825 matches found
GHSA-8FG7-HP93-QHVR wolfictl leaks GitHub tokens to remote non-GitHub git servers
Summary A git authentication issue allows a local user’s GitHub token to be sent to remote servers other than github.com. Details Most git-dependent functionality in wolfictl relies on its own git package, which contains centralized logic for implementing interactions with git repositories. Some ...
RHEL 6 : rsync (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - rsync: daemon does not check for fnamecmp filenames allowing for access restriction bypass CVE-2017-17434...
squid: denial of service in HTTP header parser
A flaw was found in Squid. This issue may allow a remote client or remote server to trigger a denial of service when sending oversized headers in HTTP messages...
squid: denial of service in HTTP header parser
A flaw was found in Squid. This issue may allow a remote client or remote server to trigger a denial of service when sending oversized headers in HTTP messages...
squid: denial of service in HTTP header parser
A flaw was found in Squid. This issue may allow a remote client or remote server to trigger a denial of service when sending oversized headers in HTTP messages...
squid: denial of service in HTTP header parser
A flaw was found in Squid. This issue may allow a remote client or remote server to trigger a denial of service when sending oversized headers in HTTP messages...
squid: denial of service in HTTP header parser
A flaw was found in Squid. This issue may allow a remote client or remote server to trigger a denial of service when sending oversized headers in HTTP messages...
python: CPU denial of service via inefficient IDNA decoder
A vulnerability was discovered in Python. A quadratic algorithm exists when processing inputs to the IDNA RFC 3490 decoder, such that a crafted unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be...
Fedora 39 : pypy (2023-5460cf6dfb)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-5460cf6dfb advisory. Security fix for CVE-2022-45061 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...
Rocky Linux 9 : rsync (RLSA-2022:6181)
The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:6181 advisory. - An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The...
CVE-2023-2110
Improper path handling in Obsidian desktop before 1.2.8 on Windows, Linux and macOS allows a crafted webpage to access local files and exfiltrate them to remote web servers via "app://local/". This vulnerability can be exploited if a user opens a malicious markdown file in Obsidian, or copies tex...
CVE-2023-2316 Typora Local File Disclosure
Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious...
CVE-2023-2316 Typora Local File Disclosure
Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious...
GHSA-6R78-M64M-QWCF Moq v4.20.0-rc to 4.20.1 share hashed user data
Moq v4.20.0-rc to 4.20.1 include support for SponsorLink, which runs an obfuscated DLL at build time that scans local git config data and shares the user's hashed email address with SponsorLink's remote servers. There is no option to disable this. Moq v4.20.2 has removed this functionality...
Moq v4.20.0-rc to 4.20.1 share hashed user data
Moq v4.20.0-rc to 4.20.1 include support for SponsorLink, which runs an obfuscated DLL at build time that scans local git config data and shares the user's hashed email address with SponsorLink's remote servers. There is no option to disable this. Moq v4.20.2 has removed this functionality...
Undesired Behavior
Overview Affected versions of this package are vulnerable to Undesired Behavior. It contains a dependency on the SponsorLink package, which runs an obfuscated closed-source executable at buildtime. That executable spawns OS processes and performs network requests, including transferring a...
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers.
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A...
EulerOS Virtualization 3.0.6.6 : python (EulerOS-SA-2023-2415)
According to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some input...
EulerOS Virtualization 3.0.6.0 : rsync (EulerOS-SA-2023-2204)
According to the versions of the rsync packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories...
Huawei EulerOS: Security Advisory for rsync (EulerOS-SA-2023-2204)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...