Lucene search
+L

492 matches found

nessus
nessus
added 2025/07/31 12:0 a.m.9 views

Amazon Linux 2 : golang (ALAS-2025-2939)

The version of golang installed on the remote host is prior to 1.23.11-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2939 advisory. cmd/go: unexpected command execution in untrusted VCS repositories CVE-2025-4674 Tenable has extracted the preceding description...

8.6CVSS7.5AI score0.00273EPSS
Exploits0References4
redhatcve
redhatcve
added 2025/07/30 4:37 p.m.7 views

CVE-2025-54533

In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration...

4.3CVSS6.3AI score0.00211EPSS
Exploits0References1
nvd
nvd
added 2025/07/29 10:15 p.m.6 views

CVE-2025-4674

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

8.6CVSS0.00273EPSS
Exploits0References5
cvelist
cvelist
added 2025/07/29 9:19 p.m.11 views

CVE-2025-4674 Unexpected command execution in untrusted VCS repositories in cmd/go

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

0.00273EPSS
Exploits0References4
debiancve
debiancve
added 2025/07/29 9:19 p.m.6 views

CVE-2025-4674

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

8.6CVSS6.6AI score0.00273EPSS
Exploits0
osv
osv
added 2025/07/29 9:19 p.m.4 views

CVE-2025-4674 Unexpected command execution in untrusted VCS repositories in cmd/go

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

8.6CVSS6.8AI score0.00273EPSS
Exploits0References8
osv
osv
added 2025/07/29 9:2 p.m.3 views

GO-2025-3828 Unexpected command execution in untrusted VCS repositories in cmd/go

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

8.6CVSS6.6AI score0.00273EPSS
Exploits0References3
nvd
nvd
added 2025/07/28 5:15 p.m.5 views

CVE-2025-54533

In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration...

4.3CVSS0.00211EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/07/28 4:20 p.m.3 views

CVE-2025-54533

In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration...

4.3CVSS6.5AI score0.00211EPSS
Exploits0References1
cvelist
cvelist
added 2025/07/28 4:20 p.m.11 views

CVE-2025-54533

In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration...

4.3CVSS0.00211EPSS
Exploits0References1
cve
cve
added 2025/07/28 4:20 p.m.21 views

CVE-2025-54533

CVE-2025-54533 affects JetBrains TeamCity versions prior to 2025.07. The issue is due to improper access control that allows disclosure of build settings via VCS configuration. The CVE entry lists a CVSS v3.1 base score of 4.3 (Medium) with network attack vector, low attack complexity, and low co...

4.3CVSS6.5AI score0.00211EPSS
Exploits0References1Affected Software1
nessus
nessus
added 2025/07/19 12:0 a.m.3 views

CBL Mariner 2.0 Security Update: python3 (CVE-2023-5752)

The version of python3 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5752 advisory. - When installing a package from a Mercurial VCS URL ie pip install hg+... with pip prior to v23.3, the...

5.5CVSS6.7AI score0.00476EPSS
Exploits0References2
osv
osv
added 2025/07/11 6:52 p.m.7 views

MGASA-2025-0205 Updated golang packages fix security vulnerabilities

Various uses of the Go toolchain in untrusted VCS repositories can result in unexpected code execution. When using the Go toolchain in directories fetched using various VCS tools such as directly cloning Git or Mercurial repositories can cause the toolchain to execute unexpected commands, if said...

8.6CVSS7.2AI score0.00273EPSS
Exploits0References4
osv
osv
added 2025/07/11 3:18 p.m.2 views

SUSE-SU-2025:02295-1 Security update for go1.24

This update for go1.24 fixes the following issues: - Update to version go1.24.5 - CVE-2025-4674: Fixed potential command execution in untrusted VCS repositories. bsc1246118...

8.6CVSS7.5AI score0.00273EPSS
Exploits0References4
nessus
nessus
added 2025/07/10 12:0 a.m.17 views

Golang 1.23.x < 1.23.11 / 1.24.x < 1.24.5 Command Execution

The version of Golang running on the remote host is 1.23.x prior to 1.23.11, 1.24.x prior to 1.24.3. It is, therefore, affected by a command execution vulnerability as referenced in 74380 advisory. - Various uses of the Go toolchain in untrusted VCS repositories can result in unexpected code...

8.6CVSS7.1AI score0.00273EPSS
Exploits0References3
osv
osv
added 2025/06/30 4:29 a.m.7 views

USN-7603-1 composer vulnerabilities

Thomas Chauchefoin discovered that Composer did not correctly handle certain arguments. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2022-24828, CVE-2023-43655 Ed Cradoc...

8.8CVSS7.1AI score0.03282EPSS
Exploits0References6
redhatcve
redhatcve
added 2025/05/23 6:24 a.m.5 views

CVE-2024-51990

jj, or Jujutsu, is a Git-compatible VCS written in rust. In affected versions specially crafted Git repositories can cause jj to write files outside the clone. This issue has been addressed in version 0.23.0. Users are advised to upgrade. Users unable to upgrade should avoid cloning repos from...

9.3CVSS6.7AI score0.0059EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 7:38 p.m.13 views

CVE-2021-30005

In JetBrains PyCharm before 2020.3.4, local code execution was possible because of insufficient checks when getting the project from VCS...

7.8CVSS7.2AI score0.00847EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 6:35 p.m.9 views

CVE-2021-29263

In JetBrains IntelliJ IDEA 2020.3.3, local code execution was possible because of insufficient checks when getting the project from VCS...

7.8CVSS7.3AI score0.00455EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 6:16 p.m.11 views

CVE-2025-47854

In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page...

6.1CVSS7AI score0.00217EPSS
Exploits0References1
Rows per page
Query Builder