10 matches found
BIT-PEBBLE-2024-3250
It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2,...
CVE-2024-3250
It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2,...
Security Bulletin: IBM Security Verify Access is vulnerable to a specially crafted HTTP request
Summary IBM Security Verify Access Appliance/Container and IBM Application Gateway are vulnerable to information disclosure or denial of service due to a specially crafted HTTP request. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details...
toolbox security update
An update is available for toolbox. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The toolbox container image can be used with Toolbox to obtain Rocky Linux...
The vulnerabilities of the classes DirCacheCheckout, ResolveMerger, PullCommand, and PatchApplier in the Git version control system for the Java Eclipse JGit framework allow a hacker to execute arbitrary code.
The vulnerability of the DirCacheCheckout, ResolveMerger, PullCommand, and PatchApplier classes in the Git version control system for the Java Eclipse JGit framework is related to improper handling of data that is sensitive to registry operations during repository cloning to the file system...
Moto E20 Readback Vulnerability
09/11/2022 Update: CVE ID CVE-2022-3917 has been reserved, with Lenovo to publish the Advisory Summary. TL;DR The Motorola E20 is an entry-level smartphone that uses a Unisoc system-on-chip. Motorola holds around 10% of the US smartphone market, though the sales of the E20 as a subset of that are...
CVE-2021-46101
In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly...
Command injection
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands...
CVE-2016-3630
The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a 1 clone, 2 push, or 3 pull command, related to a a list sizing rounding error and b short records...
PYSEC-2016-29
The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a 1 clone, 2 push, or 3 pull command, related to a a list sizing rounding error and b short records...