5 matches found
CVE-2026-15921
The CVE-2026-15921 issue affects Node Version Manager (nvm) up to v0.40.5, where nvm ls-remote and similar commands parse the mirror index.tab and use each LTS codename as an alias filename without validation. A malicious mirror can return path-traversal codenames (e.g., ../../../.bashrc), causin...
CVE-2026-15921 nvm path traversal via a malicious mirror's LTS codename writes outside the alias directory
Node Version Manager nvm is a POSIX-compliant shell function for managing multiple node.js versions. In versions 0.32.1 through 0.40.5, nvm ls-remote and other commands that refresh remote LTS aliases, such as nvm install --lts parse the node.js mirror's index.tab and use each release's LTS...
FreeBSD : Gitlab -- Multiple vulnerabilities (467b7cbe-257d-11e9-8573-001b217b3468)
Gitlab reports : Remote Command Execution via GitLab Pages Covert Redirect to Steal GitHub/Bitbucket Tokens Remote Mirror Branches Leaked by Git Transfer Refs Denial of Service with Markdown Guests Can View List of Group Merge Requests Guest Can View Merge Request Titles via System Notes Persiste...
CVE-2015-1337
Simple Streams simplestreams does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 aka Forbidden response...
CVE-2015-1337
CVE-2015-1337 affects Simple Streams (simplestreams): the code path that verifies GPG signatures of disk image files is flawed, enabling a remote attacker to spoof disk images and trigger a 403 response. The issue is documented in multiple sources (Ubuntu USN-2746-1 and related CVE records). Miti...