128 matches found
EUVD-2013-4322
Malware in sbrugna...
EUVD-2010-2456
Malware in sbrugna...
EUVD-2018-8762
Malware in sbrugna...
EUVD-2013-6986
Malware in sbrugna...
EUVD-2011-1573
Malware in sbrugna...
EUVD-2012-4435
Malware in sbrugna...
EUVD-2018-13230
Malware in sbrugna...
EUVD-2022-33573
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2018-16976
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gitolite before 3.6.9 does not in certain configurations involving @all or a regex properly restrict access to a Git repository that is in the process of being...
Linux Distros Unpatched Vulnerability : CVE-2018-20683
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a bad impact by...
CVE-2022-29171
Sourcegraph is a fast and featureful code search and navigation engine. Versions before 3.38.0 are vulnerable to Remote Code Execution in the gitserver service. The Gitolite code host integration with Phabricator allows Sourcegraph site admins to specify a callsignCommand, which is used to obtain...
CVE-2010-2447
gitolite before 1.4.1 does not filter src/ or hooks/ from path names...
OPENSUSE-SU-2024:10789-1 gitolite-3.6.12-1.6 on GA media
These are all security issues fixed in the gitolite-3.6.12-1.6 package on the GA media of openSUSE Tumbleweed...
SUSE CVE-2012-4506
Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories and possibly perform other actions via a .. dot dot in a repository name...
SUSE CVE-2013-4451
gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors involving world-writable permissions when creating 1 /.gitolite.rc, 2 /.gitolite, or 3 /repositories/gitolite-admin.git on fresh installs...
SUSE CVE-2018-16976
Gitolite before 3.6.9 does not in certain configurations involving @all or a regex properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow valid users to obtain unintended access...
SUSE CVE-2018-20683
commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the host parameter on the /list-gitolite endpoint. An attacker can inject commands by sending local requests to the vulnerable endpoint. Remediation Upgrade...
CVE-2022-41942
Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host parameter of the /list-gitolite endpoint. It...
Command injection
Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host parameter of the /list-gitolite endpoint. It...