Git Remote Code Execution via git-lfs (CVE-2020-27955)

A critical vulnerability CVE-2020-27955 in Git Large File Storage Git LFS, an open source Git extension for versioning large files, allows attackers to achieve remote code execution if the Windows-using victim is tricked into cloning the attacker's malicious repository using a vulnerable Git...

Git git-lfs Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Git Remote Code Execution via git-lfs CVE-2020-27955', 'Description' = %q A critical vulnerability CVE-2020-27955 in Git Large File Storage Git...

Vulnerability fixed in GitLab

A vulnerability has been fixed in GitLab. A malicious party could exploit the vulnerability to obtain sensitive information with the application's permissions through the uploading a prepared "design" file. To do this, "Large File Support" LFS must be enabled for the GitLab server or the specific...

Exploit for Uncontrolled Search Path Element in Git_Large_File_Storage_Project Git_Large_File_Storage

Git-lfs Remote Code Execution RCE exploit CVE-2020-27955 .b...

Exploit for Uncontrolled Search Path Element in Git_Large_File_Storage_Project Git_Large_File_Storage

Git-lfs Remote Code Execution RCE exploit CVE-2020-27955 .b...

Exploit for Uncontrolled Search Path Element in Git_Large_File_Storage_Project Git_Large_File_Storage

Git-lfs Remote Code Execution RCE exploit CVE-2020-27955 .b...

SUSE-SU-2021:14692-1 Security update for clamav

This update for clamav fixes the following issues: - CVE-2021-1252: Fix for Excel XLM parser infinite loop. bsc1184532 - CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash. bsc1184533 - CVE-2021-1405: Fix for mail parser NULL-dereference crash. bsc1184534 - Fix errors when scannin...

OpenJPEG 输入验证错误漏洞

OpenJPEG is an open source JPEG 2000 codec written in C language . An integer overflow vulnerability exists in OpenJPEG version v2.4.0. An attacker can exploit the vulnerability by using the command line option "-ImgDir" on a directory containing 1048576 files to crash the program...

OESA-2021-1105 git security update

Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Git is easy to learn and has a tiny footprint with lightning fast performance. It outclasses SCM tools like Subversion, CVS, Perforce, and...

UBUNTU-CVE-2021-21300

Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive...

Matrix Synapse 资源管理错误漏洞

Matrix Synapse is a Matrix Management Server implementation from the Matrix Foundation in the UK. A denial of service vulnerability exists in Synapse versions prior to 1.25.0, which stems from a malicious homeserver that redirects requests to a large file, which could lead to a denial of service...

Git Lfs Code Issue Vulnerability

Git Lfs is a command line tool from the Git Lfs team for working with large files in git projects. A security vulnerability exists in Git LFS that stems from allowing an attacker to execute arbitrary code...

Exploit for Uncontrolled Search Path Element in Git_Large_File_Storage_Project Git_Large_File_Storage

CVE-2020-27955 Thanks h...

Git LFS Remote Code Execution Vulnerability

Git LFS is a command-line extension and specification for managing large files using Git. A remote code execution vulnerability exists in Git LFS 2.12.0. An attacker can exploit this vulnerability to achieve remote code execution...

CVE-2020-3436

A vulnerability in the web services interface of Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to upload arbitrary-sized files to specific folders on an affected device, which could lead to an unexpected devic...

PT-2020-4459 · Cisco · Cisco Ftd +1

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the web services interface could allow an unauthenticated, remote attacker to upload...

Denial Of Service (DoS)

freewvs is vulnerable to denial of service. An attacker is able to terminate the scan process by creating a large file that would potentially cause an application crash upon parsing...

CVE-2020-15100

In freewvs before 0.1.1, a user could create a large file that freewvs will try to read, which will terminate a scan process. This has been patched in 0.1.1...

PYSEC-2020-232

In freewvs before 0.1.1, a user could create a large file that freewvs will try to read, which will terminate a scan process. This has been patched in 0.1.1...

PT-2020-14184 · Freewvs · Freewvs

Name of the Vulnerable Software and Affected Versions: freewvs versions prior to 0.1.1 Description: A user could create a large file that freewvs will try to read, which will terminate a scan process. Recommendations: For versions prior to 0.1.1, update to version 0.1.1 to resolve the issue. As a...