kernel: netfilter: nf_tables: possible module reference underflow in error path

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: possible module reference underflow in error path dst-ops is set on when nftexprclone fails, but module refcount has not been bumped yet, therefore nftexprdestroy leads to module reference underflow...

Exploit for Command Injection in Wwbn Avideo

WWBN AVideo currentVersion Authenticated RCE A command in...

cloud-clone.com Cross Site Scripting vulnerability OBB-3337442

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

EulerOS 2.0 SP9 : git (EulerOS-SA-2023-1841)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33....

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2023-1841)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

kernel: dm clone: Fix UAF in clone_dtr()

A use-after-free vulnerability was found in the device-mapper clone target. When dmresume and dmdestroy execute concurrently, a timer may fire after the clone target structure has been freed, leading to use-after-free...

git: exposure of sensitive information to a malicious actor

Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone where the source and target of the clone...

Exploit for OS Command Injection in Wwbn Avideo

WWBN Avideo Authenticated RCE - OS Command Injection CVE-20...

CVE-2022-36788

A heap-based buffer overflow vulnerability exists in the TriangleMesh clone functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially-crafted STL file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2022-36788

A heap-based buffer overflow vulnerability exists in the TriangleMesh clone functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially-crafted STL file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2022-36788

A heap-based buffer overflow vulnerability exists in the TriangleMesh clone functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially-crafted STL file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

PT-2023-13500 · Libslic3R +1 · Libslic3R +1

Name of the Vulnerable Software and Affected Versions: libslic3r version 1.3.0 libslic3r Master Commit b1a5500 Description: A heap-based buffer overflow issue exists in the TriangleMesh clone functionality. This can be triggered by a specially-crafted STL file, leading to a heap buffer overflow. ...

Parsing borsh messages with ZST which are not-copy/clone is unsound

Affected versions of borsh cause undefined behavior when zero-sized-types ZST are parsed and the Copy/Clone traits are not implemented/derived. For instance if 1000 instances of a ZST are deserialized, and the ZST is not copy this can be achieved through a singleton, then accessing/writing to...

CLSA-2023-1681137249 Fix CVE(s): CVE-2022-39253

SECURITY UPDATE: When cloning a repository with --local, Git relies on either making a hardlink or copy to every file in the "objects" directory of the source repository. As a result, malformed repository containing symbolic links pointing at the sensitive information on the victim's machine coul...

Stored XSS via Markdown Comment

Description Register one account on blog, if account was actived, it can be comment. \ We can commment with markdown.\ When another user clicks on the comment there may be an XSS alert. I git clone project and build with docker. Latest commit is: 07a1ded08eb4e0c6979f6aeebc35f3864ba250a7\ \ Proof ...

Mageia: Security Advisory (MGASA-2023-0066)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5968-1 python-git vulnerability

It was discovered that GitPython did not properly sanitize user inputs for remote URLs in the clone command. By injecting a maliciously crafted remote URL, an attacker could possibly use this issue to execute arbitrary commands on the host...

Medium: git

Issue Overview: Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git...

Debian: Security Advisory (DSA-2014-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Clone Plugin <= 2.3.7 is vulnerable to Broken Access Control

Software Clone Type Plugin Vulnerable versions = 2.3.7 Fixed in 2.3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25486 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 289ad9c968ce Credits Mika Required privilege Subscriber...