Command Injection

czproject/git-php is vulnerable to command injection. A remote attacker is able to use additional flags to perform command injections via the isRemoteUrlReadable function since the url and refs parameter passing process to the git ls-remote subcommand, allows additional flags to be set...

CVE-2022-25648

A flaw was found in ruby-git, where the package is vulnerable to command injection via the git argument. This flaw allows an attacker to set additional flags, which leads to performing command injections...

CVE-2022-25648

The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetchremote = 'origin', opts = function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform...

CVE-2022-21223

The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function when using hg, the url and/or revision, tag, branch is passed to the hg clone command in a way that additional flags can be set. The additional flags can...

The vulnerability of the AES GCM encryption function of the authentication and authorization module for the Apache 2.x HTTP server Mod_auth_openidc allows a perpetrator to access confidential data.

The vulnerability of the AES GCM module’s authentication and authorization function for the Apache 2.x HTTP server Modauthopenidc is related to the use of static IVs and AADs. Exploiting this vulnerability allows a malicious actor to gain access to confidential data...

Microweber 输入验证错误漏洞

Microweber is a drag-and-drop online store management system from the Microweber community in the United States. The system includes modules for adding products, images, etc. An integer overflow vulnerability exists in versions of Microweber prior to 1.3. The vulnerability stems from the fact tha...

CVE-2022-24953

The CryptGPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG versions...

CVE-2022-24953

The CryptGPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG versions...

AWS-Loot - Pull Secrets From An AWS Environment

Searches an AWS environment looking for secrets, by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services. Install pip install -r requirements.txt An AWS credential file .aws/credentials is required for authentication t...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +170 more potentially affected by CVE-2022-21730 via tensorflow-gpu (>=1.10.1 <=2.5.1)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 and more Source cves: CVE-2022-21730 Source advisory: OSV:PYSEC-2022-109...

Malicious Users Can Transfer Vault Collateral To Other Accounts To Extract Additional Yield From The Protocol

Handle leastwood Vulnerability details Impact ConvexYieldWrapper.sol is a wrapper contract for staking convex tokens on the user's behalf, allowing them to earn rewards on their deposit. Users will interact with the Ladle.sol contract's batch function which: Approves Ladle to move the tokens...

CVE-2022-21394

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.32. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

CVE-2022-21400

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications component: Mediation Engine. Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromi...

CVE-2021-22060

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...

CVE-2022-20022

In Bluetooth, there is a possible link disconnection due to bluetooth does not properly handle a connection attempt from a host with the same BD address as the currently connected BT host. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. Use...

DEBIAN-CVE-2021-43543

Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

Google Android 信息泄露漏洞

Google Android is a Linux-based open source operating system from Google, Inc. Google Android is vulnerable to an information disclosure vulnerability that can be exploited by attackers to cause local information disclosure without additional execution privileges...

Google Android 信息泄露漏洞

Google Android is a Linux-based open source operating system from Google, Inc. An information disclosure vulnerability exists in Google Android, which can be exploited by attackers to cause local information disclosure without additional execution privileges...

CVE-2021-43795 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in com.linecorp.armeria:armeria

Armeria is an open source microservice framework. In affected versions an attacker can access an Armeria server's local file system beyond its restricted directory by sending an HTTP request whose path contains %2F encoded /, such as /files/..%2Fsecrets.txt, bypassing Armeria's path validation...

CVE-2021-0621

In asf extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05561383...