Huawei EulerOS: Security Advisory for git (EulerOS-SA-2025-2411)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2008-2800

Malware in sbrugna...

The vulnerabilities of the Support-per-file encoding() and Show origin of this line() functions in the Gitk browser allow attackers to gain unauthorized access to create and delete user files.

The vulnerability of the Support per-file encoding and Show origin of this line functions in the Gitk browser exists because measures to eliminate special elements are not taken. Exploiting this vulnerability can allow an intruder to gain unauthorized access to create and delete user files...

gitk: Git file creation flaw

A vulnerability has been identified in the gitk application that could lead to unauthorized file modification or data loss. This flaw manifests in two primary scenarios: - Untrusted Repository Cloning: When a user is tricked into cloning an untrusted Git repository and then uses gitk to visualize...

AZL-65076 CVE-2025-27613 affecting package git for versions less than 2.45.4-1

Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled...

ALPINE-CVE-2025-27613

Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled...

DEBIAN-CVE-2025-27613

Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled...

SUSE CVE-2025-27613

Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled...

UBUNTU-CVE-2025-27613

Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled...

TYPO3 跨站脚本漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in TYPO3 CMS, which stems from an inability to correctly encode user control values in file entities, making ShowImageController susceptible to...

The vulnerability of the jfif_encode() function in the FFJPEG library for encoding and decoding JPEG files allows a attacker to cause a service failure.

The vulnerability of the jfifencode function in the FFJPEG library for encoding and decoding JPEG files is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an attacker to cause service interruptions...

CVE-2019-12402

The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress...

CARBANAK Week Part One: A Rare Occurrence

It is very unusual for FLARE to analyze a prolifically-used, privately-developed backdoor only to later have the source code and operator tools fall into our laps. Yet this is the extraordinary circumstance that sets the stage for CARBANAK Week, a four-part blog series that commences with this...

[SECURITY] Fedora 26 Update: sharutils-4.15.2-6.fc26

The sharutils package contains the GNU shar utilities, a set of tools for encoding and decoding packages of files in binary or text format in a special plain text format called shell archives shar. This format can be sent through e-mail which can be problematic for regular binary files. T he shar...

Changing system locale means users with non-ASCII characters in their passwords cannot authenticate

The OSUser and Atlassian-User authenticators used by Confluence convert a password into bytes before hashing it. This conversion doesn't specify which encoding should be used, so the system's default encoding is used. If the system administrator changes the locale settings on the server or change...

Fedora 11 : wordpress-2.8.2-1.fc11 (2009-8109)

Tue Jul 28 2009 Adrian Reber - 2.8.2-1 - updated to 2.8.2 for security fixes - BZ 512900 - fixed 'wrong-script-end-of-line-encoding' of license.txt - correctly disable auto update check - fixed an error message from 'find' during the build - Mon Jul 27 2009 Fedora Release Engineering - 2.8.1-2 -...