Lucene search
+L

511 matches found

almalinux
almalinux
added 2026/02/09 12:0 a.m.9 views

Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted...

7.5CVSS5.7AI score0.00459EPSS
Exploits2References4
nessus
nessus
added 2026/01/27 12:0 a.m.5 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : Git LFS vulnerabilities (USN-7977-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7977-1 advisory. Ryota K discovered that Git LFS may leak login credentials in certain instances due to failing to check for...

8.6CVSS6.2AI score0.0104EPSS
Exploits0References3
openvas
openvas
added 2026/01/27 12:0 a.m.15 views

Ubuntu: Security Advisory (USN-7977-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.6CVSS5.9AI score0.0104EPSS
Exploits0References2
osv
osv
added 2026/01/26 1:50 p.m.9 views

USN-7977-1 git-lfs vulnerabilities

Ryota K discovered that Git LFS may leak login credentials in certain instances due to failing to check for URL-encoded characters. An attacker could possibly use this issue to learn sensitive information. CVE-2024-53263 It was discovered that Git LFS could have its git lfs checkout and git lfs...

8.6CVSS7.2AI score0.0104EPSS
Exploits0References3
snyk
snyk
added 2026/01/23 12:31 a.m.2 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via improper validation of repository ownership in the delete process for Git LFS locks. An attacker can remove LFS locks from repositories they do not own by leveraging write access to a...

9.1CVSS5.9AI score0.00415EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2026/01/22 10:1 p.m.4 views

CVE-2026-20897

Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories...

9.1CVSS5.9AI score0.00415EPSS
Exploits0References5
osv
osv
added 2026/01/22 10:1 p.m.9 views

CVE-2026-20897 Gitea Git LFS Lock Deletion Broken Access Control (Cross-Repo IDOR)

Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories...

9.1CVSS5.9AI score0.00415EPSS
Exploits0References10
nessus
nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 9 : git-lfs-3.4.1-4.el9_4 (AXSA:2024-8856:07)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8856:07 advisory. encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156...

7.5CVSS7.6AI score0.01127EPSS
Exploits0References2
nessus
nessus
added 2026/01/20 12:0 a.m.9 views

MiracleLinux 8 : git-lfs-3.4.1-2.el8 (AXSA:2024-8248:04)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8248:04 advisory. golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45288 golang: net/http/cookiejar: incorrect forwarding of...

7.5CVSS7.1AI score0.91969EPSS
Exploits1References5
nessus
nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : git-lfs-2.13.3-3.el8 (AXSA:2022-3920:02)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3920:02 advisory. golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension CVE-2020-28851 golang.org/x/text: Panic in...

7.5CVSS7.1AI score0.02607EPSS
Exploits5References10
nessus
nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : git-lfs-3.4.1-3.el8_10 (AXSA:2024-8855:06)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8855:06 advisory. encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156...

7.5CVSS7.8AI score0.01127EPSS
Exploits0References2
nessus
nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : git-lfs-3.2.0-3.el8_9 (AXSA:2024-7734:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-7734:01 advisory. golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45288,VU421644.3 Tenable has extracted the preceding description...

7.5CVSS7.3AI score0.91969EPSS
Exploits1References2
nessus
nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 9 : git-lfs-3.2.0-1.el9 (AXSA:2023-5844:01)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5844:01 advisory. golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: net/http/httputil: ReverseProxy should not forward...

7.5CVSS7.2AI score0.05623EPSS
Exploits4References11
nessus
nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : git-lfs-3.2.0-2.el8 (AXSA:2023-5956:02)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5956:02 advisory. golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters CVE-2022-2880 golang: regexp/syntax: limit memory used by...

7.5CVSS7.7AI score0.05623EPSS
Exploits1References4
osv
osv
added 2026/01/14 10:39 a.m.5 views

RHSA-2026:0465 Red Hat Security Advisory: git-lfs security update

Bulletin has no description...

8.1CVSS6.9AI score0.00697EPSS
Exploits0References12
nessus
nessus
added 2026/01/13 12:0 a.m.4 views

MiracleLinux 9 : git-lfs-3.6.1-2.el9_6 (AXSA:2025-10545:05)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10545:05 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block...

9.1CVSS7.2AI score0.00778EPSS
Exploits0References2
nessus
nessus
added 2026/01/13 12:0 a.m.4 views

MiracleLinux 8 : git-lfs-3.4.1-4.el8_10 (AXSA:2025-9621:02)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-9621:02 advisory. git-lfs: Git LFS permits exfiltration of credentials via crafted HTTP URLs CVE-2024-53263 Tenable has extracted the preceding description block directly from...

8.5CVSS7.3AI score0.0104EPSS
Exploits0References2
nessus
nessus
added 2026/01/13 12:0 a.m.5 views

MiracleLinux 9 : git-lfs-3.4.1-4.el9_5 (AXSA:2025-9577:01)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-9577:01 advisory. git-lfs: Git LFS permits exfiltration of credentials via crafted HTTP URLs CVE-2024-53263 Tenable has extracted the preceding description block directly from...

8.5CVSS7.3AI score0.0104EPSS
Exploits0References2
nessus
nessus
added 2026/01/13 12:0 a.m.4 views

RHEL 8 : git-lfs (RHSA-2026:0459)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0459 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing th...

8.6CVSS5.3AI score0.00697EPSS
Exploits0References4
nessus
nessus
added 2026/01/13 12:0 a.m.6 views

MiracleLinux 8 : git-lfs-3.4.1-5.el8_10 (AXSA:2025-10027:03)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10027:03 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block...

9.1CVSS7.2AI score0.00778EPSS
Exploits0References2
Rows per page
Query Builder