CVE-2024-36119 Password confirmation stored in plain text via registration form in statamic/cms

Statamic is a, Laravel + Git powered CMS designed for building websites. In affected versions users registering via the user:registerform tag will have their password confirmation stored in plain text in their user file. This only affects sites matching all of the following conditions: 1. Running...

CVE-2021-47366

In the Linux kernel, the following vulnerability has been resolved: afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server AFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, and Linux's afs client switches between them when talking to a non-YFS server if the read...

CVE-2021-47366 afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server

In the Linux kernel, the following vulnerability has been resolved: afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server AFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, and Linux's afs client switches between them when talking to a non-YFS server if the read...

CVE-2023-37273 Docker escape in Auto-GPT when running from docker-compose.yml included in git repo

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Running Auto-GPT version prior to 0.4.3 by cloning the git repo and executing docker compose run auto-gpt in the repo root uses a different docker-compose.yml file from the one suggested i...

CVE-2023-37273 Docker escape in Auto-GPT when running from docker-compose.yml included in git repo

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Running Auto-GPT version prior to 0.4.3 by cloning the git repo and executing docker compose run auto-gpt in the repo root uses a different docker-compose.yml file from the one suggested i...

Improper handling of untrusted branches in Gitea Jenkins Plugin

Jenkins Gitea Plugin prior to 1.1.2 did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted...

GHSA-Q98C-RQX7-7GHF Improper handling of untrusted branches in Gitea Jenkins Plugin

Jenkins Gitea Plugin prior to 1.1.2 did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted...

Mail.ru: Exposed Git Repo at https://mini-app.delivery-club.ru

Leaking sensitive application data in configuration files at mini-app.delivery-club.ru...

CVE-2019-10330

Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted...

Code injection

Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted...

CVE-2019-10330

Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted...

Uber: [Pre-Submission][H1-4420-2019] API access to Phabricator on code.uberinternal.com from leaked certificate in git repo

A username and certificate was found that allows API access to Phabricator on code.uberinternal.com. This API access could give away source cod and the private phabricator instance of Uber...

2017 Visual Studio Code Workspace settings code execution

The following issue constitutes an arbitrary code execution vulnerability in Visual Studio Code herein referred to as "Code". Users should upgrade to Code 1.9.0 or later. says: Visual Studio Code is a source code editor developed by Microsoft for Windows, Linux and macOS. It includes support for...

DyMerge - Dynamic Dictionary Merger

A simple, yet powerful tool - written purely in python - which takes given wordlists and merges them into one dynamic dictionary that can then be used as ammunition for a successful dictionary based or bruteforce attack. Compatible with Python 2.6+. Author: Nikolaos Kamarinakis nikolaskama.me...

openSUSE Security Update : mercurial (openSUSE-2016-609)

This update for mercurial fixes the following issues : Security issue fixed : - CVE-2016-3105: Fixed arbitrary code execution whenusing the convert extension on Git repo. boo978391 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Fedora 18 : cgit-0.9.2-1.fc18 (2013-9498)

A directory traversal vulnerability was discovered in cgit. By default, cgit is not affected. However, if cgit is configured to use a readme file from a filesystem path instead of from the git repo itself then files outside of the repository can be read. Refer to the discussion on oss-security fo...

Raspberrypi Wireless Attack Toolkit

Raspberrypi Wireless Attack Toolkit is a push-button wireless hacking and Man-in-the-Middle attack toolkit This project is designed to run on Embedded ARM platforms specifically v6 and RaspberryPi . It provides users with automated wireless attack tools that air paired with man-in-the-middle tool...