3096 matches found
Improper Privilege Management
github.com/openshift/openshift-controller-manager is vulnerable to Improper Privilege Management. The vulnerability is due to misuse of elevated privileges during the build process, where the git-clone container is run with a privileged security context, allowing an attacker to provide a crafted...
OpenShift Controller Manager Improper Privilege Management
A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. During the build initialization step, the git-clone container is run with a privileged security context, allowing unrestricted access to the node. An...
Red Hat OpenShift Container Platform 安全漏洞
Red Hat OpenShift Container Platform is a suite of application platforms from Red Hat, Inc. that help organizations develop, deploy and manage existing container-based applications across physical, virtual and public cloud infrastructures. A security vulnerability exists in Red Hat OpenShift...
CVE-2024-45496
CVE-2024-45496 is an OpenShift OpenShift Controller Manager issue describing elevated privileges in the build process. The root cause is the git-clone container running with a privileged security context during build initialization, allowing a crafted .gitconfig to execute commands during cloning...
PT-2024-39167 · WordPress · Backuply
Name of the Vulnerable Software and Affected Versions: Backuply – Backup, Restore, Migrate and Clone plugin for WordPress versions up to, and including, 1.3.4 Description: The issue is related to SQL Injection via the options parameter passed to the backuply wp clone sql function due to...
Huawei EulerOS: Security Advisory for git (EulerOS-SA-2024-2342)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Exploit for Missing Authorization in Sonaar Mp3_Audio_Player_For_Music\,_Radio_\&_Podcast
CVE-2024-7856 ★ CVE-2024-7856 Arbitrary File deletion PoC ★...
MAL-2024-12238 Malicious code in cobo-custdy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 cd0d754c7d09b395a490411bfdba9006309e5227c634e9946f4612de907de0d0 It appears to be a forgotten pentest checking typosquatting against cobo-custody package, but may also have malicious purposes. During installation, if a machi...
MAL-2024-12239 Malicious code in cobo-python (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2f1c1c4efd134e130c04178382ff3ea318301fb18b5eb6eed696c49cf64e9ad6 It appears to be a forgotten pentest checking typosquatting against cobo-custody package, but may also have malicious purposes. During installation, if a machi...
YubiKey Side-Channel Attack
There is a side-channel attack against YubiKey access tokens that allows someone to clone a device. Its a complicated attack, requiring the victims username and password, and physical access to their YubiKey--as well as some technical expertise and equipment. Still, nice piece of security analysi...
SUSE CVE-2024-44965
In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix pticlonepgtable alignment assumption Guenter reported dodgy crashes on an i386-nosmp build using GCC-11 that had the form of endless traps until entry stack exhaust and then DF from the stack guard. It turned out that...
CVE-2024-44965
In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix pticlonepgtable alignment assumption Guenter reported dodgy crashes on an i386-nosmp build using GCC-11 that had the form of endless traps until entry stack exhaust and then DF from the stack guard. It turned out that...
DEBIAN-CVE-2024-44965
In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix pticlonepgtable alignment assumption Guenter reported dodgy crashes on an i386-nosmp build using GCC-11 that had the form of endless traps until entry stack exhaust and then DF from the stack guard. It turned out that...
UBUNTU-CVE-2024-44965
In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix pticlonepgtable alignment assumption Guenter reported dodgy crashes on an i386-nosmp build using GCC-11 that had the form of endless traps until entry stack exhaust and then DF from the stack guard. It turned out that...
CVE-2024-44965 x86/mm: Fix pti_clone_pgtable() alignment assumption
In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix pticlonepgtable alignment assumption Guenter reported dodgy crashes on an i386-nosmp build using GCC-11 that had the form of endless traps until entry stack exhaust and then DF from the stack guard. It turned out that...
PT-2025-2089 · Drupal · Content Entity Clone
Name of the Vulnerable Software and Affected Versions: Content Entity Clone versions 0.0.0 through 1.0.4 Description: The issue is related to incorrect authorization in the Content Entity Clone module for Drupal, allowing forceful browsing. This can enable a remote attacker to disclose protected...
Drupal Content Entity Clone module < 1.0.4 - Authenticated Sensitive Data Exposure vulnerability
Authenticated Sensitive Data Exposure vulnerability discovered by Vojislav Jovanovic in WordPress Module Content Entity Clone versions 1.0.4...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an alignment assumption error vulnerability in the pticlonepgtable function in the x86/mm component...
gix-path uses local config across repos when it is the highest scope
Summary gix-path executes git to find the path of a configuration file that belongs to the git installation itself, but mistakenly treats the local repository's configuration as system-wide if no higher scoped configuration is found. In rare cases, this causes a less trusted repository to be...
RUSTSEC-2024-0367 gix-path uses local config across repos when it is the highest scope
Summary gix-path executes git to find the path of a configuration file that belongs to the git installation itself, but mistakenly treats the local repository's configuration as system-wide if no higher scoped configuration is found. In rare cases, this causes a less trusted repository to be...