Download
| Alert*
oval:org.secpod.oval:def:602325
Blake Burkhart discovered that the Git git-remote-ext helper incorrectly handled recursive clones of git repositories. A remote attacker could possibly use this issue to execute arbitary code by injecting commands via crafted URLs. oval:org.secpod.oval:def:1200124 A flaw was found in the way the git-remote-ext helper processed certain URLs. If a user had Git configured to automatically clone submodules from untrusted repositories, an attacker could inject commands into the URL of a submodule, allowing them to execute arbitrary code on the user"s system. oval:org.secpod.oval:def:44757 git is installed oval:org.secpod.oval:def:1800994 git is installed oval:org.secpod.oval:def:501721 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:1501276 git : arbitrary code execution via crafted URLs oval:org.secpod.oval:def:52657 git: fast, scalable, distributed revision control system Git could be made to run programs as your login if it processed an untrusted repository. oval:org.secpod.oval:def:1503229 Updated git packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from ... oval:org.secpod.oval:def:500354 Git is a fast, scalable, distributed revision control system. A cross-site scripting flaw was found in gitweb, a simple web interface for Git repositories. A remote attacker could perform an XSS attack against victims by tricking them into visiting a specially-crafted gitweb URL. All gitweb users ... oval:org.secpod.oval:def:503491 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:80422 git: fast, scalable, distributed revision control system Details: USN-5376-1 fixed vulnerabilities in Git, some patches were missing to properly fix the issue. This update fixes the problem. Original advisory UNS-5376-1 was missing patches to properly fix the addressed issues. oval:org.secpod.oval:def:503760 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:1600966 Git before 2.19.2 on Linux and UNIX executes commands from the current working directory in certain cases involving the run_command API and run-command.c, because there was a dangerous change from execvp to execv during 2017. oval:org.secpod.oval:def:1801254 Git before 2.19.2 on Linux and UNIX executes commands from the current working directory in certain cases involving the run_command API and run-command.c, because there was a dangerous change from execvp to execv during 2017. Fixed In Version:¶ git 2.19.2 oval:org.secpod.oval:def:1801553 Git before 2.19.2 on Linux and UNIX executes commands from the current working directory in certain cases involving the run_command API and run-command.c, because there was a dangerous change from execvp to execv during 2017. Fixed In Version:¶ git 2.19.2 oval:org.secpod.oval:def:1801539 Git before 2.19.2 on Linux and UNIX executes commands from the current working directory in certain cases involving the run_command API and run-command.c, because there was a dangerous change from execvp to execv during 2017. Fixed In Version:¶ git 2.19.2 oval:org.secpod.oval:def:1600833 Mishandling layers of tree objectsGit through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its ... oval:org.secpod.oval:def:1801253 CVE-2018-16843: Excessive memory consumption via flaw in HTTP/2 implementation¶ Affected Versions:¶ nginx 1.9.5 - 1.15.5. Fixed In Version:¶ nginx 1.15.6, nginx 1.14.1 oval:org.secpod.oval:def:52385 git: fast, scalable, distributed revision control system Git could be made to run programs as your login if it received specially crafted changes from a remote repository. oval:org.secpod.oval:def:109673 Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs the core tools with minimal dependencies. To install all git packages, including tools for integrating with othe ... oval:org.secpod.oval:def:62956 Carlo Arenas discovered a flaw in git, a fast, scalable, distributed revision control system. With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential information that is not appropriate for the protocol in u ... oval:org.secpod.oval:def:62955 Felix Wilhelm of Google Project Zero discovered a flaw in git, a fast, scalable, distributed revision control system. With a crafted URL that contains a newline, the credential helper machinery can be fooled to return credential information for a wrong host. oval:org.secpod.oval:def:1500450 git is installed oval:org.secpod.oval:def:62964 git: fast, scalable, distributed revision control system Git could be made to expose sensitive information. oval:org.secpod.oval:def:702381 git is installed oval:org.secpod.oval:def:1500098 Updated git packages that fix one security issue are now available forRed Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rating, is available from the ... oval:org.secpod.oval:def:702369 git: fast, scalable, distributed revision control system Git could be made to run programs as your login if it received specially crafted changes from a remote repository. oval:org.secpod.oval:def:204185 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:49228 git: fast, scalable, distributed revision control system Several security issues were fixed in Git. oval:org.secpod.oval:def:89044797 This update for git fixes the following issues: This security issue was fixed: - CVE-2017-14867: Git used unsafe Perl scripts to support subcommands such as cvsserver, which allowed attackers to execute arbitrary OS commands via shell