SUSE-SU-2025:20855-1 Security update for git

This update for git fixes the following issues: Update to 2.51.0: - CVE-2025-27613: arbitrary writable file creation and truncation in Gitk bsc1245938 - CVE-2025-27614: arbitrary script execution via repo clonation in gitk bsc1245939 - CVE-2025-46835: untrusted repository cloning can lead to...

EUVD-2021-1407

Malware in sbrugna...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: git (UTSA-2025-877905)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-877905 advisory. Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals...

Linux Distros Unpatched Vulnerability : CVE-2025-48386

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to...

CLSA-2025-1755113387 Fix CVE(s): CVE-2025-48386

SECURITY UPDATE: security vulnerability patched - debian/patches/CVE-2025-48386.patch: fix buffer overflow in wcsncat to avoid segmentation fault caused by off-by-one error in the wincred credential helper - CVE-2025-48386...

OESA-2025-1792 git security update

Security Fixes: Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed CRLF. When writing a config...

SUSE CVE-2025-48386

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The wincred credential helper uses a static buffer target as a unique key for storing and comparing against internal storage. This...

CVE-2025-48386

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The wincred credential helper uses a static buffer target as a unique key for storing and comparing against internal storage. This...

CVE-2025-48386 Git allows a buffer overflow in 'wincred' credential helper

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The wincred credential helper uses a static buffer target as a unique key for storing and comparing against internal storage. This...

CVE-2025-48386 Git allows a buffer overflow in 'wincred' credential helper

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The wincred credential helper uses a static buffer target as a unique key for storing and comparing against internal storage. This...

UBUNTU-CVE-2025-48386

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The wincred credential helper uses a static buffer target as a unique key for storing and comparing against internal storage. This...

GitHub: CVE-2025-48386 Git Credential Helper Vulnerability

CVE-2025-48386 is regarding a vulnerability in Git where the wincred credential helper uses a static buffer target as a unique key for storing and comparing against internal storage. This credential helper does not properly bounds check the available space remaining in the buffer before appending...

SUSE CVE-2019-15752

Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restar...

The vulnerability of the Docker Desktop for Windows platform, related to the improper assignment of permissions to the docker-credential-wincred.exe file, allows a malicious individual to escalate their privileges.

The vulnerability of the Docker Desktop for Windows platform, which is used for developing and delivering container applications, is related to the incorrect assignment of permissions for the file docker-credential-wincred.exe in the %PROGRAMDATA%\DockerDesktop\version-bin directory. Exploiting...

VulnCheck KEV: CVE-2019-15752

Docker Desktop Community Edition contains a vulnerability that may allow local users to escalate privileges by placing a trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin...

GHSA-V85C-HGQ5-7PFW Arbitrary Command Injection

This affects all versions of package wincred. If attacker-controlled user input is given to the getCredential function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

Arbitrary Command Injection

This affects all versions of package wincred. If attacker-controlled user input is given to the getCredential function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

Wincred Command Execution Vulnerability

wincred is an open source node.js package. Used to use Python3 script to get credentials from the "Windows Credential Manager". A command execution vulnerability exists in wincred, which stems from the possibility of executing arbitrary commands if user input under the control of an attacker is...

CVE-2021-23399 Arbitrary Command Injection

This affects all versions of package wincred. If attacker-controlled user input is given to the getCredential function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

CVE-2021-23399

CVE-2021-23399 (wincred) affects all versions of the Node.js package wincred. The vulnerability occurs when attacker-controlled input is supplied to the getCredential function, allowing an attacker to execute arbitrary commands due to unsanitized use of the child_process.exec function. This resul...