TencentOS Server 3: git (TSSA-2025:0995)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0995 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

MiracleLinux 8 : git-2.43.5-3.el8_10 (AXSA:2025-9978:03)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9978:03 advisory. git: The sideband payload is passed unfiltered to the terminal in git CVE-2024-52005 Tenable has extracted the preceding description block directly from the...

MiracleLinux 9 : git-lfs-3.6.1-4.el9_7 (AXSA:2025-11633:09)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-11633:09 advisory. git-lfs: Git LFS may write to arbitrary files via crafted symlinks CVE-2025-26625 Tenable has extracted the preceding description block directly from the...

RHEL 9 : git-lfs (RHSA-2026:0472)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0472 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing th...

MiracleLinux 7 : git-1.8.3.1-25.0.5.el7.AXS7 (AXSA:2025-10788:12)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10788:12 advisory. CVE-2025-27613: fix issue where untrusted repositories could create and truncate files, with the fix implemented in versions 2.43.7 and later CVEs:...

MiracleLinux 9 : git-lfs-3.6.1-1.el9 (AXSA:2025-10212:04)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-10212:04 advisory. golang: crypto/tls: panic when processing post-handshake message on QUIC connections CVE-2023-39321 golang: crypto/tls: lack of a limit on buffered...

MiracleLinux 7 : git-1.8.3.1-25.0.4.el7.AXS7 (AXSA:2025-10662:11)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10662:11 advisory. CVE-2025-48384: config: quote values containing CR character CVEs: CVE-2025-48384 Git is a fast, scalable, distributed revision control system with an...

MiracleLinux 9 : git-2.47.3-1.el9_6 (AXSA:2025-10640:10)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10640:10 advisory. git: Git does not sanitize URLs when asking for credentials interactively CVE-2024-50349 git: Newline confusion in credential helpers can lead to...

MiracleLinux 9 : git-lfs-3.6.1-2.el9_6 (AXSA:2025-10545:05)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10545:05 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block...

MiracleLinux 8 : git-lfs-3.4.1-5.el8_10 (AXSA:2025-10027:03)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10027:03 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block...

MiracleLinux 8 : git-lfs-3.4.1-6.el8_10 (AXSA:2025-11615:08)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-11615:08 advisory. git-lfs: Git LFS may write to arbitrary files via crafted symlinks CVE-2025-26625 Tenable has extracted the preceding description block directly from the...

RHEL 8 : git-lfs (RHSA-2026:0460)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0460 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing th...

RHEL 8 : git-lfs (RHSA-2026:0459)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0459 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing th...

MiracleLinux 9 : git-lfs-3.4.1-4.el9_5 (AXSA:2025-9577:01)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-9577:01 advisory. git-lfs: Git LFS permits exfiltration of credentials via crafted HTTP URLs CVE-2024-53263 Tenable has extracted the preceding description block directly from...

MiracleLinux 8 : git-lfs-3.4.1-4.el8_10 (AXSA:2025-9621:02)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-9621:02 advisory. git-lfs: Git LFS permits exfiltration of credentials via crafted HTTP URLs CVE-2024-53263 Tenable has extracted the preceding description block directly from...

RHEL 8 : git-lfs (RHSA-2026:0465)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0465 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing th...

MiracleLinux 9 : git-2.47.1-2.el9_6 (AXSA:2025-10444:07)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10444:07 advisory. git: The sideband payload is passed unfiltered to the terminal in git CVE-2024-52005 Tenable has extracted the preceding description block directly from the...

MiracleLinux 7 : git-1.8.3.1-25.0.6.el7.AXS7 (AXSA:2025-10998:13)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10998:13 advisory. CVE-2025-46835: prevent malicious creating and overwriting of user's files CVEs: CVE-2025-46835 Git GUI allows you to use the Git source control management...

git-lfs: Git LFS may write to arbitrary files via crafted symlinks

A flaw was found in Git LFS. Running git lfs checkout and git lfs pull in a specially crafted repository, specifically with symbolic or hard links tracked by Git LFS and pointing to files outside the working tree or in a bare repository, can cause Git LFS to write to arbitrary file system locatio...

git-lfs: Git LFS may write to arbitrary files via crafted symlinks

A flaw was found in Git LFS. Running git lfs checkout and git lfs pull in a specially crafted repository, specifically with symbolic or hard links tracked by Git LFS and pointing to files outside the working tree or in a bare repository, can cause Git LFS to write to arbitrary file system locatio...