Lucene search
K

164 matches found

RedHat Linux
RedHat Linux
added 2020/01/27 8:55 a.m.45 views

Important: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

9.3CVSS7AI score0.34007EPSS
Exploits0References5
OSV
OSV
added 2020/01/24 10:15 p.m.23 views

CVE-2019-1348

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths...

3.3CVSS6.9AI score
Exploits0References8
Prion
Prion
added 2020/01/24 10:15 p.m.25 views

Command injection

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths...

3.6CVSS6.1AI score0.00427EPSS
Exploits0References8Affected Software2
CVE
CVE
added 2020/01/24 9:14 p.m.264 views

CVE-2019-1348

CVE-2019-1348 affects Git prior to 2.24.1 (including 2.23.1, 2.22.2, 2.21.1, etc.). The root cause is that the --export-marks feature of git fast-import is exposed through the in-stream command export-marks=... mechanism, which can overwrite arbitrary paths. This creates a local-attack surface wh...

3.6CVSS6.7AI score0.00427EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2020/01/24 9:14 p.m.31 views

CVE-2019-1348

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths...

3.6CVSS7.2AI score0.00427EPSS
Exploits0
OSV
OSV
added 2020/01/14 11:14 p.m.5 views

OPENSUSE-SU-2020:0059-1 Security update for nodejs8

This update for nodejs8 to version 8.17.0 fixes the following issues: Security issues fixed: - CVE-2019-16777, CVE-2019-16776, CVE-2019-16775: Updated npm to 6.13.4, fixing an arbitrary path overwrite and access via 'bin' field bsc1159352. This update was imported from the SUSE:SLE-15:Update upda...

8.1CVSS7.9AI score0.03342EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2020/01/09 12:0 a.m.43 views

SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2020:0043-1)

This update for nodejs8 to version 8.17.0 fixes the following issues : Security issues fixed : CVE-2019-16777, CVE-2019-16776, CVE-2019-16775: Updated npm to 6.13.4, fixing an arbitrary path overwrite and access via 'bin' field bsc1159352. Note that Tenable Network Security has extracted the...

8.1CVSS7.2AI score0.03342EPSS
Exploits0References9
OSV
OSV
added 2020/01/08 1:55 p.m.6 views

SUSE-SU-2020:0043-1 Security update for nodejs8

This update for nodejs8 to version 8.17.0 fixes the following issues: Security issues fixed: - CVE-2019-16777, CVE-2019-16776, CVE-2019-16775: Updated npm to 6.13.4, fixing an arbitrary path overwrite and access via 'bin' field bsc1159352...

8.1CVSS7.8AI score0.03342EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2020/01/02 8:56 a.m.100 views

Important: Red Hat Security Advisory: rh-git218-git security update

An update for rh-git218-git is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

9.3CVSS7AI score0.34007EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2019/12/23 12:0 a.m.69 views

Oracle Linux 8 : git (ELSA-2019-4356)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4356 advisory. - Remote code execution in recursive clones with nested submodules Resolves: CVE-2019-1387 Tenable has extracted the preceding description block direct...

9.3CVSS7.7AI score0.34007EPSS
Exploits0References5
Veracode
Veracode
added 2019/12/20 12:15 a.m.30 views

Arbitrary Path Overwriting

Git is vulnerable to arbitrary path overwriting. It is possible via export-marks in-stream command feature...

3.3CVSS4.2AI score0.00427EPSS
Exploits0References12Affected Software2
Tenable Nessus
Tenable Nessus
added 2019/12/20 12:0 a.m.44 views

RHEL 8 : git (RHSA-2019:4356)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:4356 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a...

9.3CVSS7.8AI score0.34007EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2019/12/19 7:18 p.m.45 views

Important: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

9.3CVSS7AI score0.34007EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2019/12/11 12:0 a.m.72 views

Debian: Security Advisory (DSA-4581-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.2AI score0.34007EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2019/12/11 12:0 a.m.57 views

Ubuntu: Security Advisory (USN-4220-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.2AI score0.34007EPSS
Exploits1References2
OSV
OSV
added 2019/09/27 6:15 p.m.5 views

UBUNTU-CVE-2019-11751

Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to write a log file to an arbitrary location such as the Windows 'Startup' folder. Note: this issue...

8.8CVSS7.4AI score0.01062EPSS
Exploits0References3
CNVD
CNVD
added 2019/09/23 12:0 a.m.2 views

QNAP Systems TS-870 File Upload Vulnerability

QNAP Systems TS-870 is a NAS Network Attached Storage appliance from China Weilian QNAP Systems. A file upload vulnerability exists in the QNAP Systems TS-870 using firmware version 4.3.4.0486, which can be exploited by an attacker to upload files to an arbitrary path...

9.1CVSS7.1AI score0.0111EPSS
Exploits0References1
NVD
NVD
added 2019/08/02 1:15 p.m.29 views

CVE-2019-10167

The virConnectGetDomainCapabilities libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients...

8.8CVSS7.7AI score0.00521EPSS
Exploits0References3
OSV
OSV
added 2019/08/02 1:15 p.m.26 views

CVE-2019-10167

The virConnectGetDomainCapabilities libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients...

7.8CVSS6.9AI score0.00521EPSS
Exploits0References3
Prion
Prion
added 2019/08/02 1:15 p.m.26 views

Design/Logic Flaw

The virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's...

4.6CVSS8AI score0.00549EPSS
Exploits0References3Affected Software9
Rows per page
Query Builder