design/Logic Flaw
powerline-gitstatus aka Powerline Gitstatus before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using powerline-gitstatus, changing to a directory automatically runs gi...
CVE-2022-42906
powerline-gitstatus aka Powerline Gitstatus before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using powerline-gitstatus, changing to a directory automatically runs gi...
CVE-2022-42906
Technical details about CVE-2022-42906 are not publicly provided in the supplied documents. Monitor for updates in external sources.
CVE-2022-29187
A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This issue allows the owner of the repository to cause arbitrary commands to be executed by...
DEBIAN-CVE-2022-20001
fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing...
shells/fish -- arbitrary code execution via git
Peter Ammon reports: fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default...
Security update for rmt-server (important)
openSUSE Security Update: Security update for rmt-server Announcement ID: openSUSE-SU-2020:2000-1 Rating: important References: 1172177 1172182 1172184 1172186 1173351 Cross-References: CVE-2019-16770 CVE-2019-5418 CVE-2019-5419 CVE-2019-5420 CVE-2020-11076 CVE-2020-11077 CVE-2020-15169...
CVE-2020-14204
In WebFOCUS Business Intelligence 8.0 SP6, the administration portal allows remote attackers to read arbitrary local files or forge server-side HTTP requests via a crafted HTTP request to /ibiapps/WFServlet.cfg because XML external entity injection is possible. This is related to making changes t...
Xxe
In WebFOCUS Business Intelligence 8.0 SP6, the administration portal allows remote attackers to read arbitrary local files or forge server-side HTTP requests via a crafted HTTP request to /ibiapps/WFServlet.cfg because XML external entity injection is possible. This is related to making changes t...
CVE-2020-14204
In WebFOCUS Business Intelligence 8.0 SP6, the administration portal allows remote attackers to read arbitrary local files or forge server-side HTTP requests via a crafted HTTP request to /ibiapps/WFServlet.cfg because XML external entity injection is possible. This is related to making changes t...
yum-utils: reposync: improper path validation may lead to directory traversal
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path...
CVE-2018-10897
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path...