EulerOS 2.0 SP9 : librepo (EulerOS-SA-2020-2431)

According to the version of the librepo packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote...

openSUSE Security Update : fossil (openSUSE-2020-1478)

This update for fossil fixes the following issues : - fossil 2.12.1 : - CVE-2020-24614: Remote authenticated users with check-in or administrative privileges could have executed arbitrary code boo1175760 - Security fix in the 'fossil git export' command. New 'safety-net' features were added to...

Oracle Linux 8 : librepo (ELSA-2020-3658)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-3658 advisory. 1.11.0-3 - Validate paths read from repomd.xml RhBug:1866498 Tenable has extracted the preceding description block directly from the Oracle Linux security...

CVE-2020-14352

A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system v...

CVE-2020-14352

A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system v...

CVE-2020-14352

CVE-2020-14352 : Librepo before 1.12.1 contains a directory traversal vulnerability due to inadequate sanitization of paths in remote repository metadata. An attacker hosting a remote repository could copy files outside the destination directory by crafting repository metadata/URLs, potentially e...

CVE-2020-14352

A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system v...

CVE-2020-14352

A flaw was found in librepo. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This fl...

Command Injection in sh0ji/git-tags-remote

Overview git-tags-remote is a Get remote repository tags, this package is vulnerable to Command Injection. The package fails to sanitize the repository input and passes it directly to an exec call on the get function . This can allow attackers to execute arbitrary code in the system if the...

CVE-2013-2294

Multiple cross-site scripting XSS vulnerabilities in ViewGit before 0.0.7 allow remote repository users to inject arbitrary web script or HTML via a 1 tag name to the Shortlog table in templates/shortlog.php or branch name to the 2 Shortlog table in templates/shortlog.php or 3 Heads table in...

CVE-2013-2294

CVE-2013-2294 concerns ViewGit, with XSS vulnerabilities in the web UI prior to 0.0.7. The issues are triggered when a remote repository user injects malicious data via git branch or tag names, affecting the Shortlog table in templates/shortlog.php and the Heads table in plates/summary.php. The v...

CVE-2013-2294

Multiple cross-site scripting XSS vulnerabilities in ViewGit before 0.0.7 allow remote repository users to inject arbitrary web script or HTML via a 1 tag name to the Shortlog table in templates/shortlog.php or branch name to the 2 Shortlog table in templates/shortlog.php or 3 Heads table in...

CVE-2013-1910

yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository...

UBUNTU-CVE-2013-1910

yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository...

Design/Logic Flaw

yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository...

CVE-2013-1910

yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository...

CVE-2013-1910

Removed by vendor...

CVE-2013-1910

CVE-2013-1910 affects the yum package, where improper handling of bad metadata can cause a denial of service and potentially other unspecified impact via a Trojan horse file in the metadata of a remote repository. The vulnerability is documented with high/critical severity (CVSS 2.0/3.1) and is r...

CVE-2013-1910

yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository...

Apache Archiva Input Validation Error Vulnerability

Apache Archiva is a suite of software from the Apache USA Software Foundation for managing one or more remote repositories. The software provides features such as remote Repository agents, role-based secure access management, and usage reporting. An input validation error vulnerability exists in...