1776 matches found
SUSE-SU-2023:3866-1 Security update for salt
This update for salt fixes the following issues: Security issues fixed: - CVE-2023-20897: Fixed DOS in minion return. bsc1214796, bsc1213441 - CVE-2023-20898: Fixed Git Providers can read from the wrong environment because they get the same cache directory base name. bsc1214797, bsc1193948 Bugs...
SUSE-SU-2023:3864-1 Security update for salt
This update for salt fixes the following issues: Security issues fixed: - CVE-2023-20897: Fixed DOS in minion return. bsc1214796, bsc1213441 - CVE-2023-20898: Fixed Git Providers can read from the wrong environment because they get the same cache directory base name. bsc1214797, bsc1193948 Bugs...
SUSE-SU-2023:3862-1 Security update for salt
This update for salt fixes the following issues: Security issues fixed: - CVE-2023-20897: Fixed DOS in minion return. bsc1214796, bsc1213441 - CVE-2023-20898: Fixed Git Providers can read from the wrong environment because they get the same cache directory base name. bsc1214797, bsc1193948 Bugs...
openSUSE 15 Security Update : python-GitPython (openSUSE-SU-2023:0271-1)
The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2023:0271-1 advisory. - GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git...
openSUSE 15 Security Update : python-GitPython (openSUSE-SU-2023:0259-1)
The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2023:0259-1 advisory. - GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git...
OESA-2023-1663 skopeo security update
A command line utility that performs various operations on container images and image repositories Security Fixes: Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.CVE-2023-24537...
OESA-2023-1665 skopeo security update
A command line utility that performs various operations on container images and image repositories Security Fixes: Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.CVE-2023-24537...
PT-2023-31438 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 13.12 through 16.2.7 GitLab versions 16.3 through 16.3.4 Description: A critical vulnerability in GitLab allows attackers to run pipelines as other users, potentially granting access to internal repositories and closed project...
Fedora: Security Advisory for subscription-manager (FEDORA-2023-29a012c0db)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 38 Update: subscription-manager-1.29.37-1.fc38
The Subscription Manager package provides programs and libraries to allow use rs to manage subscriptions and yum repositories from the Red Hat entitlement platform...
[SECURITY] Fedora 37 Update: subscription-manager-1.29.37-1.fc37
The Subscription Manager package provides programs and libraries to allow use rs to manage subscriptions and yum repositories from the Red Hat entitlement platform...
GitHub Enterprise Server Security Vulnerability
GitHub Enterprise Server is a U.S. GitHub open source application. Provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions prior to 3.10.0, 3.9.4,...
New open-source infostealer, and reflections on 2023 so far
Welcome to this weeks edition of the Threat Source newsletter. Im covering for Jon this week whilst he takes some well-deserved holiday. Whats on my mind this week? Well, apart from a new horror film that I just read about called "Slotherhouse" where the killer is, um, a sloth I predict nothing b...
SapphireStealer: Open-source information stealer enables credential and data theft
SapphireStealer, an open-source information stealer, has been observed across public malware repositories with increasing frequency since its initial public release in December 2022. Information-stealing malware like SapphireStealer can be used to obtain sensitive information, including corporate...
Malicious npm Packages Aim to Target Developers for Source Code Theft
An unknown threat actor is leveraging malicious npm packages to target developers with an aim to steal source code and configuration files from victim machines, a sign of how threats lurk consistently in open-source repositories. "The threat actor behind this campaign has been linked to malicious...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython does not check if this file is located outside the .git...
Untrusted Search Path
GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the git command, if a user runs GitPython from a repo has a git.exe or git...
[SECURITY] Fedora 37 Update: GitPython-3.1.32-1.fc37
GitPython is a python library used to interact with git repositories, high-level like git-porcelain, or low-level like git-plumbing. It provides abstractions of git objects for easy access of repository data, a nd additionally allows you to access the git repository more directly using eith er a...
[SECURITY] Fedora 38 Update: GitPython-3.1.32-1.fc38
GitPython is a python library used to interact with git repositories, high-level like git-porcelain, or low-level like git-plumbing. It provides abstractions of git objects for easy access of repository data, a nd additionally allows you to access the git repository more directly using eith er a...
Important: Red Hat Security Advisory: subscription-manager security update
An update for subscription-manager is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...