21 matches found
WordPress Ally plugin stack buffer overflow vulnerability
WordPress Ally plugin is a free and open source WordPress plugin, mainly used to improve the accessibility of the website Accessibility, to help users simplify the website accessibility process. A stack buffer overflow vulnerability exists in the WordPress Ally plugin, which originates from the...
EUVD-2022-29592
Malicious code in bioql PyPI...
EXTERNAL CALL TO UNTRUSTED PARTIES
Lines of code Vulnerability details Impact Functions in this contract or inherited functions can be reentered. Proof of Concept In Vault.sol the withdrawAVAX and redeemAVAX functions make an external call to the msg.sender by way of safeTransferETH. This allows the caller to reenter this and othe...
Amazon Linux 2022 : git (ALAS2022-2022-236)
The version of git installed on the remote host is prior to 2.37.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-236 advisory. - Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on...
EulerOS Virtualization 3.0.6.0 : git (EulerOS-SA-2022-2559)
According to the versions of the git packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machine...
EulerOS Virtualization 3.0.6.6 : git (EulerOS-SA-2022-2500)
According to the versions of the git packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machine...
Amazon Linux 2022 : git, git-all, git-core (ALAS2022-2022-067)
It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-067 advisory. A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration...
Huawei EulerOS: Security Advisory for git (EulerOS-SA-2022-2156)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux 2 : git (ALAS-2022-1810)
The version of git installed on the remote host is prior to 2.34.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1810 advisory. A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system...
EulerOS 2.0 SP8 : git (EulerOS-SA-2022-1929)
According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where...
EulerOS 2.0 SP5 : git (EulerOS-SA-2022-1888)
According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where...
Amazon Linux AMI : git (ALAS-2022-1589)
The version of git installed on the remote host is prior to 2.36.1-1.75. It is, therefore, affected by a vulnerability as referenced in the ALAS-2022-1589 advisory. A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system...
SUSE SLES12: git / git-arch / git-core / git-cvs / git-daemon / git-doc / etc (SUSE-SU-2022:1306-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1306-1 advisory. - CVE-2022-24765: Fixed a potential command injection via git worktree bsc1198234. Tenable has extracted the preceding description block...
SUSE SLES15: git / git-arch / git-core / git-cvs / git-daemon / git-doc / etc (SUSE-SU-2022:1260-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1260-1 advisory. - CVE-2022-24765: Fixed a potential command injection via git worktree bsc1198234. Tenable has extracted the preceding description block...
CVE-2022-24765
Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder C:.git, which would be picked up by Git operation...
CVE-2022-24765
Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder C:.git, which would be picked up by Git operation...
Ubuntu 18.04 LTS / 20.04 LTS : Git vulnerability (USN-5376-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5376-1 advisory. discovered that Git incorrectly handled certain repository paths in platforms with multiple users support. An attacker could possibly use this issue t...
CVE-2022-24765
Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder C:.git, which would be picked up by Git operation...
Vulnerability fixed in Node.js
A vulnerability has been fixed in Node.js. The vulnerability allows a malicious party potentially capable of causing a denial-of-service cause. To do this, the malicious party must be able to send a DNS request for a rogue domain. Only applications that allow a malicious party to send DNS request...
security flaw
Firefox 1.0.6 allows attackers to cause a denial of service crash via a Proxy Auto-Config PAC script that uses an eval statement. NOTE: it is not clear whether an untrusted party has any role in triggering this issue, so it might not be a vulnerability...