10056 matches found
CVE-2017-18037
The CVE covers a path traversal flaw in Atlassian Bitbucket Server’s git repository tag rest resource. The problem resides in the tag name handling, allowing remote attackers to read arbitrary files on the server. Affected versions are Bitbucket Server 3.7.0–before 4.14.11 (fixed in 4.14.11), 5.0...
Path traversal through the name of a git tag in the git repository tag rest resource - CVE-2017-18037
The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 the fixed version for 4.14.x, from version 5.0.0 before 5.0.9 the fixed version for 5.0.x, from version 5.1.0 before 5.1.8 the fixed version for 5.1.x, from version 5.2.0 before 5.2.6 the fixed...
Path traversal through the name of a git tag in the git repository tag rest resource - CVE-2017-18037
The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 the fixed version for 4.14.x, from version 5.0.0 before 5.0.9 the fixed version for 5.0.x, from version 5.1.0 before 5.1.8 the fixed version for 5.1.x, from version 5.2.0 before 5.2.6 the fixed...
Argument injection in the download commit resource through the at parameter - CVE-2017-18087
The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them...
RDPY - Remote Desktop Protocol in Twisted Python
RDPY is a pure Python implementation of the Microsoft RDP Remote Desktop Protocol protocol client and server side. RDPY is built over the event driven network engine Twisted. RDPY support standard RDP security layer, RDP over SSL and NLA authentication through ntlmv2 authentication protocol. RDPY...
CVE-2017-14592
Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version 1.4.0 of Sourcetree...
Command injection
Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version 1.4.0 of Sourcetree...
CVE-2017-14592
Sourcetree for macOS is affected by CVE-2017-14592: argument and command injection in Mercurial and Git repo handling, exploitable by a commit permission holder. From version 1.4.0 the issue can be triggered from a webpage via the Sourcetree URI handler. Affected releases are 1.0b2 through before...
CVE-2017-14592
Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version 1.4.0 of Sourcetree...
mupdf/pdf_fuzzer: Use-of-uninitialized-value in lex_white
Project: git://git.ghostscript.com/mupdf.git Detailed report: https://oss-fuzz.com/testcase?key=6665888003522560 Project: mupdf Fuzzer: libFuzzermupdfpdffuzzer Fuzz target binary: pdffuzzer Job Type: libfuzzermsanmupdf Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash...
Debian: Security Advisory (DLA-938-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
mupdf/pdf_fuzzer: Use-of-uninitialized-value in pdf_lex
Project: git://git.ghostscript.com/mupdf.git Detailed report: https://oss-fuzz.com/testcase?key=5405217978843136 Project: mupdf Fuzzer: libFuzzermupdfpdffuzzer Fuzz target binary: pdffuzzer Job Type: libfuzzermsanmupdf Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash...
mupdf/pdf_fuzzer: Use-of-uninitialized-value in fz_adjust_ft_glyph_width
Project: git://git.ghostscript.com/mupdf.git Detailed report: https://oss-fuzz.com/testcase?key=5817553579409408 Project: mupdf Fuzzer: libFuzzermupdfpdffuzzer Fuzz target binary: pdffuzzer Job Type: libfuzzermsanmupdf Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash...
gOSINT - Open Source Intelligence Framework
gOSINT is a small OSINT framework in golang, it's actually in development and still not ready for production if you want, feel free to contribute! What gOSINT can do Find mails from git repository Find Dumps for mail address Search for mail address linked to domain/mail address in PGP keyring...
Fedora 27 : fedpkg / rpkg (2017-9cac2b8b4a)
Update - Fixed chain-build - Remove hard dependency of bash-completion from fedpkg rpkg - Ignore TestModulesCli if openidc-client is unavailable cqi - Port mbs-build to rpkg mprahl - Add .vscode to .gitignore mprahl - Fix TestPatch.testrediff in order to run with old version of mock cqi - Allow t...
Fedora 27 : git-annex (2017-fb1ae91f46)
Update to 6.20170925 - https://hackage.haskell.org/package/git-annex-6.20170925/changelog Security fix for CVE-2017-12976. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean...
Fedora 27 : git (2017-655f0d38c3)
These releases are about hardening git shell that is used on servers against an unsafe user input, which git cvsserver copes with poorly. From the release notes : - 'git cvsserver' no longer is invoked by 'git shell' by default, as it is old and largely unmaintained. - Various Perl scripts did no...
Fedora 27 : git (2017-2c7ddf53d3)
Previous versions of git mishandled layers of tree objects, which allowed remote attackers to cause a denial of service memory consumption via a crafted repository, aka a git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attem...
Directory Traversal
Overview Affected versions of serve-here resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...
truffleHog - Searches Through Git Repositories For High Entropy Strings And Secrets, Digging Deep Into Commit History
Searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accidentally committed. NEW Trufflehog previously functioned by running entropy checks on git diffs. This functionality still exists, but high signal regex checks hav...