RUSTSEC-2024-0367 gix-path uses local config across repos when it is the highest scope

Summary gix-path executes git to find the path of a configuration file that belongs to the git installation itself, but mistakenly treats the local repository's configuration as system-wide if no higher scoped configuration is found. In rare cases, this causes a less trusted repository to be...

git: Recursive clones RCE

A vulnerability was found in Git. This vulnerability allows the malicious manipulation of repositories containing submodules, exploiting a bug that enables the writing of files into the .git/ directory instead of the submodule's intended worktree. This manipulation facilitates the execution of...

git: Recursive clones RCE

A vulnerability was found in Git. This vulnerability allows the malicious manipulation of repositories containing submodules, exploiting a bug that enables the writing of files into the .git/ directory instead of the submodule's intended worktree. This manipulation facilitates the execution of...

PT-2024-28240 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.3.0p14 Checkmk versions prior to 2.2.0p33 Checkmk versions prior to 2.1.0p47 Checkmk version 2.0.0 Description: The issue allows malicious users to execute arbitrary scripts by injecting HTML elements into the SLA...

Exploit for Unrestricted Upload of File with Dangerous Type in Git

CVE-2024-32002 RCE PoC Overview This repository contains...

WordPress Clone plugin <= 2.4.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Clone versions = 2.4.5...

WordPress Clone Plugin <= 2.4.5 is vulnerable to Broken Access Control

Software Clone Type Plugin Vulnerable versions = 2.4.5 Fixed in 2.4.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43298 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 92218c2f2d27 Credits Ananda Dhakal Patchstack Required...

UBUNTU-CVE-2024-3958

An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into...

Exploit for Heap-based Buffer Overflow in Microsoft

Firebeam CVE-2024-26229 plugin A small firebeam kaine's risc...

RUSTSEC-2024-0355 gix-path can use a fake program files location

Summary When looking for Git for Windows so it can run it to report its paths, gix-path can be tricked into running another git.exe placed in an untrusted location by a limited user account. Details Windows permits limited user accounts without administrative privileges to create new directories ...

git: RCE while cloning local repos

A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code...

Number withdrawn

Please is a sudo clone by ed neville personal developer. This CVE number has been withdrawn...

CLSA-2024-1720468480 kernel: Fix of 89 CVEs

kvm: initialize all of the kvmdebugregs structure before sending it to userspace CVE-2023-1513 - wifi: mac80211: fix MBSSID parsing use-after-free CVE-2022-42719 - mac80211: always allocate struct ieee80211elems CVE-2022-42719 - netfilter: nftables: initialize registers in nftdochain...

git: Recursive clones RCE

A vulnerability was found in Git. This vulnerability allows the malicious manipulation of repositories containing submodules, exploiting a bug that enables the writing of files into the .git/ directory instead of the submodule's intended worktree. This manipulation facilitates the execution of...

git: additional local RCE

A flaw was found in Git in a full copy of a Git repository. A prerequisite for this vulnerability is for an unauthenticated attacker to place a specialized repository on their target's local system. If the victim were to clone this repository, it could result in arbitrary code execution...

git: symlink bypass

A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a repository on their target's local system that contains symlinks. During the cloning process, Git could be tricked into creating hardlinked arbitrary files into their repository's objects/ directory, impacti...

Exploit for Unrestricted Upload of File with Dangerous Type in Git

CVE-2024-32002: Exploiting Git RCE via git clone This repository contains a PoC for exploiting CVE-2024-32002, a vulnerability in Git that allows RCE during a git clone operation. By crafting repositories with submodules in a specific way, an attacker can exploit symlink handling on...

Exploit for Unrestricted Upload of File with Dangerous Type in Git

CVE-2024-32002 PoC 1. You must set up the git's symbolic link...

kernel: net: cdc_eem: fix tx fixup skb leak

In the Linux kernel, the following vulnerability has been resolved: net: cdceem: fix tx fixup skb leak when usbnet transmit a skb, eem fixup it in eemtxfixup, if skbcopyexpand failed, it return NULL, usbnetstartxmit will have no chance to free original skb. fix it by free orginal skb in eemtxfixu...

CVE-2024-39002

rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function util.clone. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...