metacharacters in a module name . oval:org.secpod.oval:def:703534 git: fast, scalable, distributed revision control system Git could be made to run programs as your login if it explored a specially crafted repository. oval:org.secpod.oval:def:70194 git: fast, scalable, distributed revision control system Git could be made to expose sensitive information. oval:org.secpod.oval:def:38122 git sub packages are installed oval:org.secpod.oval:def:66545 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:702894 git: fast, scalable, distributed revision control system Git could be made to run programs as your login if it processed an untrusted repository. oval:org.secpod.oval:def:89044756 This update for git fixes the following issues: - git 2.12.3: * CVE-2017-8386: Fix git-shell not to escape with the starting dash name * Fix for potential segv introduced in v2.11.0 and later * Misc fixes and cleanups. - git 2.12.2: * CLI output fixes * Dump http transport fixes * various fixes for ... oval:org.secpod.oval:def:89044992 This update for git fixes the following issues: - CVE-2017-1000117: A client side code execution via shell injection when receiving special submodule strings from a malicious server was fixed oval:org.secpod.oval:def:113268 Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ... oval:org.secpod.oval:def:113304 Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ... oval:org.secpod.oval:def:113560 Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ... oval:org.secpod.oval:def:89419 git: fast, scalable, distributed revision control system Details: USN-5810-1 fixed vulnerabilities in Git. This update introduced a regression as it was missing some commit lines. This update fixes the problem. Original advisory USN-5810-1 introduced a regression in Git. oval:org.secpod.oval:def:703035 git: fast, scalable, distributed revision control system Git could be made to crash or run programs as your login if it received changes from a specially crafted remote repository. oval:org.secpod.oval:def:110321 Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ... oval:org.secpod.oval:def:203883 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:110354 Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs the core tools with minimal dependencies. To install all git packages, including tools for integrating with othe ... oval:org.secpod.oval:def:400719 This update for git fixes a buffer overflow issue that had the potential to be abused for remote execution of arbitrary code . oval:org.secpod.oval:def:115565 Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ... oval:org.secpod.oval:def:115561 Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ... oval:org.secpod.oval:def:51026 git: fast, scalable, distributed revision control system Several security issues were fixed in Git. oval:org.secpod.oval:def:89049768 This update for git fixes the following issues: Security issue fixed: - CVE-2018-19486: Fixed git that executed commands from the current working directory in certain cases involving the run_command API and run-command.c, because there was . oval:org.secpod.oval:def:1700102 Git before 2.19.2 on Linux and UNIX executes commands from the current working directory in certain cases involving the run_command API and run-command.c, because there was a dangerous change from execvp to execv during 2017. oval:org.secpod.oval:def:202596 Git is a fast, scalable, distributed revision control system. It was discovered that Git"s git-imap-send command, a tool to send a collection of patches from standard input to an IMAP folder, did not properly perform SSL X.509 v3 certificate validation on the IMAP server"s certificate, as it did no ... oval:org.secpod.oval:def:203878 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:501797 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:52743 git: fast, scalable, distributed revision control system Git could be made to crash or run programs as your login if it received changes from a specially crafted remote repository. oval:org.secpod.oval:def:1600370 An integer truncation flaw and an integer overflow flaw , both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a Git client or server to crash or, possibly, execu ... oval:org.secpod.oval:def:602429 Lael Cellier discovered two buffer overflow vulnerabilities in git, a fast, scalable, distributed revision control system, which could be exploited for remote execution of arbitrary code. oval:org.secpod.oval:def:204548 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:501007 Git is a fast, scalable, distributed revision control system. It was discovered that Git"s git-imap-send command, a tool to send a collection of patches from standard input to an IMAP folder, did not properly perform SSL X.509 v3 certificate validation on the IMAP server"s certificate, as it did no ... oval:org.secpod.oval:def:75950 git: fast, scalable, distributed revision control system Git incorrectly handled certain repository paths. oval:org.secpod.oval:def:119578 Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ... oval:org.secpod.oval:def:1801872 On case-insensitive file systems with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters , Git could be fooled into running remote code during a clone.added edge tag:security v3.10 v3.11 v3.12 v3.13 labels oval:org.secpod.oval:def:1801742 git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak