22 matches found
CVE-2026-44849
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer enforces seven EndpointSecuritySettings restrictions that...
EUVD-2026-33064
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, The Docker plugin management endpoints /plugins/ were not registered...
EUVD-2026-33063
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer enforces seven EndpointSecuritySettings restrictions that...
EUVD-2023-26861
Malicious code in bioql PyPI...
GHSA-53Q7-4874-24QG Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL
SERVERSIDEFIDESAPIURL is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address, private domain name, and/or port. This vulnerability allow...
Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL
SERVERSIDEFIDESAPIURL is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address, private domain name, and/or port. This vulnerability allow...
CVE-2023-46238
ZITADEL is an identity infrastructure management system. ZITADEL users can upload their own avatar image using various image types including SVG. SVG can include scripts, such as javascript, which can be executed during rendering. Due to a missing security header, an attacker could inject code to...
CVE-2023-46238 XSS with User Avatar image in ZITADEL
ZITADEL is an identity infrastructure management system. ZITADEL users can upload their own avatar image using various image types including SVG. SVG can include scripts, such as javascript, which can be executed during rendering. Due to a missing security header, an attacker could inject code to...
CVE-2023-46238 XSS with User Avatar image in ZITADEL
ZITADEL is an identity infrastructure management system. ZITADEL users can upload their own avatar image using various image types including SVG. SVG can include scripts, such as javascript, which can be executed during rendering. Due to a missing security header, an attacker could inject code to...
EulerOS 2.0 SP11 : git (EulerOS-SA-2023-2265)
According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33....
Amazon Linux 2023 : git, git-all, git-core (ALAS2023-2023-113)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-113 advisory. Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked...
GitLab 0.0 < 15.6.8 / 15.7 < 15.7.7 / 15.8 < 15.8.2 (CVE-2023-22490)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into usi...
[SECURITY] Fedora 37 Update: git-2.39.2-1.fc37
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages,...
Vulnerabilities fixed in Git and GitLab
The Git community has fixed vulnerabilities in Git. A malicious party with a repository under its control could exploit the vulnerabilities to gain access to sensitive data, or overwrite arbitrary files on the system of the victim's system. The vulnerability is in the way Git handles symbolic...
Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current git Multiple Vulnerabilities (SSA:2023-046-02)
The version of git installed on the remote host is prior to 2.30.8 / 2.35.7 / 2.39.2. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-046-02 advisory. - Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5,...
Privilege escalation
Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, by carefully crafting DLL and putting into a subdirectory of a specific name living next to the Git for Windows installer, Windows can be tricked into side-loading said DLL. This...
Design/Logic Flaw
Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, when gitk is run on Windows, it potentially runs executables from the current directory inadvertently, which can be exploited with some social engineering to trick users into running...
Design/Logic Flaw
Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort loca...
CVE-2023-23946
Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to git apply, a path outside the working tree can be overwritten as the user who is running git apply. A...
CVE-2023-22490 Git vulnerable to local clone-based data exfiltration with non-local transports
Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort loca...