CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10096 matches found

CVE•added 2017/12/21 6:0 a.m.•63 views

CVE-2017-17831

CVE-2017-17831 affects GitHub Git LFS prior to 2.1.1. A remote attacker can trigger arbitrary command execution by supplying an SSH URL whose hostname starts with the dash character, as parsed from a url = line in a repository’s .lfsconfig. This corresponds to a high-severity impact (CVSS v3.0: 8...

8.8CVSS8.9AI score0.00724EPSS

Exploits1References5Affected Software1

Cvelist•added 2017/12/21 6:0 a.m.•25 views

CVE-2017-17831

GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository...

9AI score0.00724EPSS

Exploits1References5

Atlassian•added 2017/12/21 5:4 a.m.•44 views

Git LFS: Arbitrary command execution in repositories with Git LFS enabled - CVE-2017-17831

The embedded version of Git LFS|https://git-lfs.github.com used in Sourcetree for macOS was vulnerable to CVE-2017-17831. An attacker can exploit this issue if they can commit to a git repository linked in Sourcetree for macOS by adding a .lfsconfig file containing a malicious lfs url, allowing...

8.8CVSS9.3AI score0.00724EPSS

Exploits1

Atlassian•added 2017/12/21 5:4 a.m.•84 views

Git LFS: Arbitrary command execution in repositories with Git LFS enabled - CVE-2017-17831

10CVSS9.3AI score0.17249EPSS

Exploits1Affected Software1

Kitploit•added 2017/12/18 9:12 p.m.•2071 views

JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool

JexBoss is a tool for testing and exploiting vulnerabilities in JBoss Application Server and others Java Platforms, Frameworks, Applications, etc. Requirements Python = 2.7.x urllib3 ipaddress Installation on Linux\Mac To install the latest version of JexBoss, please use the following commands: g...

9.8CVSS10AI score0.94267EPSS

Exploits45References3

Tenable Nessus•added 2017/12/18 12:0 a.m.•43 views

openSUSE Security Update : mercurial (openSUSE-2017-1388)

This update for mercurial fixes the following issue : - CVE-2017-17458: A specially malformed repository may have caused Git subrepositories to run arbitrary code bsc1071715 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

10CVSS7.4AI score0.17249EPSS

Exploits0References2

Mageia•added 2017/12/16 11:20 p.m.•79 views

Updated openssl packages fix security vulnerabilities

OpenSSL 1.0.2 starting from version 1.0.2b introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the...

5.9CVSS6.9AI score0.42931EPSS

Exploits2References3

Fedora•added 2017/12/15 10:12 a.m.•24 views

[SECURITY] Fedora 27 Update: python-dulwich-0.18.6-1.fc27

Dulwich is a pure-Python implementation of the Git file formats and protocols. The project is named after the village in which Mr. and Mrs. Git live in the Monty Python sketch...

9.8CVSS2.6AI score0.00424EPSS

Exploits0

Tenable Nessus•added 2017/12/11 12:0 a.m.•30 views

Fedora 25 : git (2017-cdfd888e2e)

Previous versions of git mishandled layers of tree objects, which allowed remote attackers to cause a denial of service memory consumption via a crafted repository, aka a git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attem...

5.5CVSS6.3AI score0.00446EPSS

Exploits1References2

Fedora•added 2017/12/09 4:58 a.m.•32 views

[SECURITY] Fedora 25 Update: git-2.9.5-3.fc25

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages,...

5.5CVSS2.4AI score0.00446EPSS

Exploits1

OpenVAS•added 2017/12/09 12:0 a.m.•34 views

Fedora Update for git FEDORA-2017-cdfd888e2e

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS5.9AI score0.00446EPSS

Exploits1References2

Veracode•added 2017/12/08 2:42 a.m.•20 views

Arbitrary Code Execution

mercurial is susceptible to arbitrary code execution attacks. The attacker can run arbitrary code in Git subrepositories through a .git/hooks/post-update script checked into the repository after creating a malicious mercurial repository...

9.8CVSS9.4AI score0.17249EPSS

Exploits0References11Affected Software1

OSV•added 2017/12/07 6:29 p.m.•28 views

PYSEC-2017-90

In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be...

10CVSS1.9AI score0.17249EPSS

Exploits0References10