CVE-2023-26943

Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Imagemagick

Fixed version of CVE-2022-44268 Some PoCs don't work for spec...

PT-2024-13749

Name of the Vulnerable Software and Affected Versions go-git versions prior to v5.11 Description A path traversal vulnerability was discovered in go-git, allowing an attacker to create and amend files across the filesystem. In the worst-case scenario, remote code execution could be achieved...

VulnCheck KEV: CVE-2018-14912

cgitcloneobjects in CGit before 1.2.1 has a directory traversal vulnerability when enable-http-clone=1 is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request...

Pricing Deals for WooCommerce <= 2.0.3.2 - Missing Authorization via vtprd_ajax_clone_rule

Description The Pricing Deals for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data| due to a missing capability check on the 'vtprdajaxclonerule' function in versions up to, and including, 2.0.3.2. This makes it possible for unauthenticated attackers to clone...

SUSE CVE-2023-5752

When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and which...

kernel: wifi: fix potential NULL-ptr deref after clone

A flaw was found in the Linux kernel’s iwlwifi mei driver. When the driver attempts to clone a socket bufferand that operation fails, it may erroneously dereference a NULL pointer, leading to a kernel crash or denial of service. An unprivileged local user may be able to trigger this flaw by...

GitPython: Insecure non-multi options in clone and clone_from is not blocked

An improper input validation vulnerability was found in GitPython. This flaw allows an attacker to inject a maliciously crafted remote URL into the clone command, possibly leading to remote code execution...

CVE-2023-45380

In the module "Order Duplicator " Clone and Delete Existing Order" orderduplicate in version = 1.1.7 from Silbersaiten for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can download personal information from...

kernel: net/mlx5e: Don't clone flow post action attributes second time

A use-after-free flaw was discovered in the Linux kernel’s mlx5e networking driver. The code erroneously cloned flow post action attributes a second time in mlx5etcpostactadd despite an earlier clone in mlx5ecloneflowattrforpostact. This second clone is not properly updated during neighbor update...

kernel: wifi: fix potential NULL-ptr deref after clone

A flaw was found in the Linux kernel’s iwlwifi mei driver. When the driver attempts to clone a socket bufferand that operation fails, it may erroneously dereference a NULL pointer, leading to a kernel crash or denial of service. An unprivileged local user may be able to trigger this flaw by...

Command Injection

pip is vulnerable to Command Injection. While installing a package from Mercurial VCS URL, a specified mercurial URL could be used to inject arbitrary configuration options to the hg clone call. Controlling the Mercurial configuration can modify how and which repository is installed...

CVE-2023-46235 FOG stored XSS on log screen via unsanitized request logging

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10.15, due to a lack of request sanitization in the logs, a malicious request containing XSS would be stored in a log file. When an administrator of the FOG server logged in and viewed the log...

AZL-39958 CVE-2023-5752 affecting package python3 for versions less than 3.12.3-1

When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and which...

DEBIAN-CVE-2023-5752

When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and which...

PYSEC-2023-228

When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and which...

UBUNTU-CVE-2023-5752

When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and which...

CVE-2023-5752

The CVE-2023-5752 issue affects python-pip when installing from a Mercurial VCS URL (for example, pip install hg+...), where prior to v23.3 a specified Mercurial revision could be used to inject arbitrary configuration options to the hg clone call (for instance --config). This could modify the re...

GHSA-6878-6WC2-PF5H Sequential calls of encryption API (`encrypt`, `wrap`, and `dump`) result in nonce reuse

Problem: Trying to create a new encrypted message with the same cocoon object generates the same ciphertext. It mostly affects MiniCocoon and Cocoon objects with custom seeds and RNGs where StdRng is used under the hood. Note: The issue does NOT affect objects created with Cocoon::new which...

please Security breach

please is a sudo clone by the individual developer of ed neville. A security vulnerability exists in please 0.5.4 and earlier, which stems from allowing privilege escalation via TIOCSTI and/or TIOCLINUX ioctl...