Page 7 of 60 results (0.012 seconds)

CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active. El controlador IEC870IP para Vijeo Citect y Citect SCADA de AVENA y Power SCADA Operation de Schneider Electric, presenta una vulnerabilidad de desbordamiento de búfer que podría resultar en un bloqueo del lado del servidor. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html https://lore.kernel.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/T/#u https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com https://security.gentoo.org/glsa/202003-30 •

CVSS: 9.3EPSS: 0%CPEs: 10EXPL: 1

Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository. Una ejecución de comandos arbitrarios es posible en Git versiones anteriores a 2.20.2, versiones 2.21.x anteriores a 2.21.1, versiones 2.22.x anteriores a 2.22.2, versiones 2.23.x anteriores a 2.23.1 y versiones 2.24.x anteriores a 2.24.1, porque una operación "git submodule update" puede ejecutar comandos encontrados en el archivo .gitmodules de un repositorio malicioso. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html http://www.openwall.com/lists/oss-security/2019/12/13/1 https://gitlab.com/gitlab-com/gl-security/disclosures/blob/master/003_git_submodule/advisory.md https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HCYSSCA5ZTEP46SB4XRPSQGFV2L3NKMZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/mes • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-862: Missing Authorization •

CVSS: 3.6EPSS: 0%CPEs: 12EXPL: 0

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths. Se encontró un problema en Git anterior a la versión v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4 y v2. 14.6 La opción --export-marks de git fast-import también se expone a través de la función de comando in-stream export-marks = ... y permite sobrescribir rutas arbitrarias A flaw was found in the git fast-import command where it provides the export-marks feature that may unexpectedly overwrite arbitrary paths. An attacker can abuse this flaw if they can control the input passed to the fast-import command by using the export-marks feature and overwrite arbitrary files, but would not have complete control on the content of the file. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html https://access.redhat.com/errata/RHSA-2020:0228 https://lore.kernel.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/T/#u https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com https://security.gentoo.org/glsa/202003-30 https://security.gentoo.org/glsa/202003-42 https://support.apple.com/kb/HT210729 https:/&# • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record. Existe una vulnerabilidad Cross-Site Request Forgery (CSRF) en Jenkins Git Plugin, en versiones 3.9.1 y anteriores, en src/main/java/hudson/plugins/git/GitTagAction.java, que permite que los atacantes creen una etiqueta Git en un espacio de trabajo y adjunten los metadatos correspondientes a un registro de builds. • https://access.redhat.com/errata/RHBA-2019:0326 https://access.redhat.com/errata/RHBA-2019:0327 https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1095 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.8EPSS: 2%CPEs: 4EXPL: 0

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017. Git, en versiones anteriores a la 2.19.2 en Linux y UNIX, ejecuta comandos desde el directorio de trabajo actual (como si '.' estuviera al final de $PATH) en determinados casos relacionados con la API run_command() y run-command.c, debido a un cambio peligroso desde execvp hasta execv en el 2017. • http://www.securityfocus.com/bid/106020 http://www.securitytracker.com/id/1042166 https://access.redhat.com/errata/RHSA-2018:3800 https://git.kernel.org/pub/scm/git/git.git/commit/?id=321fd82389742398d2924640ce3a61791fd27d60 https://git.kernel.org/pub/scm/git/git.git/tree/Documentation/RelNotes/2.19.2.txt https://security.gentoo.org/glsa/201904-13 https://usn.ubuntu.com/3829-1 https://access.redhat.com/security/cve/CVE-2018-19486 https://bugzilla.redhat.com/show_bug.cgi& • CWE-426: Untrusted Search Path •