Lucene search
+L

171 matches found

nvd
nvd
added yesterday7 views

CVE-2026-38974

Dulwich through 1.1.0 was found to be missing SSH host key verification in contrib/paramikovendor.py...

Exploits0References2
ptsecurity
ptsecurity
added yesterday6 views

PT-2026-60333

Name of the Vulnerable Software and Affected Versions Dulwich versions prior to 1.1.0 Description Dulwich fails to perform SSH host key verification within the contrib/paramiko vendor.py file. This lack of verification allows for potential man-in-the-middle attacks during SSH connections...

6.1AI score
Exploits0References4
cve
cve
added yesterday7 views

CVE-2026-38974

CVE-2026-38974 affects Dulwich up to version 1.1.0. The issue is in the SSH-related code path at contrib/paramiko_vendor.py, where SSH host key verification is missing. This absence can allow an attacker to perform a man-in-the-middle potentially compromising authenticity checks during SSH sessio...

6.1AI score
Exploits0References2
osv
osv
added 2 days ago2 views

SUSE-SU-2026:2984-1 Security update for python3-dulwich

This update for python3-dulwich fixes the following issues: - CVE-2026-47734: Do not honour receive.maxInputSize to bound received packs bsc1268138...

5.7CVSS6.1AI score0.00188EPSS
Exploits0References3
fedora
fedora
added 4 days ago10 views

[SECURITY] Fedora 44 Update: python-dulwich-1.2.9-1.fc44

Dulwich is a Python implementation of the Git file formats and protocols. The project is named after the village in which Mr. and Mrs. Git live in the Monty Python sketch...

8.8CVSS6.1AI score0.00635EPSS
Exploits0
opensuse
opensuse
added 2026/07/07 12:0 a.m.3 views

python313-dulwich-1.2.7-1.1 on GA media (moderate)

python313-dulwich-1.2.7-1.1 on GA media Announcement ID: openSUSE-SU-2026:11190-1 Rating: moderate Cross-References: CVE-2015-0838 CVE-2017-16228 CVSS scores: CVE-2017-16228 SUSE : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Tumbleweed An update that solves 2...

9.8CVSS7AI score0.03394EPSS
Exploits0
osv
osv
added 2026/07/06 12:0 a.m.2 views

OPENSUSE-SU-2026:11190-1 python313-dulwich-1.2.7-1.1 on GA media

These are all security issues fixed in the python313-dulwich-1.2.7-1.1 package on the GA media of openSUSE Tumbleweed...

9.8CVSS7.2AI score0.03394EPSS
Exploits0References2
euvd
euvd
added 2026/07/02 5:50 p.m.13 views

EUVD-2026-36195

Dulwich's submodule path traversal in porcelain.submoduleupdate / porcelain.clonerecursesubmodules=True yields RCE via attacker-dropped .git/hooks payload...

7.5CVSS5.8AI score0.00448EPSS
Exploits0References3
osv
osv
added 2026/07/02 5:50 p.m.8 views

GHSA-GFHV-VQV2-4544 Dulwich's submodule path traversal in porcelain.submodule_update / porcelain.clone(recurse_submodules=True) yields RCE via attacker-dropped .git/hooks payload

Summary dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted upstream repository without path validation. A malicious .gitmodules plus a matching tree gitlink whose path is .git/hooks or any...

7.5CVSS6.4AI score0.00448EPSS
Exploits0References4
osv
osv
added 2026/06/29 7:6 a.m.4 views

ROOT-APP-PYPI-CVE-2026-42305 CVE-2026-42305 in rootio-dulwich - Patched by Root

Root has patched CVE-2026-42305 in the rootio-dulwich package for Root:PyPI. Multiple fixed versions available...

8.8CVSS5.8AI score0.00635EPSS
Exploits0
osv
osv
added 2026/06/29 7:6 a.m.7 views

ROOT-APP-PYPI-CVE-2026-42563 CVE-2026-42563 in rootio-dulwich - Patched by Root

Root has patched CVE-2026-42563 in the rootio-dulwich package for Root:PyPI. Multiple fixed versions available...

7.7CVSS5.8AI score0.00555EPSS
Exploits0
redhatcve
redhatcve
added 2026/06/18 8:4 p.m.10 views

CVE-2026-52726

A flaw was found in Dulwich, a pure-Python implementation of Git file formats and protocols. This vulnerability allows a remote attacker to achieve arbitrary code execution by crafting a malicious Git submodule. When a user clones or updates a repository with such a submodule, the...

7.5CVSS6.6AI score0.00448EPSS
Exploits0References5
susecve
susecve
added 2026/06/12 2:27 a.m.11 views

SUSE CVE-2026-42305

Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accept...

6.9CVSS6.5AI score0.00635EPSS
Exploits0References3
susecve
susecve
added 2026/06/12 2:27 a.m.10 views

SUSE CVE-2026-42563

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the ...

7CVSS5.7AI score0.00555EPSS
Exploits0References3
susecve
susecve
added 2026/06/12 2:25 a.m.12 views

SUSE CVE-2026-47712

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, dulwich.porcelain.formatpatchoutdir=... derives each patch filename from the commit's subject line. Prior to this fix, getsummary only replaced spaces with dashes ...

3.3CVSS5.3AI score0.00139EPSS
Exploits0References3
susecve
susecve
added 2026/06/12 2:25 a.m.11 views

SUSE CVE-2026-47734

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.1.0 and prior to version 1.2.5, a client with push access could push a tiny crafted thin pack 174 bytes whose delta header declares a huge destsize. When dulwich ingested it via addthinpack /...

5.7CVSS5.3AI score0.00188EPSS
Exploits0References3
susecve
susecve
added 2026/06/12 2:25 a.m.10 views

SUSE CVE-2026-52726

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS5.7AI score0.00448EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/06/11 4:50 p.m.13 views

CVE-2026-47712

A flaw was found in Dulwich, a pure-Python implementation of Git file formats and protocols. A remote attacker could exploit this vulnerability by crafting a malicious commit subject. When the formatpatch function processes this subject, it could lead to an arbitrary file write, allowing the...

3.3CVSS5.5AI score0.00139EPSS
Exploits0References6
redhatcve
redhatcve
added 2026/06/11 4:47 p.m.13 views

CVE-2026-47734

A flaw was found in Dulwich, a pure-Python implementation of Git file formats and protocols. A remote attacker with push access to a Dulwich-based Git server could send a specially crafted thin pack. This crafted pack, with a manipulated delta header, would cause the server to allocate excessive...

6.5CVSS5.5AI score0.00188EPSS
Exploits0References5
nessus
nessus
added 2026/06/11 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2026-52726

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5,...

9CVSS7.5AI score0.25334EPSS
Exploits32References4
Rows per page
Query Builder