Lucene search
K

17 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-52726

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5,...

9CVSS7.5AI score0.25334EPSS
Exploits32References4
NVD
NVD
added 2026/06/10 11:16 p.m.23 views

CVE-2026-52726

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS0.00448EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 11:16 p.m.9 views

CVE-2026-47734

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.1.0 and prior to version 1.2.5, a client with push access could push a tiny crafted thin pack 174 bytes whose delta header declares a huge destsize. When dulwich ingested it via addthinpack /...

5.7CVSS0.00188EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 10:13 p.m.9 views

EUVD-2026-36195

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS5.8AI score0.00448EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 10:13 p.m.20 views

CVE-2026-52726

Technical details about CVE-2026-52726 are not publicly provided in the supplied documents; monitor for updates.

7.5CVSS5.8AI score0.00448EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 10:11 p.m.9 views

EUVD-2026-36193

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.1.0 and prior to version 1.2.5, a client with push access could push a tiny crafted thin pack 174 bytes whose delta header declares a huge destsize. When dulwich ingested it via addthinpack /...

5.7CVSS5.4AI score0.00188EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.18 views

PT-2026-48568

🔴 CVE-2026-52726 is being exploited for RCE: attackers can drop malicious .git/hooks payloads via Dulwich's submodule path traversal flaw. This bypasses standard protections. Patch immediately to prevent full compromise. NerdieNews CyberSecurity Vulnerability https://t.co/tIoG1l3nqd...

7.5CVSS5.4AI score0.00448EPSS
Exploits0References4
OSV
OSV
added 2026/05/28 10:29 p.m.8 views

GHSA-9277-MP7X-85JF Dulwich Vulnerable to Command Injection via Merge Driver Path

Summary Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the %P placeholder and executes it with subprocess.run..., shell=True. An attacker who can cause a victim to merge an untrusted...

7.7CVSS6.3AI score0.00555EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-0019

Malware in sbrugna...

7.5CVSS8.9AI score0.05032EPSS
Exploits1References15
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2017-16228

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in th...

10CVSS7.2AI score0.77823EPSS
Exploits10References2
OSV
OSV
added 2022/05/17 4:14 a.m.5 views

GHSA-4J5J-58J7-6C3W Dulwich Arbitrary code execution via commit with directory path starting with .git

The buildindexfromtree function in index.py in Dulwich versions 0.9.9 and below allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree...

9.8CVSS7.7AI score0.05032EPSS
Exploits1References11
CNVD
CNVD
added 2017/10/31 12:0 a.m.1 views

Dulwich Arbitrary Command Execution Vulnerability

Dulwich is a Python implementation of the file format and protocols of the Git version control system developed by software developer Jelmer Vernooij. A security vulnerability exists in versions of Dulwich prior to 0.18.5. The vulnerability can be exploited by a remote attacker to execute arbitra...

9.8CVSS7.6AI score0.03394EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2017/10/29 8:29 p.m.31 views

CVE-2017-16228

Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117...

9.8CVSS7.1AI score0.03394EPSS
Exploits0References5
PyPA
PyPA
added 2017/10/29 8:29 p.m.4 views

PYSEC-2017-12

Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117...

9.8CVSS7.8AI score0.03394EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2015/04/01 12:0 a.m.3 views

Dulwich 'build_index_from_tree' function arbitrary command execution vulnerability

Dulwich is a Python implementation of the file format and protocols of the Git version control system developed by software developer Jelmer Vernooij. A security vulnerability exists in the 'buildindexfromtree' function in the index.py file in versions of Dulwich prior to 0.9.9. A remote attacker...

7.5CVSS7.6AI score0.05032EPSS
Exploits1References1
OSV
OSV
added 2015/03/31 2:59 p.m.3 views

CVE-2015-0838

Buffer overflow in the C implementation of the applydelta function in pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file...

7.5AI score
Exploits0References2
OSV
OSV
added 2015/03/31 2:59 p.m.10 views

CVE-2014-9706

The buildindexfromtree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree...

7.3AI score
Exploits0References7
Rows per page
Query Builder