Product:

Git

(Git\-Scm)
Repositories https://github.com/git/git
#Vulnerabilities 36
Date Id Summary Products Score Patch Annotated
2020-01-24 CVE-2019-1348 An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths. Git, Leap 3.3
2020-01-24 CVE-2019-1353 An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active. Git, Leap 9.8
2020-04-21 CVE-2020-11008 Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system.... Ubuntu_linux, Debian_linux, Fedora, Git 7.5
2016-04-08 CVE-2016-2315 revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow. Git, Leap, Opensuse, Linux_enterprise_debuginfo, Linux_enterprise_server, Linux_enterprise_software_development_kit, Openstack_cloud, Suse_linux_enterprise_server 9.8
2016-04-08 CVE-2016-2324 Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. Git, Leap, Opensuse, Linux_enterprise_debuginfo, Linux_enterprise_server, Linux_enterprise_software_development_kit, Openstack_cloud, Suse_linux_enterprise_server 9.8
2009-01-20 CVE-2008-5516 The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to git_search. Git, Git N/A
2010-08-11 CVE-2010-2542 Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy. Git N/A
2020-02-12 CVE-2014-9390 Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2)... Xcode, Egit, Jgit, Git, Libgit2, Mercurial 9.8
2013-03-08 CVE-2013-0308 The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Git N/A
2010-12-17 CVE-2010-3906 Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters. Git, