SUSE CVE-2023-25652

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to git apply --reject, a path outside the working tree can be overwritten with partially controlled contents...

ALPINE-CVE-2023-25652

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to git apply --reject, a path outside the working tree can be overwritten with partially controlled contents...

DEBIAN-CVE-2023-25652

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to git apply --reject, a path outside the working tree can be overwritten with partially controlled contents...

CVE-2023-25652 "git apply --reject" partially-controlled arbitrary file write

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to git apply --reject, a path outside the working tree can be overwritten with partially controlled contents...

git -- Multiple vulnerabilities

git developers reports: This update includes 2 security fixes: CVE-2023-25652: By feeding specially crafted input to git apply --reject, a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunks from the given patch CVE-2023-29007: A...

VMware Releases Security Update for Aria Operations for Logs

VMware has released a security update to address multiple vulnerabilities in Aria Operations for Logs formerly vRealize Log Insight. A cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security...

PT-2023-3585 · Git +10 · Git +10

Name of the Vulnerable Software and Affected Versions: Git versions prior to 2.30.9 Git versions prior to 2.31.8 Git versions prior to 2.32.7 Git versions prior to 2.33.8 Git versions prior to 2.34.8 Git versions prior to 2.35.8 Git versions prior to 2.36.6 Git versions prior to 2.37.7 Git versio...

PT-2023-35767 · Dav1D · Dav1D

Name of the Vulnerable Software and Affected Versions: dav1d affected versions not specified Description: The issue is related to a heap-use-after-free read error. Technical details about the crash include the picture copy props, dav1d picture alloc copy, and dav1d apply grain functions...

Malicious Package

Overview gd-apply is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

pesign security update

0.112-27.0.1 - Update Oracle Linux test certificates Orabug: 31928433 - Apply pesigcheck-Mark-the-imported-certificate-as-trusted.patch Orabug: 31928433 - update Oracle Linux certificates Alexey Petrenko - remove obsoletes of pesign-rh-test-certs Orabug 29222572 0.112-27 - Deprecate...

Malicious code in gd-apply (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 28fa196d02660fc75efc9c71f8cf8ee2ddc35286c432de6b7aa4f801a00a0013 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

The vulnerability of the distributed Git version control system, related to the improper restriction on the path name of the restricted access directory, allows a violator to re-record any files in the system.

The vulnerability of the distributed Git version control system relates to the input of processed input data—the path outside the working tree may be rewritten by a user who runs “git apply”. Exploiting this vulnerability allows an attacker to rewrite any files in the system at will...

PT-2023-16288 · WordPress · Wp Dark Mode

Name of the Vulnerable Software and Affected Versions: WP Dark Mode WordPress plugin versions prior to 4.0.8 Description: The issue arises from improper sanitization of the style parameter in shortcodes, leading to Local File Inclusion. This can occur on servers where non-existent directories may...

PT-2023-17839 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a possible out of bounds read in the append camera metadata function of camera metadata.c due to a missing bounds check. This could lead to local information disclosure, requiring System...

PT-2023-17086 · Unknown · Syoyo Tinydng

Name of the Vulnerable Software and Affected Versions: syoyo tinydng affected versions not specified Description: A problematic issue has been found, affecting the interceptor memcpy function of the file tiny dng loader.h. This leads to a heap-based buffer overflow. Local access is required for a...

CISA Issues Urgent Warning: Adobe ColdFusion Vulnerability Exploited in the Wild

The U.S. Cybersecurity and Infrastructure Security Agency CISA on March 15 added a security vulnerability impacting Adobe ColdFusion to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The critical flaw in question is CVE-2023-26360 CVSS score: 8.6, which...

CLSA-2023-1677231280 git: Fix of 4 CVEs

CVE-2022-41903: fix out-of-bounds write caused by integer overflow - CVE-2021-40330: forbid newlines in host and path - CVE-2022-39260: reject too long command line strings - CVE-2023-23946: prevent git-apply from writing behind newly created symbolic links...

CVE-2023-23946

A vulnerability was found in Git. This security issue occurs when feeding a crafted input to "git apply." A path outside the working tree can be overwritten by the user running "git apply." Mitigation Use git apply --stat to inspect a patch before applying; avoid applying one that creates a...

SUSE CVE-2023-23946

Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to git apply, a path outside the working tree can be overwritten as the user who is running git apply. A...

PT-2025-18812 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version Description: A warning in the Linux kernel has been resolved. The issue occurs when handling a discover identity message in the USB typec tcpm module. This warning can be triggered by specific...