Lucene search
K

25 matches found

OSV
OSV
added 6 days ago4 views

DEBIAN-CVE-2026-25707

A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation...

8.8CVSS5.8AI score0.006EPSS
Exploits0References1
OSV
OSV
added 6 days ago2 views

UBUNTU-CVE-2026-25707

A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation...

8.8CVSS5.8AI score0.006EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-40062

A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation...

8.8CVSS5.8AI score0.006EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-25707 Handcrafted repo metadata may cause arbitrary local files to be overwritten by libzypp

A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation...

8.8CVSS0.006EPSS
Exploits0References2
Veracode
Veracode
added 2025/10/14 8:58 a.m.8 views

Directory Traversal

bbot is vulnerable to Directory Traversal. The vulnerability is due to gitdumper processing content from remote git repositories without proper sanitization, which allows an attacker to supply a malicious repository that triggers execution of arbitrary commands...

9.6CVSS7.3AI score0.00437EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2025/08/14 5:12 a.m.6 views

Improper Access Control

@finos/git-proxy is vulnerable to improper access control. The vulnerability is due to bypassing policies and explicit approvals when pushing to remote repositories, which allows an attacker to push code containing secrets or unwanted changes without required checks or plugin execution...

8.3CVSS7.3AI score0.00436EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 9:37 p.m.10 views

CVE-2021-25756

In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for several remote repositories instead of HTTPS...

5.3CVSS7.1AI score0.01298EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/14 6:11 p.m.24 views

CVE-2024-50338 Carriage-return character in remote URL allows malicious repository to leak credentials in Git Credential Manager

Git Credential Manager GCM is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format key=value. Git's documentation restricts the...

7.4CVSS0.03148EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/03/01 12:0 a.m.4 views

Apache Archiva Security Vulnerability

Apache Archiva is a suite of software from the Apache USA Foundation for managing one or more remote repositories. The software provides features such as remote Repository agents, role-based secure access management, and usage reporting. A security vulnerability exists in Apache Archiva that stem...

7.5CVSS6.9AI score0.0133EPSS
Exploits0References3
Prion
Prion
added 2023/10/06 2:15 p.m.19 views

Xxe

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack OOB-XXE, just parsing XML can lead to exfiltration of local tex...

2.6CVSS5.3AI score0.00674EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2022/11/17 12:0 a.m.22 views

Apache Archiva has an unspecified vulnerability (CNVD-2022-78861)

Apache Archiva is a suite of software from the Apache Foundation for managing one or more remote repositories. The software provides remote Repository agents, role-based security access management, and usage reporting.A security vulnerability exists in versions of Apache Archiva prior to 2.2.9,...

4.3CVSS2.9AI score0.01355EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/03/12 12:0 a.m.17 views

Huawei EulerOS: Security Advisory for librepo (EulerOS-SA-2021-1655)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.5CVSS7.9AI score0.02526EPSS
Exploits0References2
OSV
OSV
added 2021/02/03 4:15 p.m.5 views

CVE-2021-25756

In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for several remote repositories instead of HTTPS...

5.3CVSS6.1AI score0.01298EPSS
Exploits0References2
Prion
Prion
added 2021/02/03 4:15 p.m.19 views

Design/Logic Flaw

In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for several remote repositories instead of HTTPS...

5CVSS5.5AI score0.01298EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/02/03 3:14 p.m.55 views

CVE-2021-25756

CVE-2021-25756 affects JetBrains IntelliJ IDEA prior to 2020.2. The issue stems from using HTTP links for several remote repositories rather than HTTPS, with a reported Low severity and a Partial confidentiality impact. The Red Hat/NVD/CVE records corroborate the same description. The JetBrains s...

5.3CVSS5.4AI score0.01298EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2020/09/15 10:22 a.m.6 views

librepo: missing path validation in repomd.xml may lead to directory traversal

A flaw was found in librepo. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This fl...

8.5CVSS7.1AI score0.02526EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/09/08 9:40 a.m.2 views

librepo: missing path validation in repomd.xml may lead to directory traversal

A flaw was found in librepo. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This fl...

8.5CVSS7.1AI score0.02526EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/05/03 7:13 a.m.5 views

golang: arbitrary code execution during "go get" via C compiler options

An arbitrary command execution flaw was found in the way Go's "go get" command handled gcc and clang sensitive options during the build. A remote attacker capable of hosting malicious repositories could potentially use this flaw to cause arbitrary command execution on the client side...

7.8CVSS7.6AI score0.07768EPSS
Exploits4References4
Prion
Prion
added 2017/08/24 2:29 p.m.23 views

Design/Logic Flaw

CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."...

5.1CVSS8.2AI score0.05968EPSS
Exploits1References8Affected Software3
ATTACKERKB
ATTACKERKB
added 2017/08/24 2:29 p.m.3 views

CVE-2017-12836

CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."...

7.5CVSS6.1AI score0.05968EPSS
Exploits1References9
Rows per page
Query Builder