97 matches found
GitHub: CVE-2025-27613 Gitk Arguments Vulnerability
CVE-2025-27613 is regarding a vulnerability in Gitk where when a user clones an untrusted repository and runs Gitk without additional command arguments, any writable file can be created and truncated. The option "Support per-file encoding" must have been enabled. The operation "Show origin of thi...
GitHub: CVE-2025-27614 Gitk Arbitrary Code Execution Vulnerability
CVE-2025-27614 is regarding a vulnerability in Gitk where a Git repository can be crafted in such a way that a user who has cloned the repository can be tricked into running any script supplied by the attacker by invoking gitk filename, where filename has a particular structure. GitHub created th...
Gitk 操作系统命令注入漏洞
Gitk is an open source graphical tool that comes with Git for viewing information such as commit history and branch structure of a Git repository. Gitk suffers from an operating system command injection vulnerability that stems from the following: a user who clones the repository can be tricked...
Gitk 操作系统命令注入漏洞
Gitk is an open source graphical tool that comes with Git to view information such as commit history and branch structure of Git repositories. Gitk suffers from an operating system command injection vulnerability that stems from the ability to create and truncate any writable file when a user...
Astra Linux – Vulnerability in Git
Gitk is a Tcl/Tk-based Git history browser. Starting with version 2.41.0, a Git repository can be manipulated in such a way that, through some social engineering, a user who has cloned the repository can be tricked into running any script e.g., Bourne shell, Perl, Python, ... provided by the...
Astra Linux – Vulnerability in Git
Gitk is a Tcl/Tk-based Git history browser. Starting with version 1.7.0, when a user clones an untrusted repository and runs Gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option “Support per-file encoding” must have been...
CVE-2023-23618 gitk can inadvertently call executables in the worktree
Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, when gitk is run on Windows, it potentially runs executables from the current directory inadvertently, which can be exploited with some social engineering to trick users into running...
CVE-2023-23618 gitk can inadvertently call executables in the worktree
Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, when gitk is run on Windows, it potentially runs executables from the current directory inadvertently, which can be exploited with some social engineering to trick users into running...
PT-2023-5950 · Git · Git
Name of the Vulnerable Software and Affected Versions: Git for Windows versions prior to 2.39.2 Description: The issue is related to the execution of untrusted code when gitk is run on Windows. This can be exploited through social engineering to trick users into running untrusted code. The proble...
Ubuntu 18.04 LTS / 20.04 LTS : Git regression (USN-5810-2)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5810-2 advisory. USN-5810-1 fixed vulnerabilities in Git. This update introduced a regression as it was missing some commit lines. This update fixes the problem. Tenab...
emacs, git, gitk, gitweb, perl security update
CentOS Errata and Security Advisory CESA-2017:2484 An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
The vulnerability of the CentOS operating system allows a malicious attacker to compromise the integrity of protected information.
The vulnerability of the gitk-1.7.1 package for the CentOS operating system can lead to a breach of protected information. Exploiting this vulnerability can be carried out remotely...
The vulnerability of the Red Hat Enterprise Linux operating system allows a remote attacker to compromise the integrity of protected information.
The vulnerability of the gitk-1.7.1 package for the Red Hat Enterprise Linux operating system can lead to a breach of protected information. This vulnerability can be exploited remotely...
Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information
The multiple vulnerabilities in the gitk package of the Debian GNU/Linux operating system may lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...
openSUSE Security Update : git (openSUSE-SU-2013:0380-1)
git imap-send was fixed to do SSL host verification. This can be disabled if necessary in the config file. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2013-170. The text descripti...
Debian Security Advisory DSA 1777-1 (git-core)
The remote host is missing an update to git-core announced via advisory DSA 1777-1. OpenVAS Vulnerability Test $Id: deb17771.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1777-1 git-core Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...
Fedora 9 : git-1.5.6.6-1.fc9 (2008-11650)
This update fixes a local privilege escalation bug in gitweb. For details: http://article.gmane.org/gmane.comp.version-control.git/103624 Additionally, gitk has been added as a requirement of git-gui bug 476308 and perlNet::SMTP::SSL has been added as a requirement of git-send-email bug 443615...