oval:org.secpod.oval:def:502084 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:1501965 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:52850 git: fast, scalable, distributed revision control system Git could be made to run programs as your login if it explored a specially crafted repository. oval:org.secpod.oval:def:44749 It was found that the Git client printed server-sent ANSI escape codes to the terminal without any sanitization, leading to execution of arbitrary escape sequences in the terminal emulator. Exploitation of this flaw by a MitM attacker could potentially result in code execution, arbitrary file writes ... oval:org.secpod.oval:def:44754 GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a M ... oval:org.secpod.oval:def:44760 GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a M ... oval:org.secpod.oval:def:44763 The host is installed with git and is prone to an input validation error vulnerability. A flaw is present in the application, which fails to handle the terminal configuration to RCE. Successful exploitation could allow attackers to execute arbitrary commands for unverified messages. oval:org.secpod.oval:def:2000349 GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, . oval:org.secpod.oval:def:1900095 GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messingup terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, . oval:org.secpod.oval:def:703837 git: fast, scalable, distributed revision control system Git be made to run programs if it processed a specially crafted file. oval:org.secpod.oval:def:1600711 Escape out of git-shellA flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command laun ... oval:org.secpod.oval:def:113045 Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ... oval:org.secpod.oval:def:113040 Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ... oval:org.secpod.oval:def:1600763 Command injection via malicious ssh URLs:A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "c ... oval:org.secpod.oval:def:703599 git: fast, scalable, distributed revision control system Git could be made to expose sensitive information over the network. oval:org.secpod.oval:def:51910 git: fast, scalable, distributed revision control system Git be made to run programs if it processed a specially crafted file. oval:org.secpod.oval:def:603120 joernchen discovered that the git-cvsserver subcommand of Git, a distributed version control system, suffers from a shell command injection vulnerability due to unsafe use of the Perl backtick operator. The git-cvsserver subcommand is reachable from the git-shell subcommand even if CVS support has n ... oval:org.secpod.oval:def:1600791 The git subcommand cvsserver is a Perl script which makes excessive use of the backtick operator to invoke git. Unfortunately user input is used within some of those invocations oval:org.secpod.oval:def:51788 git: fast, scalable, distributed revision control system Git could be made to expose sensitive information over the network. oval:org.secpod.oval:def:602873 Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn "git upload-pack --help". oval:org.secpod.oval:def:112363 Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ... oval:org.secpod.oval:def:1501950 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502122 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:502123 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:1501964 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:112423 Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ... oval:org.secpod.oval:def:703753 git: fast, scalable, distributed revision control system Git could be made run programs as your login if it opened a specially crafted git repository. oval:org.secpod.oval:def:51867 git: fast, scalable, distributed revision control system Git could be made run programs as your login if it opened a specially crafted git repository. oval:org.secpod.oval:def:603052 Joern Schneeweisz discovered that git, a distributed revision control system, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via git submodules. oval:org.secpod.oval:def:113737 Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ... oval:org.secpod.oval:def:52126 git: fast, scalable, distributed revision control system Several security issues were fixed in Git. oval:org.secpod.oval:def:2000644 Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structu ... oval:org.secpod.oval:def:704401 git: fast, scalable, distributed revision control system Several security issues were fixed in Git. oval:org.secpod.oval:def:113666 Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ... oval:org.secpod.oval:def:113569 Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ... oval:org.secpod.oval:def:705440 git: fast, scalable, distributed revision control system Git could be made to expose sensitive information. oval:org.secpod.oval:def:1700329 Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260 . The fix for that bug still left the door open for an exploit where _some_ credential is leaked . Git uses external "cr ... oval:org.secpod.oval:def:89000402 This update for git to 2.26.2 fixes the following issues: Security issue fixed: - CVE-2020-11008: Specially crafted URLs may have tricked the credentials helper to providing credential information that is not appropriate for the protocol in use and host being contacted . Non-security issue fixed: - ... oval:org.secpod.oval:def:2004678 A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka "Git for Visual Studio Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387. oval:org.secpod.oval:def:89000456 This update for git fixes the following issues: - CVE-2020-5260: With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host . oval:org.secpod.oval:def:2004680 A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka "Git for Visual Studio Tampering Vulnerability". oval:org.secpod.oval:def:2004675 A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka "Git for Visual Studio Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387. oval:org.secpod.oval:def:604808 Carlo Arenas discovered a flaw in git, a fast, scalable, distributed revision control system. With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential information that is not appropriate for the protocol in u ... oval:org.secpod.oval:def:604807 Felix Wilhelm of Google Project Zero discovered a flaw in git, a fast, scalable, distributed revision control system. With a crafted URL that contains a newline, the credential helper machinery can be fooled to return credential information for a wrong host. oval:org.secpod.oval:def:89000608 This update for git fixes the following issues: Security issue fixed: - CVE-2020-5260: With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host . Non-security issue fixed: git was updated to 2.26.0 for SHA256 supp ... oval:org.secpod.oval:def:89047302 This update for git fixes the following issues: Update from version 2.26.2 to version 2.31.1 Security fixes: - CVE-2021-21300: On case-insensitive file systems with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters , Git could run remote code duri ... oval:org.secpod.oval:def:89047158 This update for git fixes the following issues: - On case-insensitive filesystems, with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters , Git could be fooled into running remote code during a clone oval:org.secpod.oval:def:126489 Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ... oval:org.secpod.oval:def:87851 A vulnerability was found in Git. This security issue occurs when feeding a crafted input to "git apply." A path outside the working tree can be overwritten by the user running "git apply." oval:org.secpod.oval:def:3300000 SUSE Security Update: Security update for git oval:org.secpod.oval:def:610427 Brief introduction CVE-2023-22490 yvvdwf found a data exfiltration vulnerbility while performing local clone from malicious repository even using a non-local transport. CVE-2023-23946 Joern Schneeweisz found a path traversal vulnerbility in git-apply that a path outside the working tree can be overw ... oval:org.secpod.oval:def:87850 A vulnerability was found in Git. Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GIT_DIR/objects directory contains symbolic links (CVE-2022-39253), the objects d ... oval:org.secpod.oval:def:89460 git: fast, scalable, distributed revision control system Details: USN-5871-1 fixed vulnerabilities in Git. A backport fixing part of the vulnerability in CVE-2023-22490 was required. This update fix this for Linux Mint 19.x LTS. Original advisory USN-5871-1 caused a regression. oval:org.secpod.oval:def:19500074 Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local c ... oval:org.secpod.oval:def:89459 git: fast, scalable, distributed revision control system Several security issues were fixed in Git. oval:org.secpod.oval:def:89359 Brief introduction CVE-2023-22490 yvvdwf found a data exfiltration vulnerbility while performing local clone from malicious repository even using a non-local transport. CVE-2023-23946 Joern Schneeweisz found a path traversal vulnerbility in git-apply that a path outside the working tree can be overw ... oval:org.secpod.oval:def:1701211 Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local c ... oval:org.secpod.oval:def:1506450 [1.8.3.1-24] - Fixes CVE-2022-23521 and CVE-2022-41903 - Resolves: #2162067 oval:org.secpod.oval:def:89048148 This update for git fixes the following issues: - CVE-2022-41903: Fixed a heap overflow in the "git archive" and "git log --format" commands . - CVE-2022-23521: Fixed an integer overflow that could be triggered when parsing a gitattributes file . oval:org.secpod.oval:def:89048144 This update for git fixes the following issues: - CVE-2022-41903: Fixed a heap overflow in the "git archive" and "git log --format" commands . - CVE-2022-23521: Fixed an integer overflow that could be triggered when parsing a gitattributes file . oval:org.secpod.oval:def:1701155 Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this p ... oval:org.secpod.oval:def:89048141 This update for git fixes the following issues: - CVE-2022-41903: Fixed a heap overflow in the "git archive" and "git log --format" commands . - CVE-2022-23521: Fixed an integer overflow that could be triggered when parsing a gitattributes file . oval:org.secpod.oval:def:3300324 SUSE Security Update: Security update for git oval:org.secpod.oval:def:5800015 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:507552 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:89418 git: fast, scalable, distributed revision control system Several security issues were fixed in Git. oval:org.secpod.oval:def:124877 Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ... oval:org.secpod.oval:def:3300197 SUSE Security