4369 matches found
Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.4 security updates and bug fixes
Red Hat Advanced Cluster Management for Kubernetes 2.4.4 General Availability release images. This update provides security fixes, bug fixes, and updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System...
PT-2022-20314
Name of the Vulnerable Software and Affected Versions Gitea versions 1.16.6 and prior Description The issue is related to the improper handling of git fetch, allowing for shell command injection. This is due to the lack of escaping for the git fetch remote. There is no information provided about...
CVE-2022-26068
This affects the package pistacheio/pistache before 0.0.3.20220425. It is possible to traverse directories to fetch arbitrary files from the server...
SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2022:1466-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1466-1 advisory. - CVE-2021-44906: Fixed a prototype pollution in node-minimist bsc1198247. - CVE-2021-44907: Fixed a potential Denial of Service...
UBUNTU-CVE-2021-4207
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values cursor-header.width and cursor-header.height can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use...
CVE-2021-4207
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values cursor-header.width and cursor-header.height can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use...
PT-2022-2968
Name of the Vulnerable Software and Affected Versions QEMU affected versions not specified Description A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values cursor-header.width and cursor-header.height can lead to the allocation of a small cursor...
CVE-2022-29081
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize via the ../RestAPI...
gitea -- Escape git fetch remote
The Gitea team reports: Escape git fetch remote in services/migrations/giteauploader.go...
Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes
Red Hat Advanced Cluster Management for Kubernetes 2.4.3 General Availability release images. This update provides security fixes, bug fixes, and updates the container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring...
Command Injection
git is vulnerable to Command Injection. The vulnerability exists in the fetch function in lib.rb because remote parameter does not properly sanitize which allows a malicious attacker to inject and execute arbitrary codes...
CVE-2022-25648
The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetchremote = 'origin', opts = function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform...
CVE-2022-25648
The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetchremote = 'origin', opts = function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform...
DEBIAN-CVE-2022-25648
The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetchremote = 'origin', opts = function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform...
Command injection
The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetchremote = 'origin', opts = function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform...
UBUNTU-CVE-2022-25648
The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetchremote = 'origin', opts = function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform...
CVE-2022-25648
The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetchremote = 'origin', opts = function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform...
CVE-2022-25648
The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetchremote = 'origin', opts = function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform...
CVE-2022-25648
The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetchremote = 'origin', opts = function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform...
ruby-git 参数注入漏洞
ruby-git is a Ruby library. It can be used to create, read, and manipulate Git repositories by wrapping system calls in git binaries. A security vulnerability exists in ruby-git, which stems from the fact that when the fetchremote = origin, opts = function is called, the remote argument is passed...