Lucene search
K

126 matches found

Tenable Nessus
Tenable Nessus
added 2024/07/13 12:0 a.m.28 views

CBL Mariner 2.0 Security Update: libgit2 / rust (CVE-2023-22742)

The version of libgit2 / rust installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-22742 advisory. - libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with t...

5.9CVSS5.7AI score0.0058EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.52 views

RHEL 7 : libgit2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libgit2: NTFS protections inactive when running Git in the Windows Subsystem for Linux CVE-2020-12279 - A...

8.2AI score0.24014EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2024/03/15 12:0 a.m.17 views

Mageia: Security Advisory (MGASA-2024-0059)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8AI score0.01546EPSS
Exploits0References7
Mageia
Mageia
added 2024/03/14 5:25 p.m.50 views

Updated libgit2 packages fix security vulnerabilities

When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. CVE-2023-22742 Using well-crafted inputs to gitindexadd can cause heap corruption that could be leveraged for arbitrary code execution. CVE-2024-24577...

9.8CVSS8.3AI score0.01546EPSS
Exploits0References5
OSV
OSV
added 2024/03/14 5:25 p.m.8 views

MGASA-2024-0059 Updated libgit2 packages fix security vulnerabilities

When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. CVE-2023-22742 Using well-crafted inputs to gitindexadd can cause heap corruption that could be leveraged for arbitrary code execution. CVE-2024-24577...

9.8CVSS8AI score0.01546EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2024/03/06 12:0 a.m.30 views

Ubuntu: Security Advisory (USN-6678-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8AI score0.0511EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2024/03/05 6:46 p.m.46 views

USN-6678-1: libgit2 vulnerabilities

It was discovered that libgit2 mishandled equivalent filenames on NTFS partitions. If a user or automated system were tricked into cloning a specially crafted repository, an attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.0...

9.8CVSS7.5AI score0.0511EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/03/05 12:0 a.m.33 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : libgit2 vulnerabilities (USN-6678-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6678-1 advisory. It was discovered that libgit2 mishandled equivalent filenames on NTFS partitions. If a user or automated...

9.8CVSS7.8AI score0.0511EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/01/01 12:0 a.m.4 views

PT-2024-41772

Name of the Vulnerable Software and Affected Versions Ceph affected versions not specified Description An issue exists in Ceph related to incorrect certificate checking when using Pybind. This flaw could allow an attacker to perform a Man In the Middle MITM attack, potentially compromising mail...

5.9AI score0.00029EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/10/03 12:0 a.m.5 views

DTS Monitoring Operating System Command Injection Vulnerability

DTS Monitoring is an information system monitoring platform from DTS Corporation. An operating system command injection vulnerability exists in DTS Monitoring version 3.57.0, which originates from the port parameter in the SSL certificate checking function being susceptible to operating system...

9.8CVSS7.4AI score0.01241EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/04/20 12:0 a.m.21 views

SUSE SLES15 / openSUSE 15 Security Update : libgit2 (SUSE-SU-2023:1909-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1909-1 advisory. - CVE-2023-22742: Fixed SSH keys verification failure bsc1207364. Tenable has extracted the preceding description block directly from the...

5.9CVSS6.2AI score0.0058EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/04/07 12:0 a.m.35 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libgit2 (SUSE-SU-2023:1788-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1788-1 advisory. - CVE-2023-22742: Verify ssh remote host keys bsc1207364 Tenable has extracted the preceding description...

5.9CVSS6.1AI score0.0058EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/03/25 12:0 a.m.29 views

openSUSE 15 Security Update : libgit2 (SUSE-SU-2023:1570-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:1570-1 advisory. - CVE-2023-22742: Fixed SSH keys verification failure bsc1207364. Tenable has extracted the preceding description block directly from the SUSE security...

5.9CVSS6.2AI score0.0058EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2023/02/24 12:0 a.m.22 views

Debian: Security Advisory (DLA-3340-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.7AI score0.0511EPSS
Exploits0References4
Debian
Debian
added 2023/02/23 9:21 p.m.41 views

[SECURITY] [DLA 3340-1] libgit2 security update

Debian LTS Advisory DLA-3340-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost February 23, 2023 https://wiki.debian.org/LTS Package : libgit2 Version : 0.27.7+dfsg.1-0.2+deb10u1 CVE ID : CVE-2020-12278 CVE-2020-12279 CVE-2023-22742 Debian Bug : 1029368 A vulnerabili...

9.8CVSS7.4AI score0.0511EPSS
Exploits0
Veracode
Veracode
added 2023/01/25 8:21 p.m.23 views

Improper Input Validation

libgit2 is vulnerable to Improper Input Validation. When using an SSH remote with the optional libssh2 backend, it does not perform certificate checking by default subjecting to a man-in-the-middle attack...

5.9CVSS6AI score0.0058EPSS
Exploits0References8Affected Software1
RedhatCVE
RedhatCVE
added 2023/01/24 5:6 a.m.38 views

CVE-2023-22742

A flaw was found in libgit2, a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's...

5.3CVSS6AI score0.0058EPSS
Exploits0References3
NVD
NVD
added 2023/01/20 11:15 p.m.22 views

CVE-2023-22742

libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...

5.9CVSS5.7AI score0.0058EPSS
Exploits0References7
Prion
Prion
added 2023/01/20 11:15 p.m.26 views

Design/Logic Flaw

libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...

2.6CVSS5.8AI score0.0058EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/01/20 11:15 p.m.3 views

UBUNTU-CVE-2023-22742

libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...

5.9CVSS5.8AI score0.0058EPSS
Exploits0References7
Rows per page
Query Builder