[SECURITY] [DLA 938-1] git security update

Package : git Version : 1:1.7.10.4-1+wheezy4 CVE ID : CVE-2017-8386 Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn "git upload-pack --help". For Debian 7 "Wheezy", these...

[SECURITY] [DSA 3848-1] git security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3848-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 10, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3848-1] git security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3848-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 10, 2017 https://www.debian.org/security/faq -...

DSA-3848-1 git - security update

Bulletin has no description...

Debian Security Advisory DSA 3848-1 (git - security update)

Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn OpenVAS Vulnerability Test $Id: deb3848.nasl 6607 2017-07-07 12:04:25Z cfischer $ Auto-generated from advisory DSA 3848-1...

CVE-2017-8386

git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with...

DLA-938-1 git - security update

Bulletin has no description...

UBUNTU-CVE-2017-8386

git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with...

Debian: Security Advisory (DSA-3848-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GitLab Cross-Site Scripting Vulnerability

GitLab is a set of open source applications developed using Ruby on Rails to implement a self-hosted Git version control system project repository, which has similar functionality to Github for accessing the contents of a project's files, commit history, bug lists, and more. A cross-site scriptin...

Atlassian SourceTree 2.5c Client URL Handler Command Injection

Author: redrain, hongyu-sat360.cn Date: 2017-03-02 Version:2.5c and prior Platform: macOS, Windows, Linux Desktop Site: https://www.sourcetreeapp.com Vendor: Atlassian Vendor Notified: 2017-03-02 Technical Details: ======================================== SourceTree v2.5c and prior are affected b...

Web Exploit Detector - Tool To Detect Possible Infections, Malicious Code And Suspicious Files In Web Hosting Environments

The Web Exploit Detector is a Node.js application and NPM module used to detect possible infections, malicious code and suspicious files in web hosting environments. This application is intended to be run on web servers hosting one or more websites. Running the application will generate a list of...

x86 to LLVM Bitcode Translation Framework: McSema

x86 to LLVM Bitcode Translation Framework McSema lifts x86 and amd64 binaries to LLVM bitcode modules. McSema support both Linux and Windows binaries, and most x86 and amd64 instructions, including integer, FPU, and SSE operations. McSema is separated into two conceptual parts: control flow...

EulerOS 2.0 SP1 : git (EulerOS-SA-2016-1009)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer truncation flaw and an integer overflow flaw, both leading to a heap-based buffer overflow, were found in the way Git processed certain...

EulerOS 2.0 SP1 : mercurial (EulerOS-SA-2016-1019)

According to the versions of the mercurial package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that Mercurial failed to properly check Git sub-repository URLs. A Mercurial repository that includes a Git sub-repository...

kaosx.tk XSS vulnerability

Vulnerable URL: http://kaosx.tk/packages/pkg-ls.php?package=git-2.12.0-1-x8664.pkg.tar.xz"';--=build Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1470670 VIP website status:| No...

Nextcloud: GIT Detected

Hello team, While i was testing nextcloud.com, I've detected GIT repository files. GIT repository files can disclose GIT repository usernames and file lists. While disclosures of this type do not provide direct attack vectors, they can be useful for an attacker when combined with other...

GitLab: Stored XSS on Files overview by abusing git submodule URL

Vulnerability description There's a stored Cross-Site Scripting XSS vulnerability in the Files overview of a project due to the incorrect handling of a git submodule. This allows an attacker to execute JavaScript in a visitor's session. Proof of concept To reproduce the issue, the attacker needs ...

USN-3243-1: Git vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that Git incorrectly sanitized branch names in the PS1 variable when configured to display the repository status in the shell prompt. If a user were tricked into exploring a malicious...

Fedora 24 : tcpreplay (2017-7980b5e846)

Here is what is fixed in this release : - Fix reporting of rates 1Mbps 348 - Option --unique-ip not working properly 346 ---- Features and fixes include : - MAC rewriting capabilities by Pedro Arthur 313 - Fix several issues identified by Coverity 305 - Packet distortion --fuzz-seed option by...