JetBrains TeamCity 输入验证错误漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from an input validatio...

CVE-2025-46803

The default mode of pseudo terminals PTYs allocated by Screen was changed from 0620 to 0622, thereby allowing anyone to write to any Screen PTYs in the system...

CVE-2025-32971 XWiki Solr script service doesn't take dropped programming right into account

XWiki is a generic wiki platform. In versions starting from 4.5.1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the Solr script service doesn't take dropped programming rights into account. The Solr script service that is accessible in XWiki's...

Debian dla-4127 : libapache2-mod-svn - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4127 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4127-1 [email protected] https://www.debian.org/lts/security/...

CVE-2025-30370

jupyterlab-git is a JupyterLab extension for version control using Git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $. These directory names are allowed in macOS and a majority of Linux distributions. If...

CVE-2025-30370 jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal"

jupyterlab-git is a JupyterLab extension for version control using Git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $. These directory names are allowed in macOS and a majority of Linux distributions. If...

tough failure to detect delegated target rollback

Summary When updating the snapshot role, TUF clients should ensure that any previously encountered targets or delegated targets metadata files continue to be present in new snapshot metadata files. Likewise, the new targets and delegated targets metadata versions must be greater than or equal to...

Huawei EulerOS: Security Advisory for subversion (EulerOS-SA-2025-1224)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ROS-20250219-04

A vulnerability in Git's distributed version control system is related to a flaw in the mechanism for encoding or shielding of output data. Exploitation of the vulnerability allows a remote attacker, gain access to sensitive data Vulnerability in the ANSI Escape Sequence Handler component of the...

CBL Mariner 2.0 Security Update: git (CVE-2024-50349)

The version of git installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-50349 advisory. - Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides...

pip: arbitrary configuration injection

Background pip is a tool for installing and managing Python packages. Description Multiple vulnerabilities have been discovered in pip. Please review the CVE identifiers referenced below for details. Impact When installing a package from a Mercurial VCS URL ie "pip install hg+...", the specified...

[SECURITY] Fedora 41 Update: subversion-1.14.5-1.fc41

Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file...

Apache Subversion Denial of Service Vulnerability (CNVD-2024-49153)

Apache Subversion is the United States Apache Apache Foundation of a set of open source version control system. The system is compatible with Concurrent Versions System CVS. A denial of service vulnerability exists in Apache Subversion 1.14.4 and earlier versions, which stems from insufficient...

QNAP Notes Station 3 Authentication Missing Vulnerability

QNAP Notes Station 3 is a private cloud notes software that runs on QNAP NAS devices and supports real-time multi-person collaboration, version control, data encryption and snapshot backup. QNAP Notes Station 3 suffers from an authentication missing vulnerability that stems from the inclusion of ...

PT-2024-35995

Name of the Vulnerable Software and Affected Versions: @backstage/plugin-scaffolder-node versions prior to 0.4.12, 0.5.1, and 0.6.1 Description: A vulnerability is identified in Backstage Scaffolder template functionality where Server-Side Template Injection SSTI can be exploited to perform Git...

UBUNTU-CVE-2024-10220

The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2...

QNAP Systems Notes Station 安全漏洞

QNAP Notes Station 3 is a private cloud notes software that runs on QNAP NAS devices and supports real-time multi-person collaboration, version control, data encryption and snapshot backup. QNAP Notes Station 3 suffers from a command injection vulnerability, which stems from the application faili...

QNAP Systems Notes Station 安全漏洞

QNAP Notes Station 3 is a private cloud notes software that runs on QNAP NAS devices and supports real-time multi-person collaboration, version control, data encryption and snapshot backup. QNAP Notes Station 3 suffers from an authentication missing vulnerability that stems from the inclusion of ...

CVE-2024-52531 affecting package libsoup for versions less than 3.0.4-2

CVE-2024-52531 affecting package libsoup for versions less than 3.0.4-2. A patched version of the package is available...

CVE-2024-52523 Nextcloud Server Custom defined credentials of external storages are sent back to the frontend

Nextcloud Server is a self hosted personal cloud system. After setting up a user or administrator defined external storage with fixed credentials, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access to an active sessi...