RHEL 8 : git (RHSA-2023:3247)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3247 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a...

ALSA-2023:3245 Important: git security update

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to wo...

USN-6050-2 git vulnerabilities

USN-6050-1 fixed several vulnerabilities in Git. This update provides the corresponding updates for CVE-2023-25652 and CVE-2023-29007 on Ubuntu 16.04 LTS. Original advisory details: It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to...

Fedora 36 : git (2023-003e7d2867)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-003e7d2867 advisory. update to 2.40.1 CVE-2023-25652, CVE-2023-25815, CVE-2023-29007 Refer to the release notes for 2.30.9 for details of each CVE as well as the followi...

Mageia: Security Advisory (MGASA-2023-0163)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated git packages fix security vulnerability

By feeding specially crafted input to 'git apply --reject', a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunks from the given patch. CVE-2023-25652. When Git is compiled with runtime prefix support and runs without translated...

SUSE-SU-2023:2081-1 Security update for git

This update for git fixes the following issues: - CVE-2023-25652: Fixed partial overwrite of paths outside the working tree bsc1210686. - CVE-2023-25815: Fixed malicious placemtn of crafted message bsc1210686. - CVE-2023-29007: Fixed arbitrary configuration injection bsc1210686...

USN-6050-1 git vulnerabilities

It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwriting some paths. CVE-2023-25652 Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue to...

SUSE-SU-2023:2062-1 Security update for git

This update for git fixes the following issues: - CVE-2023-25652: Fixed partial overwrite of paths outside the working tree bsc1210686. - CVE-2023-25815: Fixed malicious placemtn of crafted message bsc1210686. - CVE-2023-29007: Fixed arbitrary configuration injection bsc1210686...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : git (SUSE-SU-2023:2038-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2038-1 advisory. - Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8,...

CVE-2023-25652 "git apply --reject" partially-controlled arbitrary file write

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to git apply --reject, a path outside the working tree can be overwritten with partially controlled contents...

Slackware: Security Advisory (SSA:2023-046-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2023:0430-1 Security update for git

This update for git fixes the following issues: - CVE-2023-22490: Fixed incorrectly usable local clone optimization even when using a non-local transport bsc1208027. - CVE-2023-23946: Fixed issue where a path outside the working tree can be overwritten as the user who is running 'git apply'...

Acronis: CSS Injection via Client Side Path Traversal + Open Redirect leads to personal data exfiltration on Acronis Cloud

Summary Hi team, I hope everything goes well. I have found a CSS Injection in Acronis Cloud Management Consolehttps://mc-beta-cloud.acronis.com/mc via the colorscheme GET parameter. Description: The flow work as I will comment below. If we go to the URL...

SUSE: Security Advisory (SUSE-SU-2020:0104-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2021-29136

Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used...

CVE-2021-29136

Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used...

UBUNTU-CVE-2021-29136

Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used...

PT-2021-18100 · Open Container Initiative +1 · Umoci +1

Name of the Vulnerable Software and Affected Versions: Open Container Initiative umoci versions prior to 0.4.7 Description: The issue allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used. This is due...

Aleksa Sarai umoci modifies Open Container images 输入验证错误漏洞

Aleksa Sarai umoci modifies Open Container images is an open source application from Aleksa Sarai, a reference implementation of the OCI image specification that provides users with the ability to create, manipulate, and interact with container images. A security vulnerability exists in Open...