[SECURITY] [DLA 1495-1] git-annex security update

Package : git-annex Version : 5.20141125+oops-1+deb8u2 CVE ID : CVE-2017-12976 CVE-2018-10857 CVE-2018-10859 Debian Bug : 873088 The git-annex package was found to have multiple vulnerabilities when operating on untrusted data that could lead to arbitrary command execution and encrypted data...

DLA-1495-1 git-annex - security update

Bulletin has no description...

Debian: Security Advisory (DLA-1495-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Darling - Darwin/macOS Emulation Layer For Linux

Darling is a runtime environment for OS X applications. Please note that no GUI applications are supported at the moment. Download Darling uses many Git submodules, so a plain clone will not do. git clone --recurse-submodules https://github.com/darlinghq/darling.git Updating sources: git pull git...

New Threat Actor ‘Rocke’: A Rising Monero Cryptomining Menace

Researchers are warning of a Chinese-language threat actor leveraging a wide array of Git repositories to infect vulnerable systems with Monero-based cryptomining malware. Researchers at Cisco Talos, who discovered the threat actor they call “Rocke”, said they have been tracking the adversary sin...

Rocke: The Champion of Monero Miners

This post was authored by David Liebenberg. Summary Cryptocurrency miners are becoming an increasingly significant part of the threat landscape. These malicious miners steal CPU cycles from compromised devices to mine cryptocurrencies and bring in income for the threat actor. In this post, we loo...

Remote Code Execution in Sourcetree for Windows, via Mercurial repo with Git subrepo - CVE-2018-13397

There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to ga...

Remote Code Execution in Sourcetree for Windows, via Mercurial repo with Git subrepo - CVE-2018-13397

There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to ga...

Updated cgit packages fix security vulnerability

Jann Horn discovered a directory traversal vulnerability in cgit, a fast web frontend for git repositories written in C. A remote attacker can take advantage of this flaw to retrieve arbitrary files via a specially crafted request, when 'enable-http-clone=1' default is not turned off...

conventional-changelog-semf-config (=1.0.4) potentially affected by CVE-2018-3785 via git-dummy-commit (=1.3.0)

git-dummy-commit NPM version =1.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on git-dummy-commit and may be impacted: - conventional-changelog-semf-config =1.0.4 Source cves: CVE-2018-3785 Source advisory: OSV:GHSA-H3C2-X77C-7PVR...

GHSA-H3C2-X77C-7PVR Command Injection in git-dummy-commit

A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter...

Command Injection in git-dummy-commit

A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter...

git-dummy-commit command injection vulnerability

git-dummy-commit is a code commit package. A command injection vulnerability exists in git-dummy-commit version 1.3.0, which stems from the program failing to encode the 'msg' parameter. An attacker can exploit this vulnerability to execute operating system commands...

[SECURITY] Fedora 27 Update: libgit2-0.26.6-1.fc27

libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...

CVE-2018-3785

A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter...

Command injection

A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter...

CVE-2018-3785

A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter...

CVE-2018-3785

A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter...

CVE-2018-3785

CVE-2018-3785 affects git-dummy-commit v1.3.0, where an unescaped parameter allows command injection to execute OS commands. Several sources confirm the issue is a command-injection in the msg/filename handling, enabling remote or local command execution depending on context. Impact is high (OS-l...

Photon OS 1.0: Binutils / C / Dnsmasq / Git / Gnutls / Krb5 / Linux / Mercurial / Mesos / Nginx PHSA-2017-0038 (deprecated)

An update of gnutls, c-ares, nginx, mercurial, linux, mesos, git, binutils, krb5, dnsmasq packages for PhotonOS has been released. File data PhotonOSPHSA-2017-0038.nasl...