CVE-2024-32884 gix-transport indirect code execution via malicious username

gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...

PT-2024-40943 · Unknown +1 · Conrod Core +1

Name of the Vulnerable Software and Affected Versions: conrod versions 0.62.0 and earlier Description: The issue concerns the conrod crate, which has been deprecated since version 0.62.0. Its functionality was split across multiple crates, with core functionality transferred to conrod core. If...

DEBIAN-CVE-2008-2380

SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes...