CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

59 matches found

Github Security Blog•added 2025/01/21 9:13 p.m.•12 views

gix-worktree-state nonexclusive checkout sets executable files world-writable

Summary gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. This causes files in a repository to be world-writable in some...

5CVSS6.8AI score0.00361EPSS

Exploits0References4Affected Software1

OSV•added 2025/01/21 9:13 p.m.•10 views

GHSA-FQMF-W4XH-33RH gix-worktree-state nonexclusive checkout sets executable files world-writable

5CVSS5.6AI score0.00361EPSS

Exploits0References4

SUSE CVE•added 2025/01/21 3:47 a.m.•1 views

SUSE CVE-2025-22620

gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. Thi...

5CVSS6.8AI score0.00361EPSS

Exploits0References4

NVD•added 2025/01/20 4:15 p.m.•13 views

CVE-2025-22620

5CVSS0.00361EPSS

Exploits0References1

OSV•added 2025/01/20 4:15 p.m.•2 views

DEBIAN-CVE-2025-22620

5CVSS5.3AI score0.00361EPSS

Exploits0References1

OSV•added 2025/01/20 4:15 p.m.•3 views

UBUNTU-CVE-2025-22620

5CVSS5.8AI score0.00361EPSS

Exploits0References4

OSV•added 2025/01/18 12:0 p.m.•11 views

RUSTSEC-2025-0001 gix-worktree-state nonexclusive checkout sets executable files world-writable

5CVSS5.6AI score0.00361EPSS

Exploits0References5

RustSec•added 2025/01/18 12:0 p.m.•6 views

gix-worktree-state nonexclusive checkout sets executable files world-writable

5CVSS7.2AI score0.00361EPSS

Exploits0Affected Software1

RedHat Linux•added 2024/06/25 8:30 a.m.•5 views

git: Recursive clones RCE

A vulnerability was found in Git. This vulnerability allows the malicious manipulation of repositories containing submodules, exploiting a bug that enables the writing of files into the .git/ directory instead of the submodule's intended worktree. This manipulation facilitates the execution of...

9CVSS7.6AI score0.25334EPSS

Exploits32References5

RedHat Linux•added 2024/06/25 8:24 a.m.•5 views

git: Recursive clones RCE

9CVSS7.6AI score0.25334EPSS

Exploits32References5

SUSE CVE•added 2024/05/23 2:51 a.m.•2 views

SUSE CVE-2024-35186

gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of...

8.8CVSS7.3AI score0.00816EPSS

Exploits0References3

RustSec•added 2024/05/22 12:0 p.m.•9 views

Refs and paths with reserved Windows device names access the devices

Summary On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that...

5.4CVSS7.1AI score0.00448EPSS

Exploits0Affected Software1

RustSec•added 2024/05/22 12:0 p.m.•6 views

Refs and paths with reserved Windows device names access the devices

5.4CVSS7.1AI score0.00448EPSS

Exploits0Affected Software1

Tenable Nessus•added 2023/05/13 12:0 a.m.•38 views

RHEL 9 : git (RHSA-2023:2319)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2319 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a...

8.8CVSS7.6AI score0.02938EPSS

Exploits1References13

AlmaLinux•added 2023/05/09 12:0 a.m.•50 views

Moderate: git security and bug fix update

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to wo...

8.8CVSS7.4AI score0.02938EPSS

Exploits1References10

OpenVAS•added 2022/07/25 12:0 a.m.•23 views

SUSE: Security Advisory (SUSE-SU-2022:2535-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8.1AI score0.00782EPSS

Exploits0References5

OSV•added 2022/04/22 5:7 p.m.•8 views

MGASA-2022-0147 Updated git packages fix security vulnerability

On multi-user machines, Git users might find themselves unexpectedly in a Git worktree, e.g. when another user created a repository in /tmp, in a mounted network drive or in a scratch space. Merely having a Git-aware prompt that runs 'git status' or 'git diff' and navigating to a directory which ...

7.8CVSS7.8AI score0.00782EPSS

Exploits0References5

Mageia•added 2022/04/22 5:7 p.m.•104 views

Updated git packages fix security vulnerability

7.8CVSS0.9AI score0.00782EPSS

Exploits0References4

OPENSUSE Linux•added 2021/07/29 12:0 a.m.•87 views

Security update for git (moderate)

openSUSE Security Update: Security update for git Announcement ID: openSUSE-SU-2021:2555-1 Rating: moderate References: 1168930 1183026 1183580 SLE-17838 SLE-18152 Cross-References: CVE-2021-21300 CVSS scores: CVE-2021-21300 NVD : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-21300...

7.5CVSS8.2AI score0.88644EPSS

Exploits5References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by