UBUNTU-CVE-2017-1000117

A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim...

Debian: Security Advisory (DSA-3932-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 25 Update: subversion-1.9.6-2.fc25

Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file...

[SECURITY] Fedora 26 Update: subversion-1.9.6-2.fc26

Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file...

DEBIAN-CVE-2017-11353

yadm yet another dotfile manager 1.10.0 has a race condition related to the behavior of git commands in setting permissions for new files and directories, which potentially allows access to SSH and PGP keys...

Deserialization of untrusted data

Versions of Puppet prior to 4.10.1 will deserialize data off the wire from the agent to the server, in this case with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of...

Git: Security bypass

Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description Timo Schmid discovered that the Git restricted shell incorrectly filtered allowed commands. Impact A remote attacker...

Debian Security Advisory DSA 3848-1 (git - security update)

Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn OpenVAS Vulnerability Test $Id: deb3848.nasl 6607 2017-07-07 12:04:25Z cfischer $ Auto-generated from advisory DSA 3848-1...

Jenkins unauthorized code execution vulnerability analysis, updated the vulnerability of the environment, to detect script-vulnerability warning-the black bar safety net

A, summary CloudBees Jenkins 2.32.1 version exists in Java deserialization vulnerability, and ultimately can lead to remote code execution. Jenkins is a continuous integration continuous integration and continuous delivery system, can improve the software development process of the Central Africa...

Jenkins unauthorized code execution vulnerability analysis-vulnerability warning-the black bar safety net

A, summary CloudBees Jenkins 2.32.1 version exists in Java deserialization vulnerability, and ultimately can lead to remote code execution. Jenkins is a continuous integration continuous integration and continuous delivery system, can improve the software development process of the Central Africa...

Reproducing Go binaries byte-by-byte

Fully reproducible builds are important because they bridge the gap between auditable open source and convenient binary artifacts. Technologies like TUF and Binary Transparency provide accountability for what binaries are shipped to users, but that's of limited utility if there is no way short of...

HP Version Control Repository Manager Denial of Service Vulnerability (CNVD-2017-02615)

HP Version Control Repository Manager VCRM is an American Hewlett-Packard HP repository for storing software and firmware that supports ProLiant servers. A denial of service vulnerability exists in HPVCRM versions prior to 7.6. A remote attacker could exploit this vulnerability to cause a denial ...

Torvalds Downplays SHA-1 Threat to Git

When researchers demonstrated the first practical collision attack for the cryptographic hash function SHA-1 last week, they also identified related vulnerabilities impacted by the now-compromised algorithm. According to the SHAttered research post, co-authored by Google and a host of cryptograph...

[SECURITY] Fedora 25 Update: viewvc-1.1.26-1.fc25

ViewVC is a browser interface for CVS and Subversion version control repositories. It generates templatized HTML to present navigable directory, revision, and change log listings. It can display specific versions of files as well as diffs between those versions. Basically, ViewVC provides the bul...

HP Version Control Repository Manager < 7.6.0 Multiple Vulnerabilities

According to its self-reported version, the HP Version Control Repository Manager VCRM application installed on the remote Windows host is prior to 7.6.0. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists in OpenSSL in x509vfy.c due to improper...

CVS: Heap-based overflow

Background CVS Concurrent Versions System is an open-source network-transparent version control system. It contains both a client utility and a server. Description A heap-based buffer overflow was discovered in the proxyconnect function in src/client.c in CVS. Impact An attacker, utilizing a remo...

AutoLocalPrivilegeEscalation - An automated script that download potential exploit for linux kernel from exploitdb, and compile them automatically

An automated script that download potential exploit for linux kernel from exploitdb, and compile them automatically This script is created due to Hackademics, there are so much possible exploit for that version of kernel, as a rookie OSCP student, I am not able to find out the correct exploit, al...

HPE Version Control Repository Manager Cross-Site Request Forgery Vulnerability

HPE Version Control Repository Manager VCRM is a repository for storing software and firmware that supports ProLiant servers from HewlettPackardEnterprise HPE, USA. A cross-site request forgery vulnerability exists in HPE Version Control Repository Manager VCRM versions prior to 7.6. A remote...

HPE Version Control Repository Manager File Upload Vulnerability

HPE Version Control Repository Manager VCRM is a repository for storing software and firmware that supports ProLiant servers from HewlettPackardEnterprise HPE, USA. A security vulnerability exists in HPE Version Control Repository Manager VCRM versions prior to 7.6. A remote attacker could exploi...

[SECURITY] Fedora 23 Update: subversion-1.9.4-1.fc23

Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file...