CVE-2022-25900

All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git...

CVE-2022-32050

TOTOLINK T6 V4.1.9cu.5179B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN0041af40...

git-clone 参数注入漏洞

git-clone is a repository for cloning git repositories developed by Jason Frame in the UK. A parameter injection vulnerability exists in git-clone, which stems from an unsafe use of git's --upload-pack feature, which makes all versions of the package git-clone vulnerable to command injection...

PT-2022-17595

Name of the Vulnerable Software and Affected Versions: git-clone affected versions not specified Description: The git-clone package is susceptible to Command Injection due to insecure usage of the --upload-pack feature of git. This allows for potential malicious code execution. Credit for...

GHSA-5J8W-R7G8-5472 Arrow2 allows double free in `safe` code

The struct FfiArrowArray implements deriveClone that is inconsistent with its custom implementation of Drop, resulting in a double free when cloned. Cloning this struct in safe results in a segmentation fault, which is unsound. This derive was removed from this struct. All users are advised to...

Arrow2 allows double free in `safe` code

The struct FfiArrowArray implements deriveClone that is inconsistent with its custom implementation of Drop, resulting in a double free when cloned. Cloning this struct in safe results in a segmentation fault, which is unsound. This derive was removed from this struct. All users are advised to...

CVE-2022-30914

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateMacClone parameter at /goform/aspForm...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

Confluence RCE CVE-2022-26134 Exploit Detection Pre-requ...

GHSA-68P4-PJPF-XWCQ insert_slice_clone can double drop if Clone panics.

Affected versions of this crate used ptr::copy when inserting into the middle of a Vec. When ownership was temporarily duplicated during this copy, it calls the clone method of a user provided element. This issue can result in an element being double-freed if the clone call panics. Commit 20cb73d...

Missing Authorization

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Missing Authorization via the bugactiongroup.php process. An attacker, with rights to create new issues, can clone any private issue, including all bugnotes and attachments, by manipulating the...

MantisBT Missing Authorization access check in bug_actiongroup.php

An issue was discovered in MantisBT before 2.24.4. A missing access check in bugactiongroup.php allows an attacker with rights to create new issues to use the COPY group action to create a clone, including all bugnotes and attachments, of any private issue i.e., one having Private view status, or...

CVE-2019-13226

deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/block-dev-basename in the Helper::temporaryMountDevice function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location to have the file system mounted in an arbitrary...

new packages: perl-Clone

An update is available for perl-Clone. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

Mercurial arbitrary code execution vulnerability

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a 1 clone, 2 push, or 3 pull command, related to a a list sizing rounding error and b short records...

GHSA-3PMW-H7J4-RF54 Mercurial vulnerable to arbitrary command execution via a crafted repository name in a clone command

The validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command...

This Week in Spring - May 10th, 2022

Hi, Spring fans! Im writing this from - I cant believe I get to say this - abroad! Im in London, UK! Now, this is not particularly noteworthy for those millions who already live here. But I dont live here. Im a visitor! I live in San Francisco. I had to fly here! On a plane! With other people!...

DRUPAL-CONTRIB-2022-038

The module adds a "Clone" tab to a node. When clicked, a new node is created and fields from the previous node are populated into the new fields. This module supports paragraphs, groups, and other referenced entities. The module has a vulnerability which allows attackers to bypass the protection ...

Command Injection

git-pull-or-clone is vulnerable to command injection. A remote attacker is able to inject malicious command-line arguments to be executed on the OS through the gitClone function via the --upload-pack feature of git...

Quick Node Clone - Moderately critical - Access bypass - SA-CONTRIB-2022-038

The module adds a "Clone" tab to a node. When clicked, a new node is created and fields from the previous node are populated into the new fields. This module supports paragraphs, groups, and other referenced entities. The module has a vulnerability which allows attackers to bypass the protection ...

GHSA-3X62-X456-Q2VM OS Command Injection in git-pull-or-clone

The package git-pull-or-clone before 2.0.2 is vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn. However, the outpath parameter passed to it may be a...