USN-5871-1 git vulnerabilities

It was discovered that Git incorrectly handled certain repositories. An attacker could use this issue to make Git uses its local clone optimization even when using a non-local transport. CVE-2023-22490 Joern Schneeweisz discovered that Git incorrectly handled certain commands. An attacker could...

UBUNTU-CVE-2023-23946

Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to git apply, a path outside the working tree can be overwritten as the user who is running git apply. A...

git -- "git apply" overwriting paths outside the working tree

git team reports: By feeding a crafted input to "git apply", a path outside the working tree can be overwritten as the user who is running "git apply"...

PT-2023-35188 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.90 Description: The issue is related to the f2fs component, where a panic can be avoided if the extent tree is not created. The actual impact and attack plausibility have not yet been proven...

PT-2023-34960 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.11 Description: The issue is related to the arm64 device tree for imx8mm-verdin, where the eth-phy is not properly powered down. This problem was introduced in version v5.18 and is fixed in version v6.1.11...

PT-2023-35346 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.19.271 Description: The issue is related to the f2fs component, where a panic can be avoided if the extent tree is not created. The actual impact and attack plausibility have not yet been proven...

PT-2023-35369 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.304 Description: The issue is related to the f2fs extent tree. If the extent tree is not created, it may cause a panic. The actual impact and attack plausibility have not yet been proven. Recommendations:...

git: gitattributes parsing integer overflow

A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These...

git: gitattributes parsing integer overflow

A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These...

git: gitattributes parsing integer overflow

A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These...

GSD-2023-1001750 f2fs: let's avoid panic if extent_tree is not created

f2fs: let's avoid panic if extenttree is not created This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.90 by commit...

GSD-2023-1001737 btrfs: do not abort transaction on failure to write log tree when syncing log

btrfs: do not abort transaction on failure to write log tree when syncing log This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.90 by commit...

PT-2023-34914 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.304 Description: The issue is related to the f2fs component, where a panic can be avoided if the extent tree is not created. The actual impact and attack plausibility have not yet been proven...

PT-2023-34813 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.90 Description: The issue is related to the btrfs file system, where a failure to write the log tree when syncing the log does not abort the transaction. This could potentially lead to security...

PT-2023-34887 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.230 Description: The issue is related to the f2fs component, where a panic can be avoided if the extent tree is not created. The actual impact and attack plausibility have not yet been proven...

Malicious Package

Overview tree-node-web is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

CVE-2019-25053

A path traversal vulnerability exists in Sage FRP 1000 before November 2019. This allows remote unauthenticated attackers to access files outside of the web tree via a crafted URL...

CVE-2019-25053

A path traversal vulnerability exists in Sage FRP 1000 before November 2019. This allows remote unauthenticated attackers to access files outside of the web tree via a crafted URL...

CVE-2019-25053

Sage FRP 1000 is affected by a path traversal vulnerability reported for versions before November 2019. An attacker can exploit a crafted URL to access files outside the web root without authentication. The provided documents do not specify the exact root cause details beyond path traversal, nor ...

What is Stakeholder-Specific Vulnerability Categorization?

By Waqas It’s a decision tree that’s all about you and your company. That’s a bit of an oversimplification, but… This is a post from HackRead.com Read the original post: What is Stakeholder-Specific Vulnerability Categorization?...