Important: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Oracle Linux 7 : git (ELSA-2018-1957)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-1957 advisory. - Backport fix for CVE-2018-1123 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has no...

RHEL 7 : git (RHSA-2018:1957)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:1957 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-serve...

git security update

1.8.3.1-14 - Backport fix for CVE-2018-1123 - Thanks to Jonathan Nieder for backporting to 2.1.x and to Steve Beattie for backporting to 1.9.1...

Collecting & Hunting For IOCs With Gusto and Style: rastrea2r

Ever wanted to turn your AV console into an Incident Response & Threat Hunting machine? Rastrea2r pronounced “rastreador” – hunter- in Spanish is a multi-platform open source tool that allows incident responders and SOC analysts to triage suspect systems and hunt for Indicators of Compromise IOCs...

Command Injection

git-dummy-commit is vulnerable to command injection attacks. The application does not sanitize the filename parameter, allowing a malicious user to inject and execute arbitrary commands...

Remote Code Execution (RCE)

funcster is vulnerable to remote code execution RCE attacks. The application uses the unsafe shell execution API commands, allowing a malicious user to inject and execute arbitrary code through the git checkout command...

Remote Code Execution (RCE)

pullit is vulnerable to remote code execution RCE attacks. The application uses the unsafe shell execution API commands, allowing a malicious user to inject and execute arbitrary code through the git checkout command...

Security Bulletin: Vulnerabilities in git affect PowerKVM

Summary PowerKVM is affected by vulnerabilities in git. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2017-8386 DESCRIPTION: Git could allow a remote authenticated attacker to gain elevated privileges on the system. By giving a specially crafted repository name wit...

Security Bulletin: Vulnerabilities in git affect PowerKVM (CVE-2016-2315, CVE-2016-2324)

Summary PowerKVM is affected by vulnerabilities in git. These vulnerabilities are now fixed. Vulnerability Details CVEID: CVE-2016-2315 DESCRIPTION: GIT is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By pushing a specially-crafted repository, a remote...

Security Bulletin: A vulnerability in git affects PowerKVM (CVE-2015-7545)

Summary PowerKVM is affected by a vulnerability in git. This vulnerability is now fixed. Vulnerability Details CVEID: CVE-2015-7545 DESCRIPTION: GIT could allow a remote attacker to execute arbitrary commands on the system, caused by the failure to properly handle recursive clones of git...

Security Bulletin: Vulnerability affects IBM® Rational Team Concert™ GIT Integration (CVE-2016-2865 )

Summary A vulnerability was discovered in IBM® Rational Team Concert™ GIT Integration that could disclose some sensitive information. Vulnerability Details CVEID: CVE-2016-2865 DESCRIPTION: IBM Rational Team Concert RTC could allow an authenitcated user to create a corrupted request to the server...

Linux Git Server - Ampersand (&) in tag is not properly handled when closing a branch

I attempted to close a feature branch. I added the tag that included an ampersand CNT-421&CNTUI-123. The tag that was applied to the branch was CNT-421 as the ampersand was not escaped when running the command in Git. The ampersand was treated the same as an ampersand in Bash, which allows the...

Linux Git Server - Ampersand (&) in tag is not properly handled when closing a branch

I attempted to close a feature branch. I added the tag that included an ampersand CNT-421&CNTUI-123. The tag that was applied to the branch was CNT-421 as the ampersand was not escaped when running the command in Git. The ampersand was treated the same as an ampersand in Bash, which allows the...

USN-3671-1: Git vulnerabilities | Cloud Foundry

Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Etienne Stalmans discovered that git did not properly validate git submodules files. A remote attacker could possibly use this to craft a git repo that causes arbitrary code execution when “git clone...

Apple Xcode Code < 9.4.1 Multiple Vulnerabilities

Apple Xcode is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:xcode"; ifdescription...

About the security content of Xcode 9.4.1 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

About the security content of Xcode 9.4.1

About the security content of Xcode 9.4.1 This document describes the security content of Xcode 9.4.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

Amazon Linux 2 : git (ALAS-2018-1035)

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.CVE-2018-11233 In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4...

Amazon Linux AMI : git (ALAS-2018-1035)

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.CVE-2018-11233 In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4...