Update: Security update for git oval:org.secpod.oval:def:4501207 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:124882 Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ... oval:org.secpod.oval:def:1701078 Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone , Git copies the contents of the source's /o ... oval:org.secpod.oval:def:3300217 SUSE Security Update: Security update for git oval:org.secpod.oval:def:3301188 SUSE Security Update: Security update for git oval:org.secpod.oval:def:66509 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:1502757 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:69922 Several vulnerabilities have been discovered in git, a fast, scalable, distributed revision control system. CVE-2019-1348 It was reported that the --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=..., allowing to overwrite arbitrary paths. CVE-2 ... oval:org.secpod.oval:def:94889 git: fast, scalable, distributed revision control system Details: USN-5376-1 fixed vulnerabilities in Git. This update provides the corresponding updates for Linux Mint 21.x LTS. Original advisory Git could be made to run arbitrary commands in platforms with multiple users support. oval:org.secpod.oval:def:705310 git: fast, scalable, distributed revision control system Several security issues were fixed in Git. oval:org.secpod.oval:def:89047416 This update for git fixes the following issues: - Updated to version 2.35.3: - CVE-2022-24765: Fixed a potential command injection via git worktree . oval:org.secpod.oval:def:89003300 This update for git fixes the following issues: Security issues fixed: - CVE-2019-1349: Fixed issue on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice . - CVE-2019-19604: Fixed a recursive clone followed by a su ... oval:org.secpod.oval:def:1700289 Git mistakes some paths for relative paths allowing writing outside of the worktree while cloning NTFS protections inactive when running Git in the Windows Subsystem for Linux remote code execution in recursive clones with nested submodules Arbitrary path overwriting via export-marks command option ... oval:org.secpod.oval:def:80421 git: fast, scalable, distributed revision control system Git could be made to run arbitrary commands in platforms with multiple users support. oval:org.secpod.oval:def:3300526 SUSE Security Update: Security update for git oval:org.secpod.oval:def:122117 Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ... oval:org.secpod.oval:def:89050283 This update for git fixes the following issues: Security issues fixed: - CVE-2019-1349: Fixed issue on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice . - CVE-2019-19604: Fixed a recursive clone followed by a su ... oval:org.secpod.oval:def:122124 Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ... oval:org.secpod.oval:def:3301028 SUSE Security Update: Security update for git oval:org.secpod.oval:def:1506780 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:707628 git: fast, scalable, distributed revision control system Git could be made to run arbitrary commands as an administrator if it received specially crafted inputs. oval:org.secpod.oval:def:3301239 SUSE Security Update: Security update for git oval:org.secpod.oval:def:89047421 This update for git fixes the following issues: - CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree . oval:org.secpod.oval:def:507739 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:1506656 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:610366 Multiple issues were found in Git, a distributed revision control system. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell. This update includes two changes of behavior that may ... oval:org.secpod.oval:def:3300891 SUSE Security Update: Security update for git oval:org.secpod.oval:def:507673 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:19500158 Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this p ... oval:org.secpod.oval:def:89333 Multiple issues were found in Git, a distributed revision control system. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell. This update includes two changes of behavior that may ... oval:org.secpod.oval:def:97714 [CLSA-2023:1677231280] git: Fix of 4 CVEs oval:org.secpod.oval:def:125388 Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ... oval:org.secpod.oval:def:507772 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:507774 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:507773 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:1506577 [1.8.3.1-25] - Fixes CVE-2023-25652 and CVE-2023-29007 - Resolves: #2188354, #2188365 oval:org.secpod.oval:def:1506574 [2.39.3-1] - Update to 2.39.3 - Resolves: #2188352, #2188361, #2189976, #2189977 oval:org.secpod.oval:def:91476 git: fast, scalable, distributed revision control system Several security issues were fixed in Git. oval:org.secpod.oval:def:708119 git: fast, scalable, distributed revision control system Several security issues were fixed in Git. oval:org.secpod.oval:def:89048817 This update for git fixes the following issues: * CVE-2023-25652: Fixed partial overwrite of paths outside the working tree . * CVE-2023-25815: Fixed malicious placemtn of crafted message . * CVE-2023-29007: Fixed arbitrary configuration injection . oval:org.secpod.oval:def:125696 Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ... oval:org.secpod.oval:def:125414 Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ... oval:org.secpod.oval:def:1506580 [2.39.3-1] - Update to 2.39.3 - Resolves: #2188364, #2188373, #2190157, #2190158 oval:org.secpod.oval:def:89048777 This update for git fixes the following issues: * CVE-2023-25652: Fixed partial overwrite of paths outside the working tree . * CVE-2023-25815: Fixed malicious placemtn of crafted message . * CVE-2023-29007: Fixed arbitrary configuration injection . oval:org.secpod.oval:def:19500037 Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents . A fix is ... oval:org.secpod.oval:def:4501427 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:89048765 This update for git fixes the following issues: * CVE-2023-25652: Fixed partial overwrite of paths outside the working tree . * CVE-2023-25815: Fixed malicious placemtn of crafted message . * CVE-2023-29007: Fixed arbitrary configuration injection . oval:org.secpod.oval:def:97728 [CLSA-2023:1683814164] git: Fix of 2 CVEs oval:org.secpod.oval:def:89048784 This update for git fixes the following issues: * CVE-2023-25652: Fixed partial overwrite of paths outside the working tree . * CVE-2023-25815: Fixed malicious placemtn of crafted message . * CVE-2023-29007: Fixed arbitrary configuration injection . oval:org.secpod.oval:def:115217 Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ... oval:org.secpod.oval:def:51141 git: fast, scalable, distributed revision control system Git could be made to run programs as your login if it recursively opened a malicious git repository. oval:org.secpod.oval:def:48098 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:603539 joernchen of Phenoelit discovered that git, a fast, scalable, distributed revision control system, is prone to an arbitrary code execution vulnerability via a specially crafted .gitmodules file in a project cloned with --recurse-submodules. oval:org.secpod.oval:def:603412 Etienne Stalmans discovered that git, a fast, scalable, distributed revision control system, is prone to an arbitrary code execution vulnerability exploitable via specially crafted submodule names in a .gitmodules file. oval:org.secpod.oval:def:114590 Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ... oval:org.secpod.oval:def:704345 git: fast, scalable, distributed revision control system Git could be made to run programs as your login if it recursively opened a malicious git repository. oval:org.secpod.oval:def:53338 Etienne Stalmans discovered that git, a fast, scalable, distributed revision control system, is prone to an arbitrary code execution vulnerability exploitable via specially crafted submodule names in a .gitmodules file. oval:org.secpod.oval:def:204959 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:204835 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:704107 git: fast, scalable, distributed revision control system Several security issues were fixed in Git. oval:org.secpod.oval:def:51048 git: fast, scalable, distributed revision control system Several security issues were fixed in Git. oval:org.secpod.oval:def:1800993 CVE-2018-11233:¶ In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory. oval:org.secpod.oval:def:1800995 CVE-2018-11233:¶ In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory. oval:org.secpod.oval:def:1800999 CVE-2018-11233:¶ In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory. oval:org.secpod.oval:def:1700086 Git before 2.14.5, allows remote code execution during processing of a recursive quot;git clonequot; of a superproject if a .gitmodules file has a URL field beginning with a #039;-#039; character. oval:org.secpod.oval:def:89049697 This update for git fixes the following issues: - CVE-2018-17456: Git allowed remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a "-" character. . oval:org.secpod.oval:def:114589 Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ... oval:org.secpod.oval:def:89050466 This update for git fixes the following issues: Security issues fixed: * CVE-2020-11008: Specially crafted URLs may have tricked the credentials helper to providing credential information that is not appropriate for the protocol in use and host being contacted git was updated to 2.26.1 - Fix git-d ... oval:org.secpod.oval:def:1600894 In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x befor ... oval:org.secpod.oval:def:89049598 This update for git to version 2.16.4 fixes several issues. These security issues were fixed: - CVE-2018-11233: Path sanity-checks on NTFS allowed attackers to read arbitrary memory - CVE-2018-11235: Arbitrary code execution when recursively cloning a malicious repository oval:org.secpod.oval:def:1700048 In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x befor ... oval:org.secpod.oval:def:1502252 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:115254 Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ... oval:org.secpod.oval:def:503507 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:89003444 This update for git fixes the following issue: - CVE-2018-17456: Git allowed remote code execution during processing of a recursive quot;git clonequot; of a superproject if a .gitmodules file has a URL field beginning with a "-" character. . oval:org.secpod.oval:def:1600936 Git before 2.14.5, allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. oval:org.secpod.oval:def:502322 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... |