Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.1.2.2020.1101 |
Category: | Huawei EulerOS Local Security Checks |
Title: | Huawei EulerOS: Security Advisory for git (EulerOS-SA-2020-1101) |
Summary: | The remote host is missing an update for the Huawei EulerOS 'git' package(s) announced via the EulerOS-SA-2020-1101 advisory. |
Description: | Summary: The remote host is missing an update for the Huawei EulerOS 'git' package(s) announced via the EulerOS-SA-2020-1101 advisory. Vulnerability Insight: A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387.(CVE-2019-1354) A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387.(CVE-2019-1352) A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.(CVE-2019-1349) An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.(CVE-2019-1387) An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths.(CVE-2019-1348) Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a 'git submodule update' operation can run commands found in the .gitmodules file of a malicious repository.(CVE-2019-19604) A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.(CVE-2019-1350) A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.(CVE-2019-1351) An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as 'WSL') while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.(CVE-2019-1353) Affected Software/OS: 'git' package(s) on Huawei EulerOS V2.0SP5. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-1348 https://security.gentoo.org/glsa/202003-30 https://security.gentoo.org/glsa/202003-42 https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/ RedHat Security Advisories: RHSA-2020:0228 https://access.redhat.com/errata/RHSA-2020:0228 SuSE Security Announcement: openSUSE-SU-2020:0123 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html SuSE Security Announcement: openSUSE-SU-2020:0598 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html Common Vulnerability Exposure (CVE) ID: CVE-2019-1349 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1349 Common Vulnerability Exposure (CVE) ID: CVE-2019-1350 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1350 Common Vulnerability Exposure (CVE) ID: CVE-2019-1351 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1351 Common Vulnerability Exposure (CVE) ID: CVE-2019-1352 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1352 Common Vulnerability Exposure (CVE) ID: CVE-2019-1353 Common Vulnerability Exposure (CVE) ID: CVE-2019-1354 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1354 Common Vulnerability Exposure (CVE) ID: CVE-2019-1387 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6UGTEOXWIYSM5KDZL74QD2GK6YQNQCP/ https://lists.debian.org/debian-lts-announce/2020/01/msg00019.html RedHat Security Advisories: RHSA-2019:4356 https://access.redhat.com/errata/RHSA-2019:4356 RedHat Security Advisories: RHSA-2020:0002 https://access.redhat.com/errata/RHSA-2020:0002 RedHat Security Advisories: RHSA-2020:0124 https://access.redhat.com/errata/RHSA-2020:0124 |
Copyright | Copyright (C) 2020 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |