Command Injection

git-clone is vulnerable to command injection. The vulnerability exists due to the insecure usage of the --upload-pack feature of git. An attacker with the ability to control the options object provided to the clone function through the options.args array, is able to inject arbitrary commands to r...

PT-2021-22477 · Apache · Apache Echarts

Name of the Vulnerable Software and Affected Versions: ZRender versions prior to 5.2.1 Apache ECharts versions prior to 5.2.1 Description: The issue results in prototype pollution when using merge and clone helper methods in the src/core/util.ts module. It affects Apache ECharts, which uses and...

Foxit PhantomPDF Denial of Service Vulnerability (CNVD-2019-24196)

PhantomPDF is a multifunctional PDF editor. A denial of service vulnerability exists in Foxit PhantomPDF versions prior to 8.3.11 when calling the clone function. The vulnerability stems from an infinite loop caused by an obfuscation of the relationship between the factor object and the parent...

Design/Logic Flaw

An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling the clone function due to an endless loop resulting from confusing relationships between a child and parent object caused by an append error...

CVE-2019-14207

An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling the clone function due to an endless loop resulting from confusing relationships between a child and parent object caused by an append error...

DEBIAN-CVE-2018-19838

In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENTASTOPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone, cloneChildren, and copy...

DEBIAN-CVE-2015-3451

The clone function in XML::LibXML before 2.0119 does not properly set the expandentities option, which allows remote attackers to conduct XML external entity XXE attacks via crafted XML data to the 1 new or 2 loadxml function...

Xxe

The clone function in XML::LibXML before 2.0119 does not properly set the expandentities option, which allows remote attackers to conduct XML external entity XXE attacks via crafted XML data to the 1 new or 2 loadxml function...

UBUNTU-CVE-2015-3451

The clone function in XML::LibXML before 2.0119 does not properly set the expandentities option, which allows remote attackers to conduct XML external entity XXE attacks via crafted XML data to the 1 new or 2 loadxml function...

Medium: lighttpd

Issue Overview: Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service segmentation fault and crash via unspecified vectors that trigger FAMMonitorDirectory failures. lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, whi...

CVE-2013-4559

lighttpd before 1.4.33 does not check the return value of the 1 setuid, 2 setgid, or 3 setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fai...

Design/Logic Flaw

lighttpd before 1.4.33 does not check the return value of the 1 setuid, 2 setgid, or 3 setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fai...

CVE-2013-4559

lighttpd before 1.4.33 does not check the return value of the 1 setuid, 2 setgid, or 3 setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fai...

CVE-2013-4559

lighttpd before 1.4.33 does not check the return value of the 1 setuid, 2 setgid, or 3 setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fai...

Ubuntu 9.10 / 10.04 LTS / 10.10 : linux, linux-ec2 vulnerabilities (USN-1041-1)

Ben Hawkes discovered that the Linux kernel did not correctly filter registers on 64bit kernels when performing 32bit system calls. On a 64bit system, a local attacker could manipulate 32bit system calls to gain root privileges. CVE-2010-3301 Dan Rosenberg discovered that the btrfs filesystem did...