Lucene search
K

2669 matches found

AlpineLinux
AlpineLinux
added 2023/08/28 5:24 p.m.33 views

CVE-2023-40590

GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the git command, if a user runs GitPython from a repo has a git.exe or git...

7.8CVSS6.8AI score0.00465EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2023/08/28 5:24 p.m.33 views

CVE-2023-40590

GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the git command, if a user runs GitPython from a repo has a git.exe or git...

7.8CVSS7.4AI score0.00465EPSS
Exploits1
GitLab Advisory Database
GitLab Advisory Database
added 2023/08/28 12:0 a.m.36 views

Untrusted Search Path

GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the git command, if a user runs GitPython from a repo has a git.exe or git...

7.8CVSS6.7AI score0.00465EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/28 12:0 a.m.3 views

PT-2023-4751 · Gitpython +1 · Gitpython +1

Name of the Vulnerable Software and Affected Versions: GitPython affected versions not specified Description: The issue is related to how Python interacts with Windows systems, specifically when resolving a program. GitPython defaults to use the git command, and if a user runs it from a repositor...

8.6CVSS6.1AI score0.01012EPSS
Exploits2References33
GithubExploit
GithubExploit
added 2023/08/25 7:28 a.m.219 views

Exploit for PHP External Variable Modification in Juniper Junos

CVE-2023-36844 , CVE-2023-36845 , CVE-2023-36846 , CVE-2023-36...

9.8CVSS8.7AI score0.94205EPSS
Exploits28
Github Security Blog
Github Security Blog
added 2023/08/09 8:59 p.m.15 views

Unsanitized user controlled input in module generation

Impact The import-in-the-middle loader used by @opentelemetry/instrumentation works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. It allows for remote code execution in cases where an application passes...

7.8AI score
Exploits0References3Affected Software1
Veracode
Veracode
added 2023/07/27 8:15 a.m.18 views

Cross Site Scripting (XSS)

typo3 is vulnerable to Stored XSS. The vulnerability is due to GeneralUtility::getIndpEnv function which uses unfiltered server environment variable PATHINFO and TypoScript setting config.absRefPrefix=auto. This can lead to an attacker injecting malicious content or malicious HTML code in...

8.8CVSS6.1AI score0.00831EPSS
Exploits1References9Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/07/26 12:0 a.m.28 views

EulerOS Virtualization 3.0.6.6 : libXpm (EulerOS-SA-2023-2430)

According to the versions of the libXpm packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called...

8.8CVSS6.8AI score0.01273EPSS
Exploits2References4
OSV
OSV
added 2023/07/14 9:52 p.m.30 views

GHSA-6HVV-J432-23CV Weave GitOps Terraform Controller Information Disclosure Vulnerability

Impact A vulnerability has been identified in Weave GitOps Terraform Controller which could allow an authenticated remote attacker to view sensitive information. This vulnerability stems from Weave GitOps Terraform Runners tf-runner, where sensitive data is inadvertently printed - potentially...

8.5CVSS7.3AI score0.00706EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2023/07/14 9:9 p.m.9 views

CVE-2023-34236 Information Disclosure Vulnerability in Weave GitOps Terraform Controller

Weave GitOps Terraform Controller aka Weave TF-controller is a controller for Flux to reconcile Terraform resources in a GitOps way. A vulnerability has been identified in Weave GitOps Terraform Controller which could allow an authenticated remote attacker to view sensitive information. This...

8.5CVSS6.6AI score0.00706EPSS
Exploits1References7
Cvelist
Cvelist
added 2023/07/14 9:9 p.m.62 views

CVE-2023-34236 Information Disclosure Vulnerability in Weave GitOps Terraform Controller

Weave GitOps Terraform Controller aka Weave TF-controller is a controller for Flux to reconcile Terraform resources in a GitOps way. A vulnerability has been identified in Weave GitOps Terraform Controller which could allow an authenticated remote attacker to view sensitive information. This...

8.5CVSS8.7AI score0.00706EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2023/07/05 3:18 p.m.33 views

CVE-2023-30585

A vulnerability has been identified in the Node.js .msi version installation process, specifically affecting Windows users who install Node.js using the .msi installer. This vulnerability emerges during the repair operation, where the "msiexec.exe" process, running under the NT AUTHORITY\SYSTEM...

7.5CVSS7.3AI score0.01467EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/06/30 7:17 a.m.56 views

CVE-2023-32439

A vulnerability was found in webkitgtk. This issue occurs when processing maliciously crafted web content, which may lead to arbitrary code execution. Mitigation This vulnerability can be mitigated by setting the environment variable JSCuseDFGJIT=0, which will disable the data flow graph JIT tier...

8.8CVSS8.7AI score0.23788EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/06/23 7:32 p.m.9 views

CVE-2023-35931 Shescape potential environment variable exposure on Windows with CMD

Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1...

3.1CVSS3.8AI score0.00811EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/06/20 12:0 a.m.13 views

PT-2023-4512 · Node.Js +2 · Node.Js +2

Name of the Vulnerable Software and Affected Versions: Node.js versions affected versions not specified Description: A vulnerability has been identified in the Node.js installation process, specifically affecting Windows users who install Node.js using the .msi installer. This issue arises during...

9.8CVSS6.2AI score0.87211EPSS
Exploits4References85
NVD
NVD
added 2023/06/19 11:15 a.m.17 views

CVE-2023-29545

Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are...

6.5CVSS5.8AI score0.00584EPSS
Exploits0References4
Prion
Prion
added 2023/06/19 11:15 a.m.18 views

Code injection

Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are...

4.3CVSS6.3AI score0.00798EPSS
Exploits0References4Affected Software3
UbuntuCve
UbuntuCve
added 2023/06/19 11:15 a.m.26 views

CVE-2023-29545

Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are...

6.5CVSS6.7AI score0.00584EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/06/19 10:7 a.m.7 views

CVE-2023-29545

Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are...

5.2AI score0.00584EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2023/06/19 10:7 a.m.27 views

CVE-2023-29545

Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are...

6.5CVSS7.9AI score0.00584EPSS
Exploits0
Rows per page
Query Builder