Lucene search
K

558 matches found

CNNVD
CNNVD
added 2023/09/12 12:0 a.m.4 views

Eclipse JGit Security Vulnerability

Eclipse JGit is an open source Java implementation of the Eclipse Foundation for working with the Git version control system. A security vulnerability exists in Eclipse JGit 6.6.0 and earlier versions, which stems from the presence of symbolic links in specially crafted git repositories that can...

8.8CVSS6.8AI score0.01884EPSS
Exploits0References8
OSV
OSV
added 2023/09/08 12:17 p.m.27 views

GHSA-92RV-4J2H-8MJJ Snappy PHAR deserialization vulnerability

Issue On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. To fix this issue, the version 1.4.2 was released with an additional check in the affected function to prevent the usage of the phar:// wrapper...

9.8CVSS9.7AI score0.01877EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2023/06/16 12:0 a.m.2 views

PT-2023-5557 · Eclipse +3 · Eclipse Jgit +3

Name of the Vulnerable Software and Affected Versions: Eclipse JGit versions prior to 6.6.1.202309021850-r Eclipse JGit versions prior to 6.7.0.202309050840-r Eclipse JGit versions 5.13.3 prior to 5.13.3.202401111512-r Description: The issue is related to the handling of symbolic links in Eclipse...

10CVSS8.5AI score0.01884EPSS
Exploits0References67
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.26 views

Debian: Security Advisory (DLA-237-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.3AI score0.63178EPSS
Exploits6References2
Veracode
Veracode
added 2023/03/02 2:46 a.m.20 views

OS Command Injection

github.com/gogs/gogs is vulnerable to OS Command Injection. The vulnerability exists because the isRepositoryGitPath function of repoeditor.go does not properly check the git path on case-insensitive file systems, which allows an attacker to upload malicious file configs into the system...

9.8CVSS9AI score0.97839EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/28 8:12 p.m.32 views

Gogs OS Command Injection vulnerability

Impact The malicious user is able to update a crafted config file into repository's .git directory in combination with crafted file deletion to gain SSH access to the server on case-insensitive file systems. All installations with repository upload enabled default on case-insensitive file systems...

9.8CVSS0.1AI score0.97839EPSS
Exploits1References7Affected Software1
Positive Technologies
Positive Technologies
added 2023/02/25 12:0 a.m.3 views

PT-2023-12641 · Gogs · Gogs

Name of the Vulnerable Software and Affected Versions: gogs/gogs versions prior to 0.12.11 Description: The issue allows a malicious user to update a crafted config file into a repository's .git directory, in combination with crafted file deletion, to gain SSH access to the server on...

9.8CVSS9.7AI score0.97839EPSS
Exploits1References13
F5 Networks
F5 Networks
added 2023/02/21 6:6 p.m.73 views

K30291321: The attack signature check may fail to detect and block illegal requests for a case-insensitive policy

Security Advisory Description The web application firewall attack signature check may fail to detect and block illegal requests. This issue occurs when all of the following conditions are met: You are using one of the following web application firewall products: Advanced WAF or BIG-IP ASM 11.6.0 ...

6.5AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 6:9 a.m.4 views

SUSE CVE-2008-1145

Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash \ path separators or case-insensitive file names, allows remote attackers to access arbitrary files via 1 "..%5c" encoded backslash...

5CVSS7.7AI score0.18163EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:54 a.m.6 views

SUSE CVE-2011-0449

actionpack/lib/actionview/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action...

7.5CVSS7AI score0.02498EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:33 a.m.4 views

SUSE CVE-2013-7041

The pamuserdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack...

4.3CVSS6.9AI score0.02484EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:57 a.m.3 views

SUSE CVE-2016-8616

A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped...

5.9CVSS9.2AI score0.03472EPSS
Exploits0References25
SUSE CVE
SUSE CVE
added 2023/02/15 4:41 a.m.4 views

SUSE CVE-2017-12837

Heap-based buffer overflow in the Sregatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service out-of-bounds write via a regular expression with a '\N' escape and the case-insensitive modifier...

4CVSS7.3AI score0.06207EPSS
Exploits0References21
SUSE CVE
SUSE CVE
added 2023/02/15 4:14 a.m.4 views

SUSE CVE-2019-9169

In the GNU C Library aka glibc or libc6 through 2.29, proceednextnode in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match...

5.1CVSS8AI score0.04731EPSS
Exploits1References32
SUSE CVE
SUSE CVE
added 2023/02/15 3:46 a.m.1 views

SUSE CVE-2021-21300

Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive...

7.5CVSS8.7AI score0.88644EPSS
Exploits5References10
SUSE CVE
SUSE CVE
added 2023/02/15 3:39 a.m.2 views

SUSE CVE-2021-37701

The npm package "tar" aka node-tar before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieve...

8.1CVSS8.8AI score0.03286EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2023/02/15 3:38 a.m.3 views

SUSE CVE-2021-39134

@npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder...

8.1CVSS8AI score0.00576EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2023/02/15 3:33 a.m.3 views

SUSE CVE-2022-1586

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compilexclassmatchingpath function of the pcre2jitcompile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in...

8.6CVSS8.8AI score0.02993EPSS
Exploits0References113
Code423n4
Code423n4
added 2023/02/02 12:0 a.m.24 views

SubprotocolRegistry is vulnerable to malicious names

Lines of code Vulnerability details Impact A malicious subprotocol can register a name that looks the same as any other protocol. Users may use the malicious subprotocol because they can't distinguish the names, and be cheated out of subprotocolFee. Proof of Concept Any subprotocol can be...

6.8AI score
Exploits0
CNVD
CNVD
added 2022/10/08 12:0 a.m.1 views

Open5GS Denial of Service Vulnerability (CNVD-2025-18589)

Open5GS is an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A denial of service vulnerability exists in Open5GS, which originates from the amfgnbfindbyaddr function in /src/amf/amf-context.c that only detects the Ip address and does not detect if it i...

7.5CVSS6.7AI score0.00868EPSS
Exploits1References1
Rows per page
Query Builder