558 matches found
Eclipse JGit Security Vulnerability
Eclipse JGit is an open source Java implementation of the Eclipse Foundation for working with the Git version control system. A security vulnerability exists in Eclipse JGit 6.6.0 and earlier versions, which stems from the presence of symbolic links in specially crafted git repositories that can...
GHSA-92RV-4J2H-8MJJ Snappy PHAR deserialization vulnerability
Issue On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. To fix this issue, the version 1.4.2 was released with an additional check in the affected function to prevent the usage of the phar:// wrapper...
PT-2023-5557 · Eclipse +3 · Eclipse Jgit +3
Name of the Vulnerable Software and Affected Versions: Eclipse JGit versions prior to 6.6.1.202309021850-r Eclipse JGit versions prior to 6.7.0.202309050840-r Eclipse JGit versions 5.13.3 prior to 5.13.3.202401111512-r Description: The issue is related to the handling of symbolic links in Eclipse...
Debian: Security Advisory (DLA-237-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OS Command Injection
github.com/gogs/gogs is vulnerable to OS Command Injection. The vulnerability exists because the isRepositoryGitPath function of repoeditor.go does not properly check the git path on case-insensitive file systems, which allows an attacker to upload malicious file configs into the system...
Gogs OS Command Injection vulnerability
Impact The malicious user is able to update a crafted config file into repository's .git directory in combination with crafted file deletion to gain SSH access to the server on case-insensitive file systems. All installations with repository upload enabled default on case-insensitive file systems...
PT-2023-12641 · Gogs · Gogs
Name of the Vulnerable Software and Affected Versions: gogs/gogs versions prior to 0.12.11 Description: The issue allows a malicious user to update a crafted config file into a repository's .git directory, in combination with crafted file deletion, to gain SSH access to the server on...
K30291321: The attack signature check may fail to detect and block illegal requests for a case-insensitive policy
Security Advisory Description The web application firewall attack signature check may fail to detect and block illegal requests. This issue occurs when all of the following conditions are met: You are using one of the following web application firewall products: Advanced WAF or BIG-IP ASM 11.6.0 ...
SUSE CVE-2008-1145
Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash \ path separators or case-insensitive file names, allows remote attackers to access arbitrary files via 1 "..%5c" encoded backslash...
SUSE CVE-2011-0449
actionpack/lib/actionview/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action...
SUSE CVE-2013-7041
The pamuserdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack...
SUSE CVE-2016-8616
A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped...
SUSE CVE-2017-12837
Heap-based buffer overflow in the Sregatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service out-of-bounds write via a regular expression with a '\N' escape and the case-insensitive modifier...
SUSE CVE-2019-9169
In the GNU C Library aka glibc or libc6 through 2.29, proceednextnode in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match...
SUSE CVE-2021-21300
Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive...
SUSE CVE-2021-37701
The npm package "tar" aka node-tar before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieve...
SUSE CVE-2021-39134
@npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder...
SUSE CVE-2022-1586
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compilexclassmatchingpath function of the pcre2jitcompile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in...
SubprotocolRegistry is vulnerable to malicious names
Lines of code Vulnerability details Impact A malicious subprotocol can register a name that looks the same as any other protocol. Users may use the malicious subprotocol because they can't distinguish the names, and be cheated out of subprotocolFee. Proof of Concept Any subprotocol can be...
Open5GS Denial of Service Vulnerability (CNVD-2025-18589)
Open5GS is an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A denial of service vulnerability exists in Open5GS, which originates from the amfgnbfindbyaddr function in /src/amf/amf-context.c that only detects the Ip address and does not detect if it i...