619 matches found
CVE-2026-44647 OneDev: Path Traversal (read capability via Git LFS pointer resolution)
OneDev is a Git server with CI/CD, kanban, and packages. Prior to 15.0.2, there is behavior that breaks the expected boundary between repository-controlled LFS metadata and server-local filesystem paths. A repository object can steer raw blob reads to arbitrary local files that the server account...
EUVD-2026-30478
OneDev is a Git server with CI/CD, kanban, and packages. Prior to 15.0.2, there is behavior that breaks the expected boundary between repository-controlled LFS metadata and server-local filesystem paths. A repository object can steer raw blob reads to arbitrary local files that the server account...
RLSA-2026:16875 Important: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 golang:...
OneDev 路径遍历漏洞
OneDev is a JAVA-based multi-functional DevOps platform developed by Theonedev team. This platform supports container building, orchestration, CI, Git management, and team collaboration, helping developers create a simple yet powerful development platform. Versions of OneDev prior to 15.0.2 had a...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: git-lfs (UTSA-2026-021307)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021307 advisory. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is us...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: git-lfs (UTSA-2026-019019)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-019019 advisory. Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Tenable...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: git-lfs (UTSA-2026-021350)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021350 advisory. Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is...
RHSA-2026:16875 Red Hat Security Advisory: git-lfs security update
Bulletin has no description...
Oracle Linux 8 : git-lfs (ELSA-2026-16875)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-16875 advisory. 3.4.1-10 - Rebuild with new Golang - Resolves: RHEL-167541, RHEL-167379, RHEL-166518 3.4.1-9 - Rebuild with new Golang - Resolves: RHEL-156637 Tenable...
MiracleLinux 9 : git-lfs-3.6.1-8.el9_7.1 (AXSA:2026-580:05)
The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-580:05 advisory. golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32282 crypto/tls: golang: Go crypto/tls: Denial of Service via...
RHSA-2026:14200 Red Hat Security Advisory: git-lfs security update
Bulletin has no description...
Oracle Linux 9 : git-lfs (ELSA-2026-14200)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-14200 advisory. 3.6.1-8.1 - Rebuild with new Golang - Resolves: RHEL-167659, RHEL-170836, RHEL-166651 Tenable has extracted the preceding description block directly...
Important: Red Hat Security Advisory: git-lfs security update
An update for git-lfs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
Important: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32282...
RHEL 9 : git-lfs (RHSA-2026:14200)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:14200 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while...
git-lfs security update
3.6.1-8.1 - Rebuild with new Golang - Resolves: RHEL-167659, RHEL-170836, RHEL-166651...
RHSA-2026:10712 Red Hat Security Advisory: git-lfs security update
Bulletin has no description...
Important: Red Hat Security Advisory: git-lfs security update
An update for git-lfs is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
RHSA-2026:9439 Red Hat Security Advisory: git-lfs security update
Bulletin has no description...
RHSA-2026:9436 Red Hat Security Advisory: git-lfs security update
Bulletin has no description...