Lucene search
K

1777 matches found

OSV
OSV
added 2024/05/24 11:8 a.m.3 views

OESA-2024-1643 skopeo security update

A command line utility that performs various operations on container images and image repositories Security Fixes: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1...

6.5CVSS7.1AI score0.0125EPSS
Exploits0References2
OSV
OSV
added 2024/05/24 11:8 a.m.3 views

OESA-2024-1644 skopeo security update

A command line utility that performs various operations on container images and image repositories Security Fixes: Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used lar...

4.3CVSS7AI score0.01956EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/05/24 12:0 a.m.6 views

The vulnerability of the distributed Git version control system, which stems from issues with process management, allows a violator to execute arbitrary code.

The vulnerability of the distributed Git version control system exists due to a problem with process management. Exploiting this vulnerability allows an attacker to execute arbitrary code during the cloning of specially created local repositories...

8.1CVSS7.7AI score0.01271EPSS
Exploits0References15Affected Software14
RedHat Linux
RedHat Linux
added 2024/05/22 9:29 a.m.3 views

osbuild-composer: race condition may disable GPG verification for package repositories

A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built...

6.1CVSS5.7AI score0.00188EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2024/05/17 7:0 a.m.4 views

Git's protections for cloning untrusted repositories can be bypassed

...

7.8CVSS7.2AI score0.00909EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2024/05/17 2:56 a.m.2 views

SUSE CVE-2024-4982

A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server...

7.6CVSS7AI score0.00703EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/05/17 12:0 a.m.24 views

GitLab 10.6 < 12.9.10 / 12.10 < 12.10.11 / 13.0 < 13.0.6 (CVE-2020-13277)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5 CVE-2020-13277 Note that Nessus has not tested for this issue bu...

6.5CVSS6.5AI score0.01848EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/05/17 12:0 a.m.27 views

GitLab 12.1 < 13.5.6 / 13.6 < 13.6.4 / 13.7 < 13.7.2 (CVE-2021-22167)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers in specific project page allows attacker to have a temporary read access to the private repository...

7.5CVSS7.2AI score0.0157EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/05/17 12:0 a.m.38 views

Fedora 40 : git (2024-ecba8476e2)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-ecba8476e2 advisory. update to 2.45.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

9CVSS7.1AI score0.25334EPSS
Exploits34References6
Vulnrichment
Vulnrichment
added 2024/05/15 9:24 p.m.13 views

CVE-2024-35183 wolfictl leaks GitHub tokens to remote non-GitHub git servers

wolfictl is a command line tool for working with Wolfi. A git authentication issue in versions prior to 0.16.10 allows a local user’s GitHub token to be sent to remote servers other than github.com. Most git-dependent functionality in wolfictl relies on its own git package, which contains...

4.4CVSS7.3AI score0.00237EPSS
Exploits0References6
NVD
NVD
added 2024/05/15 4:15 p.m.25 views

CVE-2024-31216

The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to versi...

5.1CVSS5.2AI score0.00213EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/15 3:52 p.m.23 views

CVE-2024-31216 source-controller leaks theAzure Storage SAS token into logs on connection errors

The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to versi...

5.1CVSS5.5AI score0.00213EPSS
Exploits0References3
NVD
NVD
added 2024/05/14 8:15 p.m.28 views

CVE-2024-32465

Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with git clone --no-local to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but...

7.8CVSS8.2AI score0.00909EPSS
Exploits0References8
OSV
OSV
added 2024/05/14 8:15 p.m.1 views

DEBIAN-CVE-2024-32465

Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with git clone --no-local to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but...

7.8CVSS7.5AI score0.00909EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/14 7:18 p.m.38 views

CVE-2024-32465 Git's protections for cloning untrusted repositories can be bypassed

Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with git clone --no-local to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but...

7.3CVSS7.8AI score0.00909EPSS
Exploits0References7
CVE
CVE
added 2024/05/14 7:18 p.m.391 views

CVE-2024-32465

Git vulnerability CVE-2024-32465 affects local-cloning scenarios and can allow arbitrary code execution when cloning repositories from untrusted sources. Astra Linux documents indicate affected Git before 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, with patches in 2.45.1, 2.44.1, ...

7.8CVSS6.2AI score0.00909EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2024/05/14 7:15 p.m.5 views

AZL-43041 CVE-2024-32004 affecting package git for versions less than 2.45.2-1

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1,...

8.1CVSS7.2AI score0.01271EPSS
Exploits0References1
OSV
OSV
added 2024/05/14 7:15 p.m.7 views

DEBIAN-CVE-2024-32002

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a .git/ directory...

9CVSS7.9AI score0.25334EPSS
Exploits32References1
NVD
NVD
added 2024/05/14 7:15 p.m.29 views

CVE-2024-32002

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a .git/ directory...

9CVSS8.8AI score0.25334EPSS
Exploits32References8
Vulnrichment
Vulnrichment
added 2024/05/14 6:46 p.m.33 views

CVE-2024-32004 Git vulnerable to Remote Code Execution while cloning special-crafted local repositories

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1,...

8.1CVSS7.3AI score0.01271EPSS
Exploits0References6
Rows per page
Query Builder