SUSE: Security Advisory (SUSE-SU-2022:0826-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-3F95-R44V-8MRG Command injection in simple-git

The package simple-git before 3.3.0 is vulnerable to Command Injection via argument injection. When calling the .fetchremote, branch, handlerFn function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options, it was possible to get arbitrary...

ALPINE-CVE-2022-0908

Null source pointer passed as an argument to memcpy function within TIFFFetchNormalTag in tifdirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file...

AZL-9021 CVE-2022-0908 affecting package libtiff for versions less than 4.3.0-2

Null source pointer passed as an argument to memcpy function within TIFFFetchNormalTag in tifdirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file...

AZL-44427 CVE-2022-0908 affecting package openjpeg2 2.3.1-12

Null source pointer passed as an argument to memcpy function within TIFFFetchNormalTag in tifdirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file...

UBUNTU-CVE-2022-0908

Null source pointer passed as an argument to memcpy function within TIFFFetchNormalTag in tifdirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file...

CVE-2022-24433

The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetchremote, branch, handlerFn function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possible to get arbitrary...

CVE-2022-24433 Command Injection

The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetchremote, branch, handlerFn function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possible to get arbitrary...

CVE-2022-24433

The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetchremote, branch, handlerFn function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possible to get arbitrary...

Command Injection

Overview git is a Ruby library that can be used to create, read and manipulate Git repositories by wrapping system calls to the git binary. Affected versions of this package are vulnerable to Command Injection via git argument injection. When calling the fetchremote = 'origin', opts = function, t...

Command Injection

Overview workspace-tools is a JS Monorepo Workspace Tools. Affected versions of this package are vulnerable to Command Injection via git argument injection. When calling the fetchRemoteBranchremote: string, remoteBranch: string, cwd: string function, both the remote and remoteBranch parameters ar...

Command Injection

Overview simple-git is a light weight interface for running git commands in any node.js application. Affected versions of this package are vulnerable to Command Injection via argument injection. When calling the .fetchremote, branch, handlerFn function, both the remote and branch parameters are...

simple-git-hooks 参数注入漏洞

simple-git-hooks is an application. A simple git hooks manager for small projects A parameter injection vulnerability exists in simple-git-hooks, which stems from the fact that when the .fetchremote, branch, handlerFn function is called, both the remote and branch parameters are passed to the git...

PT-2022-16694 · Unknown · Simple-Git

Name of the Vulnerable Software and Affected Versions: simple-git versions prior to 3.3.0 Description: The issue allows for Command Injection via argument injection. When calling the fetch function with parameters remote, branch, and handlerFn, both the remote and branch parameters are passed to...

OESA-2022-1565 ansible security update

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

OESA-2022-1551 libtiff security update

TIFF Library and Utilities. Security Fixes: Null source pointer passed as an argument to memcpy function within TIFFReadDirectory in tifdirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is...

WordPress plugin Email Subscribers & Newsletters SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A SQL injection vulnerability exists in the WordPress plugin...

Church Admin < 3.4.135 - Unauthenticated Plugin's Backup Disclosure

The plugin does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the "refresh-backup" action, and simultaneously keep requesting a publicly accessible temporary file generated by the plugin in order to...

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.2 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.4.2 General Availability release images. This update provides security fixes, fixes bugs, and updates the container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability

A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or...