17 matches found
PT-2026-41959
Name of the Vulnerable Software and Affected Versions go-git versions prior to v5 Description A path validation issue allows crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. This occurs because the software drifted from...
Linux Distros Unpatched Vulnerability : CVE-2023-53391
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - shmem: use ramfskillsb for killsb method of ramfs-based tmpfs As the ramfs-based tmpfs uses ramfsinitfscontext for the initfscontext method, which allocates...
CVE-2024-37904 Denial of service from maliciously configured Git repository in Minder
Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on lines L55-L89. The Git provider...
PT-2024-3876
Name of the Vulnerable Software and Affected Versions: webpack-dev-middleware versions prior to 7.1.0 webpack-dev-middleware versions prior to 6.1.2 webpack-dev-middleware versions prior to 5.3.4 Description: The webpack-dev-middleware does not sufficiently validate the supplied URL address befor...
GO-2022-0427 Unprotected file upload in github.com/swaggo/http-swagger
The httpSwagger package's HTTP handler provides WebDAV read/write access to an in-memory filesystem. An attacker can exploit this to cause memory exhaustion by uploading many files, XSS attacks by uploading malicious files, or other unexpected behaviors...
Important: amazon-ssm-agent
Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 A malicious HTTP sender can use chunk extensions to cause a receiver...
DEBIAN-CVE-2023-49569
A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootO...
AZL-39592 CVE-2023-49569 affecting package cri-o for versions less than 1.22.3-12
A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootO...
AZL-39595 CVE-2023-49568 affecting package cri-o for versions less than 1.22.3-12
A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using on...
AZL-35095 CVE-2023-49568 affecting package packer for versions less than 1.9.5-1
A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using on...
AZL-33892 CVE-2023-49568 affecting package packer for versions less than 1.9.5-3
A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using on...
DEBIAN-CVE-2023-49568
A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using on...
UBUNTU-CVE-2023-49568
A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using on...
Design/Logic Flaw
A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using on...
CVE-2023-49568
A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using on...
CVE-2023-49568
A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using on...
Debian DSA-4667-1 : linux - security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak. - CVE-2020-2732 Paulo Bonzini discovered that the KVM implementation for Intel processors did not properly handle instruction emulation for L2 guests...