SUSE CVE-2006-1731

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when 1 .valueOf.call or 2 .valueOf.apply are called without any arguments, which allows remote...

Path Traversal

git is vulnerable to Path Traversal. By feeding a crafted input to git apply, a path outside the working tree can be overwritten as the user who is running git apply...

SUSE CVE-2015-0838

Buffer overflow in the C implementation of the applydelta function in pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file...

SUSE CVE-2018-10887

A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in gitdeltaapply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw...

SUSE CVE-2019-8308

Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the applyextra script sandbox, which allows attackers to modify a host-side executable file...

DEBIAN-CVE-2023-23946

Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to git apply, a path outside the working tree can be overwritten as the user who is running git apply. A...

ALPINE-CVE-2023-23946

Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to git apply, a path outside the working tree can be overwritten as the user who is running git apply. A...

CVE-2023-23946

Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to git apply, a path outside the working tree can be overwritten as the user who is running git apply. A...

UBUNTU-CVE-2023-23946

Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to git apply, a path outside the working tree can be overwritten as the user who is running git apply. A...

Adobe Releases Security Updates for Multiple Products

Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates...

JVN#00712821: Improper restriction of XML external entity reference (XXE) vulnerability in tsClinical Define.xml Generator and tsClinical Metadata Desktop Tools

tsClinical Define.xml Generator and tsClinical Metadata Desktop Tools provided by FUJITSU LIMITED contain an improper restriction of XML external entity reference XXE vulnerability CWE-611. Impact By reading a specially crafted XML file, arbitrary files which meet a certain condition may be...

git -- "git apply" overwriting paths outside the working tree

git team reports: By feeding a crafted input to "git apply", a path outside the working tree can be overwritten as the user who is running "git apply"...

Security Bulletin: Path traversal vulnerability affects IBM Business Automation Workflow - CVE-2022-43864

Summary IBM Business Automation Workflow is vulnerable to a Path Traversal attack. Vulnerability Details CVEID:CVE-2022-43864 DESCRIPTION: IBM Business Automation Workflow could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request...

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to improper permission controls (CVE-2022-40232)

Summary IBM Sterling B2B Integrator has addressed the permission control security vulnerability Vulnerability Details CVEID:CVE-2022-40232 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition could allow an authenticated user to perform actions they should not have access to due to improper...

PT-2023-35899 · Libraw · Libraw

Name of the Vulnerable Software and Affected Versions: LibRaw affected versions not specified Description: The issue is related to an index-out-of-bounds crash. Technical details about the crash include the involvement of specific functions: apply tiff, parse jpeg, and identify. Recommendations: ...

Sql injection

A vulnerability was found in ridhoq soundslike. It has been classified as critical. Affected is the function getsongrelations of the file app/api/songs.py. The manipulation leads to sql injection. The patch is identified as 90bb4fb667d9253d497b619b9adaac83bf0ce0f8. It is recommended to apply a...

Path Traversal in web-node-server

A vulnerability has been found in youngerheart nodeserver and classified as critical. Affected by this vulnerability is an unknown functionality of the file nodeserver.js. The manipulation leads to path traversal. The name of the patch is c4c0f0138ab5afbac58e03915d446680421bde28. It is recommende...

CVE-2015-10065 AenBleidd FiND my_validator.cpp init_result buffer overflow

A vulnerability classified as critical was found in AenBleidd FiND. This vulnerability affects the function initresult of the file validator/myvalidator.cpp. The manipulation leads to buffer overflow. The patch is identified as ee2eef34a83644f286c9adcaf30437f92e9c48f1. It is recommended to apply ...

Sql injection

A vulnerability was found in VictorFerraresi pokemon-database-php. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The patch is named dd0e1e6cdf648d6a3deff441f515bcb1d7573d68. It is recommended to apply a patch...

Sql injection

A vulnerability was found in evandro-machado Trabalho-Web2. It has been classified as critical. This affects an unknown part of the file src/java/br/com/magazine/dao/ClienteDAO.java. The manipulation leads to sql injection. The patch is named f59ac954625d0a4f6d34f069a2e26686a7a20aeb. It is...