Lucene search
K

27 matches found

Github Security Blog
Github Security Blog
added 2026/05/05 7:23 p.m.7 views

gitoxide: CommandForbiddenInModulesConfiguration Bypass in gix_submodule::File::update() Enables Arbitrary Command Execution via .gitmodules

Summary gixsubmodule::File::update is the API that gates whether an attacker-supplied .gitmodules file may set update = !. The function is designed to return ErrCommandForbiddenInModulesConfiguration unless the !command value came from a trusted local source .git/config. Git CVE CVE-2019-19604...

9.3CVSS7.2AI score0.03691EPSS
Exploits1References7Affected Software1
Circl
Circl
added 2024/03/10 8:41 a.m.3 views

CVE-2019-19604

creationtimestamp| type| source ---|---|--- 2024-03-10 08:41:52+00:00| seen| https://t.me/ctinow/204145...

9.3CVSS8.3AI score0.03691EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2023/02/23 12:0 a.m.46 views

Amazon Linux 2 : git (ALAS-2023-1943)

The version of git installed on the remote host is prior to 2.23.1-0. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1943 advisory. A flaw was found in the git fast-import command where it provides the export-marks feature that may unexpectedly overwrite...

9.8CVSS8.6AI score0.34007EPSS
Exploits1References20
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.25 views

Mageia: Security Advisory (MGASA-2019-0393)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS6.7AI score0.34007EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.25 views

SUSE: Security Advisory (SUSE-SU-2020:0045-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.5AI score0.34007EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.27 views

SUSE: Security Advisory (SUSE-SU-2019:3311-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.4AI score0.34007EPSS
Exploits1References13
Tenable Nessus
Tenable Nessus
added 2020/05/04 12:0 a.m.44 views

openSUSE Security Update : git (openSUSE-2020-598)

This update for git fixes the following issues : Security issues fixed : - CVE-2020-11008: Specially crafted URLs may have tricked the credentials helper to providing credential information that is not appropriate for the protocol in use and host being contacted bsc1169936 git was updated to 2.26...

9.8CVSS8.4AI score0.97356EPSS
Exploits24References38
Tenable Nessus
Tenable Nessus
added 2020/05/01 12:0 a.m.46 views

EulerOS Virtualization for ARM 64 3.0.2.0 : git (EulerOS-SA-2020-1537)

According to the versions of the git packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before...

9.8CVSS8.6AI score0.34007EPSS
Exploits3References11
OpenVAS
OpenVAS
added 2020/04/01 12:0 a.m.25 views

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2020-1361)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.2AI score0.34007EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/02/24 12:0 a.m.38 views

EulerOS 2.0 SP5 : git (EulerOS-SA-2020-1101)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Executio...

9.8CVSS8.1AI score0.34007EPSS
Exploits1References10
OpenVAS
OpenVAS
added 2020/02/24 12:0 a.m.40 views

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2020-1101)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.2AI score0.34007EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/01/30 12:0 a.m.45 views

openSUSE Security Update : git (openSUSE-2020-123)

This update for git fixes the following issues : Security issues fixed : - CVE-2019-1349: Fixed issue on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice bsc1158787. - CVE-2019-19604: Fixed a recursive clone...

9.8CVSS7.7AI score0.34007EPSS
Exploits1References20
OpenVAS
OpenVAS
added 2020/01/30 12:0 a.m.63 views

openSUSE: Security Advisory for git (openSUSE-SU-2020:0123_1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS7.3AI score0.34007EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/01/18 12:0 a.m.35 views

Photon OS 3.0: Git PHSA-2020-3.0-0047

An update of the git package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-3.0-0047. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid133063; scriptversion"1.6...

9.3CVSS8.9AI score0.03691EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/01/16 12:0 a.m.31 views

Photon OS 1.0: Git PHSA-2019-1.0-0263

An update of the git package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-1.0-0263. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid132964;...

9.3CVSS8.9AI score0.03691EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2020/01/08 12:0 a.m.33 views

Fedora Update for git FEDORA-2019-1cec196e20

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS7.2AI score0.34007EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2019/12/19 12:0 a.m.66 views

Amazon Linux 2 : git (ALAS-2019-1371)

Git mistakes some paths for relative paths allowing writing outside of the worktree while cloning CVE-2019-1351 NTFS protections inactive when running Git in the Windows Subsystem for Linux CVE-2019-1353 remote code execution in recursive clones with nested submodules CVE-2019-1387 Arbitrary path...

9.8CVSS7.5AI score0.34007EPSS
Exploits1References10
ArchLinux
ArchLinux
added 2019/12/18 12:0 a.m.42 views

[ASA-201912-6] git: arbitrary code execution

Arch Linux Security Advisory ASA-201912-6 ========================================= Severity: High Date : 2019-12-18 CVE-ID : CVE-2019-1348 CVE-2019-1349 CVE-2019-1352 CVE-2019-1387 CVE-2019-19604 Package : git Type : arbitrary code execution Remote : Yes Link :...

9.3CVSS1.6AI score0.34007EPSS
Exploits1References12
Tenable Nessus
Tenable Nessus
added 2019/12/12 12:0 a.m.32 views

FreeBSD : Gitlab -- Multiple Vulnerabilities (21944144-1b90-11ea-a2d4-001b217b3468)

Gitlab reports : Path traversal with potential remote code execution Disclosure of private code via Elasticsearch integration Update Git dependency C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright...

9.8CVSS8.9AI score0.03691EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2019/12/12 12:0 a.m.53 views

Debian DSA-4581-1 : git - security update

Several vulnerabilities have been discovered in git, a fast, scalable, distributed revision control system. - CVE-2019-1348 It was reported that the --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=..., allowing to overwrite arbitrary paths. ...

9.8CVSS8.1AI score0.34007EPSS
Exploits1References16
Rows per page
Query Builder