CVE-2023-51664 tj-actions/changed-files command injection in output filenames

tj-actions/changed-files is a Github action to retrieve all files and directories. Prior to 41.0.0, the tj-actions/changed-files workflow allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. This issue may lead to arbitrar...

CVE-2023-51664

The CVE refers to the GitHub Action tj-actions/changed-files. Before version 41.0.0, the action allowed command injection through changed filenames, enabling potential arbitrary code execution on the GitHub Runner and possible secret leakage. Affected component: tj-actions/changed-files (GitHub A...

changed-files Security Vulnerabilities

changed-files is used to keep track of the relative paths returned from the project root for all changed files and directories associated with the target branch, previous commits, or the last remote commit. A security vulnerability exists in changed-files versions prior to 41.0.0, which stems fro...

PT-2023-31875 · Github · Tj-Actions/Changed-Files

Name of the Vulnerable Software and Affected Versions: tj-actions/changed-files versions prior to 41.0.0 Description: The tj-actions/changed-files workflow allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. This issue ma...

The vulnerability of the AccessCtrlAccessTargetsRpm component (/userRpm/AccessCtrlAccessTargetsRpm.htm) of the TP-Link routers TL-WR940N, TL-WR841N, TL-WR941N, and TL-WR743N software allows a attacker to cause service interruptions.

The vulnerability of the AccessCtrlAccessTargetsRpm component /userRpm/AccessCtrlAccessTargetsRpm.htm of the TP-Link routers TL-WR940N, TL-WR841N, TL-WR941N, and TL-WR743N lies in the fact that the operation outside the buffer in memory occurs when processing the Changed key parameter. Exploiting...

PT-2023-3432 · Tp Link · Tp-Link Tl-Wr841N +3

Name of the Vulnerable Software and Affected Versions: TP-Link TL-WR940N versions V2 through V6 TP-Link TL-WR841N version V8 TP-Link TL-WR941ND version V5 TP-Link TL-WR740N versions V1 through V2 Description: The issue is related to a buffer read out-of-bounds in the VirtualServerRpm component,...

The vulnerability of the FixMapCfgRpm component (/userRpm/FixMapCfgRpm.htm) in the microprogramming software for TP-Link routers such as TL-WR940N, TL-WR841N, and TL-WR740N allows a hacker to gain unauthorized access to protected information or cause service failures.

The vulnerability of the FixMapCfgRpm component /userRpm/FixMapCfgRpm.htm of the TP-Link routers TL-WR940N, TL-WR841N, and TL-WR740N lies in the copying of buffers without checking the size of the input data during the processing of the Changed parameter. Exploiting this vulnerability can allow a...

CVE-2023-3096

A vulnerability was found in KylinSoft kylin-software-properties on KylinOS. It has been declared as critical. This vulnerability affects the function changedSource. The manipulation leads to improper access controls. An attack has to be approached locally. The exploit has been disclosed to the...

PT-2023-3093 · Tp Link · Tp-Link Tl-Wr740N +2

Name of the Vulnerable Software and Affected Versions: TP-Link TL-WR940N versions V2 through V4 TP-Link TL-WR841N versions V8 through V10 TP-Link TL-WR740N versions V1 through V2 Description: The issue is related to a buffer overflow in the FixMapCfgRpm component /userRpm/FixMapCfgRpm.htm of...

CVE-2023-25213

Tenda AC5 USAC5V1.0RTLV15.03.06.28 was discovered to contain a stack overflow via the checkparamchanged function. This vulnerability allows attackers to cause a Denial of Service DoS or execute arbitrary code via a crafted payload...

Tenda AC5 缓冲区错误漏洞

Tenda AC5 is a wireless router from Tenda China. A security vulnerability exists in the Tenda AC5 USAC5V1.0RTLV15.03.06.28 version, which stems from a stack-based buffer overflow issue in the checkparamchanged function, which can be exploited by an attacker to cause a denial of service DoS or...

PT-2023-19984 · Tenda · Tenda Ac5

Name of the Vulnerable Software and Affected Versions: Tenda AC5 version US AC5V1.0RTL V15.03.06.28 Description: The issue is related to a stack overflow via the check param changed function, which can be exploited by attackers to cause a Denial of Service DoS or execute arbitrary code using a...

Default credentials

The Akuvox E11 secure shell SSH server is enabled by default and can be accessed by the root user. This password cannot be changed by the user...

CLSA-2023-1678395968 systemd: Fix of CVE-2022-4415

CVE-2022-4415: coredump: do not allow user to access coredumps with changed uid/gid/capabilities...

Malicious Package

Overview @b2bgeo/run-if-changed is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

SUSE CVE-2007-2448

Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information revision properties via svn 1 propget, 2 proplist, or 3 propedit...

SUSE CVE-2012-3426

OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by 1 creating new tokens through token chaining, 2 leveraging...

SUSE CVE-2013-0292

The dbusgproxymanagerfilter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal...

SUSE CVE-2018-10940

The cdromioctlmediachanged function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROMMEDIACHANGED ioctl to read out kernel memory...

devel/viewvc-devel is vulnerable to cross-site scripting

C. Michael Pilato reports: security fix: escape revision view copy paths 311 CVE-2023-22464 security fix: escape revision view changed paths 311 CVE-2023-22456...