17 matches found
DEBIAN-CVE-2026-44942
A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content...
SUSE-SU-2026:22064-1 Security update for libzypp
This update for libzypp fixes the following issue Update to 17.38.13 35: - CVE-2026-44942: .repo files can have an optional path which can lead to path traversal attacks bsc1267874...
Malicious code in supership-scan (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0aebde5ba55a72b6d4c6917ccf22db1427d434fed04cecc22dd16844e2d39033 The package advertises itself as a local-only static analyzer README: "Runs locally. Your code never leaves the machine" and "What's never transmitte...
Command Injection
Overview setup-php is a Setup PHP for use with GitHub Actions Affected versions of this package are vulnerable to Command Injection via the process that resolves PHP version from repository-controlled files such as .php-version, composer.lock, or composer.json and incorporates the value into the...
GHSA-PQWM-Q9PV-PH8R Setup PHP: Command Injection in Repository-Derived PHP Version Resolution
Summary A command injection vulnerability was identified in shivammathur/setup-php when the action resolves the PHP version from repository-controlled files and uses that value while generating the platform setup script. In affected versions, setup-php may read the PHP version from: - .php-versio...
Traversal outside working tree enables arbitrary code execution
Summary During checkout, gitoxide does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. Details Although gix-worktree-state checks for collisions with existing files, it does not...
PT-2024-21910 · Dnf5 · Dnf5
Name of the Vulnerable Software and Affected Versions: dnf5 affected versions not specified Description: The issue arises from the dnf5 D-Bus daemon accepting arbitrary configuration parameters from unprivileged users. This allows a local root exploit by tricking the daemon into loading a...
SUSE CVE-2019-9630
Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images...
CVE-2022-23738
An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to access private repository files through a public repository. To exploit this, an actor would need to already be authorized on the GitHub Enterprise Server instance, be able to crea...
Exploit for Session Fixation in Gogs
CVE-2018-18925 Exploitation of CVE-2018-18925 a Remote Code Ex...
metasploit-framework
This is an open-source project repository for the Metasploit Framework, a popular penetration testing tool. The repository contains various files and directories related to the project, including configuration files, test files, and documentation. The Metasploit Framework is a software platform f...
CVE-2007-5743
viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option...
CVE-2007-5743
Removed by vendor...
CVE-2019-9630
Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images...
CVE-2019-9630
Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images...
CVE-2019-9630
Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images...
CVE-2014-5028
The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids...