GHSA-23F7-99JX-M54R Remote code execution in dependabot-core branch names when cloning

Impact Remote code execution vulnerability in dependabot-common and dependabot-gomodules when a source branch name contains malicious injectable bash code. For example, if Dependabot is configured to use the following source branch name: "/$curl,127.0.0.1", Dependabot will make a HTTP request to...

Remote code execution in dependabot-core branch names when cloning

Impact Remote code execution vulnerability in dependabot-common and dependabot-gomodules when a source branch name contains malicious injectable bash code. For example, if Dependabot is configured to use the following source branch name: "/$curl,127.0.0.1", Dependabot will make a HTTP request to...

NFCGate - An NFC Research Toolkit Application For Android

NFCGate is an Android application meant to capture, analyze, or modify NFC traffic. It can be used as a researching tool to reverse engineer protocols or assess the security of protocols against traffic modifications. Notice This application was developed for security research purposes by student...

Use-after-free when cloning a partially consumed `Vec` iterator

The IntoIter Clone implementation clones the whole underlying Vec. If the iterator is partially consumed the consumed items will be copied, thus creating a use-after-free access. A proof of concept is available in the original bug report...

RUSTSEC-2020-0145 Use-after-free when cloning a partially consumed `Vec` iterator

The IntoIter Clone implementation clones the whole underlying Vec. If the iterator is partially consumed the consumed items will be copied, thus creating a use-after-free access. A proof of concept is available in the original bug report...

FS Thumbtack Clone SQL Injection (CVE-2017-17589; CVE-2017-17576)

An SQL injection vulnerability exists in FS Thumbtack Clone. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation clone can have a memory-safety issue upon a panic.

...

Directory Traversal

cgit is vulnerable to directory traversal. The vulnerability exists in cgitcloneobjects, when enable-http-clone=1 is not turned off...

DEBIAN-CVE-2020-25794

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, clone can have a memory-safety issue upon a panic...

UBUNTU-CVE-2020-25794

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, clone can have a memory-safety issue upon a panic...

PT-2020-16211

Name of the Vulnerable Software and Affected Versions sized-chunks crate versions through 0.6.2 Description An issue was discovered in the sized-chunks crate, where the array size is not checked when constructed with unit, pair, or From in the Chunk implementation. Additionally, the Clone and...

PT-2020-16212

Name of the Vulnerable Software and Affected Versions sized-chunks crate versions through 0.6.2 Description An issue was discovered in the sized-chunks crate, where the array size is not checked when constructed with unit and pair in the Chunk implementation. Additionally, the array size is not...

PT-2020-16214

Name of the Vulnerable Software and Affected Versions sized-chunks crate versions through 0.6.2 Description An issue was discovered in the sized-chunks crate, where the Chunk implementation has memory-safety issues. Specifically, the array size is not checked when constructed with unit, pair, or...

PT-2020-16213

Name of the Vulnerable Software and Affected Versions sized-chunks crate versions through 0.6.2 Description The issue concerns memory safety in the sized-chunks crate for Rust. Specifically, in the Chunk implementation, the array size is not checked when constructed with From, unit, or pair...

Command Injection in meta-git

All versions of meta-git are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to an exec call, which may allow attackers to execute arbitrary code in the system. The clone command is vulnerable through the branch name. Recommendation No fix is currently...

GHSA-QCFF-FFX3-M25C Command Injection in meta-git

All versions of meta-git are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to an exec call, which may allow attackers to execute arbitrary code in the system. The clone command is vulnerable through the branch name. Recommendation No fix is currently...

How can Microsoft Threat Protection help reduce the risk from phishing?

Microsoft Threat Protection can help you reduce the cost of phishing The true cost of a successful phishing campaign may be higher than you think. Although phishing defenses and user education have become common in many organizations, employees still fall prey to these attacks. This is a problem...

PT-2020-3658 · Microsoft · Visual Studio Code

Name of the Vulnerable Software and Affected Versions: Visual Studio Code affected versions not specified Description: A remote code execution issue exists when Visual Studio Code processes environment variables after opening a project. An attacker who successfully exploits this could run arbitra...

A week in security (August 3 – 9)

Last week on Malwarebytes Labs, on our Lock and Code podcast, we talked about identity and access management technology. We also wrote about business email compromises to score big, discussed how the Data Accountability and Transparency Act of 2020 looks beyond consent, and we analyzed how the...

CVE-2020-15108

In glpi before 9.5.1, there is a SQL injection for all usages of "Clone" feature. This has been fixed in 9.5.1...