CVE-2016-10128

Buffer overflow in the gitpktparseline function in transports/smartpkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet...

CVE-2016-10128

CVE-2016-10128 describes a buffer overflow in the Git Smart Protocol handling of libgit2. Specifically, the vulnerability arises in git_pkt_parse_line within transports/smart_pkt.c, allowing remote attackers to cause unspecified impact via a crafted non-flush packet when using libgit2 versions be...

CVE-2016-10129

CVE-2016-10129 affects libgit2’s Git Smart Protocol handling: an empty packet line can trigger a NULL pointer dereference, enabling a remote DoS. Public docs confirm the issue and that upstream fixes were implemented in 0.24.6 (and related 0.25.x fixes in other CVEs); affected releases prior to t...

CVE-2016-10129

The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service NULL pointer dereference via an empty packet line...

USN-3243-1: Git vulnerability

It was discovered that Git incorrectly sanitized branch names in the PS1 variable when configured to display the repository status in the shell prompt. If a user were tricked into exploring a malicious repository, a remote attacker could use this issue to execute arbitrary code...

GIT 1.8.5.6 / 1.9.5 / 2.0.5 / 2.1.4/ 2.2.1 & Mercurial < 3.2.3 - Exploit

Exploit for multiple platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Malicious Git and Mercurial HTTP Server For CVE-2014-9390',...

BGP Swiss Army Knife: ExaBGP

ExaBGP provides a convenient way to implement Software Defined Networking by transforming BGP messages into friendly plain text or JSON, which can then be easily handled by simple scripts or your BSS/OSS. It is routinely used to improve service resilience and provide protection against network or...

Design/Logic Flaw

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution...

DEBIAN-CVE-2014-9938

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution...

CVE-2014-9938

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution...

CVE-2014-9938

CVE-2014-9938 is disclosed in multiple feeds as a vulnerability in Git where the git-prompt.sh script failed to sanitize branch names, enabling potential code execution via PS1 in affected Git versions. Connected documents corroborate this vulnerability as part of EulerOS advisories and Nessus/NV...

CVE-2014-9938

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution...

CVE-2014-9938

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution...

CVE-2014-9938

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution...

2017 Visual Studio Code Workspace settings code execution

The following issue constitutes an arbitrary code execution vulnerability in Visual Studio Code herein referred to as "Code". Users should upgrade to Code 1.9.0 or later. says: Visual Studio Code is a source code editor developed by Microsoft for Windows, Linux and macOS. It includes support for...

CVE-2016-10026

ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revisio...

CVE-2016-10026

The CVE-2016-10026 case concerns ikiwiki version 3.20161219, where the CGI interface enabled with git and recentchanges plugins allows a revision to bypass authorization and revert changes by exploiting page permissions. Technical details indicate the root cause lies in how revision changes are c...

CVE-2016-10026

ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revisio...

CVE-2016-8569

The gitoidnfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service NULL pointer dereference via a cat-file command with a crafted object file...

CVE-2016-8569

Vulnerability details (CVE-2016-8569): The libgit2 library (versions before 0.24.3) is affected by a denial-of-service via a NULL pointer dereference in git_commit_message when processing certain crafted objects (cat-file usage). Public advisories in Debian/Ubuntu openSUSE notes confirm the issue...