Critical Photon OS Security Update - PHSA-2020-0047

Updates of 'sysstat', 'unbound', 'ruby', 'ncurses', 'git', 'haproxy', 'libxslt', 'libssh2', 'oniguruma' packages of Photon OS have been released...

Photon OS 1.0: Git PHSA-2019-1.0-0263

An update of the git package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-1.0-0263. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid132964;...

Photon OS 2.0: Git PHSA-2019-2.0-0196

An update of the git package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-2.0-0196. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid132971;...

git security update

1.8.3.1-21 - Fix CVE-2019-1387...

Critical Photon OS Security Update - PHSA-2020-3.0-0047

Updates of 'oniguruma', 'ncurses', 'haproxy', 'libxslt', 'libssh2', 'unbound', 'git', 'ruby', 'sysstat' packages of Photon OS have been released...

Remote Code Execution

meta-git is vulnerable to remote code execution. User input is formatted without validation and sanitization inside a command that is subsequently executed using exec in metaGitUpdate.js...

Arbitrary Command Injection

npm-git-publish is vulnerable to arbitrary command injection. The vulnerability exists as gitRemoteUrl and gitRepoDir in lib/publish.ts are not sanitized, and are passed to execSync as a value to be executed...

Exploit Fully Breaks SHA-1, Lowers the Attack Bar

A proof-of-concept attack has been pioneered that “fully and practically” breaks the Secure Hash Algorithm 1 SHA-1 code-signing encryption, used by legacy computers to sign the certificates that authenticate software downloads and prevent man-in-the-middle tampering. The exploit was developed by...

SUSE SLED15 / SLES15 Security Update : git (SUSE-SU-2020:0045-1)

This update for git fixes the following issues : Security issues fixed : CVE-2019-1349: Fixed issue on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice bsc1158787. CVE-2019-19604: Fixed a recursive clone...

Fedora Update for git FEDORA-2019-c841bcc3b9

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Git-Vuln-Finder - Finding Potential Software Vulnerabilities From Git Commit Messages

Finding potential software vulnerabilities from git commit messages. The output format is a JSON with the associated commit which could contain a fix regarding a software vulnerability. The search is based on a set of regular expressions against the commit messages only. If CVE IDs are present,...

SUSE-SU-2020:0045-1 Security update for git

This update for git fixes the following issues: Security issues fixed: - CVE-2019-1349: Fixed issue on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice bsc1158787. - CVE-2019-19604: Fixed a recursive clone...

OS Command Injection

git-diff-apply is vulnerable to OS command injection. Lack of validation and sanitization of the remoteUrl parameter allows an attacker to inject arbitrary OS command via the affected parameter that is subsequently used in utils.run as a git command...

Fedora Update for git FEDORA-2019-1cec196e20

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2019-10776

In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2...

CVE-2019-10776

In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2...

Command injection

In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2...

CVE-2019-10776

CVE-2019-10776 affects the package git-diff-apply prior to v0.22.2. The vulnerability stems from unvalidated input in index.js where a run() command is constructed from a user-controlled remoteUrl, enabling OS command injection. Impact could include remote code execution if untrusted input is sup...

CVE-2019-10776

In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2...

LKWA - Lesser Known Web Attack Lab

Lesser Known Web Attack Lab is for intermediate pentester that can test and practice lesser known web attacks such as Object Injection, XSSI, PHAR Deserialization, variables variable ..etc. Write-ups are welcome. Installation Just clone the git with git clone https://github.com/weev3/LKWA and mov...