Lucene search
K

619 matches found

Vulnrichment
Vulnrichment
added 2026/05/14 8:8 p.m.10 views

CVE-2026-44647 OneDev: Path Traversal (read capability via Git LFS pointer resolution)

OneDev is a Git server with CI/CD, kanban, and packages. Prior to 15.0.2, there is behavior that breaks the expected boundary between repository-controlled LFS metadata and server-local filesystem paths. A repository object can steer raw blob reads to arbitrary local files that the server account...

7.1CVSS5.9AI score0.00319EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/14 8:8 p.m.10 views

EUVD-2026-30478

OneDev is a Git server with CI/CD, kanban, and packages. Prior to 15.0.2, there is behavior that breaks the expected boundary between repository-controlled LFS metadata and server-local filesystem paths. A repository object can steer raw blob reads to arbitrary local files that the server account...

7.1CVSS5.9AI score0.00319EPSS
Exploits0References1
OSV
OSV
added 2026/05/14 6:1 p.m.13 views

RLSA-2026:16875 Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 golang:...

7.8CVSS7.4AI score0.00728EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

OneDev 路径遍历漏洞

OneDev is a JAVA-based multi-functional DevOps platform developed by Theonedev team. This platform supports container building, orchestration, CI, Git management, and team collaboration, helping developers create a simple yet powerful development platform. Versions of OneDev prior to 15.0.2 had a...

7.1CVSS5.9AI score0.00319EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.8 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: git-lfs (UTSA-2026-021307)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021307 advisory. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is us...

9.1CVSS6.6AI score0.00724EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.7 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: git-lfs (UTSA-2026-019019)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-019019 advisory. Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Tenable...

7.5CVSS6.9AI score0.01403EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.7 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: git-lfs (UTSA-2026-021350)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021350 advisory. Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is...

7.5CVSS7.1AI score0.00459EPSS
Exploits2References4
OSV
OSV
added 2026/05/13 10:14 a.m.16 views

RHSA-2026:16875 Red Hat Security Advisory: git-lfs security update

Bulletin has no description...

7.8CVSS7.3AI score0.00728EPSS
Exploits0References33
Tenable Nessus
Tenable Nessus
added 2026/05/13 12:0 a.m.10 views

Oracle Linux 8 : git-lfs (ELSA-2026-16875)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-16875 advisory. 3.4.1-10 - Rebuild with new Golang - Resolves: RHEL-167541, RHEL-167379, RHEL-166518 3.4.1-9 - Rebuild with new Golang - Resolves: RHEL-156637 Tenable...

7.5CVSS7.4AI score0.00728EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.5 views

MiracleLinux 9 : git-lfs-3.6.1-8.el9_7.1 (AXSA:2026-580:05)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-580:05 advisory. golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32282 crypto/tls: golang: Go crypto/tls: Denial of Service via...

7.5CVSS5.9AI score0.00621EPSS
Exploits0References4
OSV
OSV
added 2026/05/07 10:7 a.m.16 views

RHSA-2026:14200 Red Hat Security Advisory: git-lfs security update

Bulletin has no description...

7.8CVSS5.7AI score0.00621EPSS
Exploits0References25
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.7 views

Oracle Linux 9 : git-lfs (ELSA-2026-14200)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-14200 advisory. 3.6.1-8.1 - Rebuild with new Golang - Resolves: RHEL-167659, RHEL-170836, RHEL-166651 Tenable has extracted the preceding description block directly...

7.5CVSS7.4AI score0.00621EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/05/06 3:34 p.m.16 views

Important: Red Hat Security Advisory: git-lfs security update

An update for git-lfs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

7.5CVSS7.3AI score0.00621EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2026/05/06 12:0 a.m.20 views

Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32282...

7.5CVSS7.4AI score0.00621EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.11 views

RHEL 9 : git-lfs (RHSA-2026:14200)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:14200 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while...

7.5CVSS5.8AI score0.00621EPSS
Exploits0References8
Oracle linux
Oracle linux
added 2026/05/06 12:0 a.m.18 views

git-lfs security update

3.6.1-8.1 - Rebuild with new Golang - Resolves: RHEL-167659, RHEL-170836, RHEL-166651...

7.5CVSS5.8AI score0.00621EPSS
Exploits0
OSV
OSV
added 2026/04/27 10:4 a.m.9 views

RHSA-2026:10712 Red Hat Security Advisory: git-lfs security update

Bulletin has no description...

7.5CVSS7.5AI score0.00728EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2026/04/27 2:11 a.m.10 views

Important: Red Hat Security Advisory: git-lfs security update

An update for git-lfs is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.5CVSS7.9AI score0.00728EPSS
Exploits0References2
OSV
OSV
added 2026/04/22 10:11 a.m.7 views

RHSA-2026:9439 Red Hat Security Advisory: git-lfs security update

Bulletin has no description...

7.5CVSS5.6AI score0.00728EPSS
Exploits0References11
OSV
OSV
added 2026/04/22 10:11 a.m.7 views

RHSA-2026:9436 Red Hat Security Advisory: git-lfs security update

Bulletin has no description...

7.5CVSS5.6AI score0.00728EPSS
Exploits0References11
Rows per page
Query Builder