12 matches found
OPENSUSE-SU-2026:10330-1 mingw32-binutils-2.45.1-2.1 on GA media
These are all security issues fixed in the mingw32-binutils-2.45.1-2.1 package on the GA media of openSUSE Tumbleweed...
CVE-2025-64523
Summary: The FileBrowser project (github.com/filebrowser/filebrowser/v2/http) has an IDOR vulnerability in the share deletion endpoint. The shareDeleteHandler deletes a share based only on the provided hash, with no check that the share’s owner matches the authenticated user (d.user.ID). This per...
CVE-2025-64523 FileBrowser has Insecure Direct Object Reference (IDOR) in Share Deletion Function
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Versions prior to 2.45.1 have an Insecure Direct Object Reference IDOR vulnerability in the FileBrowser application's share deletion functionality. Th...
EulerOS 2.0 SP11 : git (EulerOS-SA-2024-2081)
According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be...
CVE-2024-32004
A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code. Mitigation Exercise caution when cloning repositori...
CVE-2024-32021
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target reposito...
CVE-2024-32020
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a...
CVE-2024-32002
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a .git/ directory...
CVE-2024-32004
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1,...
CVE-2023-1120 Simple Giveaways < 2.45.1 - Admin+ Stored XSS
The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress plugin Simple Giveaways 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
PT-2023-16771 · WordPress · Simple Giveaways
Name of the Vulnerable Software and Affected Versions: The Simple Giveaways WordPress plugin versions prior to 2.45.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...