PYSEC-2023-250

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...

UBUNTU-CVE-2023-49081

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...

CVE-2023-49081 aiohttp's ClientSession is vulnerable to CRLF injection via version

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...

CVE-2023-49081

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...

PYSEC-2023-251

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request e.g. insert a new header or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if th...

SUSE CVE-2023-5752

When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and which...

The vulnerability of the SourceTree visual Git client, related to insufficient validation of input data, allows a hacker to execute arbitrary code.

The vulnerability of the visual Git client SourceTree is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

BIT-NGINX-INGRESS-CONTROLLER-2021-23055

On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

DEBIAN-CVE-2023-5752

When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and which...

The vulnerability of the distributed Git version control system for Windows lies in the lack of protection for service data, allowing a perpetrator to access confidential information.

The vulnerability of the distributed Git version control system for Windows is related to the lack of protection for service data. Exploiting this vulnerability could allow an attacker to access confidential information...

The vulnerability of the distributed Git version control system for Windows lies in the use of an unreliable path for checking orthography of cloned repositories, allowing a perpetrator to execute arbitrary code.

The vulnerability of the distributed Git version control system for Windows is related to the use of an unreliable path for checking orthography of cloned repositories. Exploiting this vulnerability allows a perpetrator to execute arbitrary code...

Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credential Disclosure

Electrolink FM/DAB/TV Transmitter controlloLogin.js Credentials Disclosure Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100W...

UBUNTU-CVE-2023-39320

The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules...

SUSE CVE-2023-39320

The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules...

heap-buffer-overflow in function vim_regsub_both

Description heap-buffer-overflow in vimregsubboth at regexp.c:2482 Version git log commit e073a8b79f1d3398b27f35b7920746b564a169e9 HEAD - master, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -i NONE -n -m -X -Z -e -s -S vimregsubbothpoc -c :qa! helplang=en readonly...

CVE-2023-2860 affecting package kernel for versions less than 5.15.126.1-1

CVE-2023-2860 affecting package kernel for versions less than 5.15.126.1-1. A patched version of the package is available...

ROS-20230824-02

A vulnerability in Git's distributed version control system is related to flaws in the path name limitation to the directory. Exploitation of the vulnerability allows an attacker acting remotely to impact the data integrity using a specially crafted command. The vulnerability in the...

Code injection

tktchurch/website contains the codebase for The King's Temple Church website. In version 0.1.0, a Stripe API key was found in the public code repository of the church's project. This sensitive information was unintentionally committed and subsequently exposed in the codebase. If an unauthorized...

Yank Note 3.52.1 Arbitrary Code Execution

Exploit Title: Yank Note v3.52.1 Electron - Arbitrary Code Execution Date: 2023-04-27 Exploit Author: 8bitsec CVE: CVE-2023-31874 Vendor Homepage: yank-note.com Software Link: https://github.com/purocean/yn Version: 3.52.1 Tested on: Ubuntu 22.04 | Mac OS 13 Release Date: 2023-04-27 Product &...

Yank Note v3.52.1 (Electron) - Arbitrary Code Execution Vulnerability

Exploit Title: Yank Note v3.52.1 Electron - Arbitrary Code Execution Exploit Author: 8bitsec CVE: CVE-2023-31874 Vendor Homepage: yank-note.com Software Link: https://github.com/purocean/yn Version: 3.52.1 Tested on: Ubuntu 22.04 | Mac OS 13 Release Date: 2023-04-27 Product & Service Introduction...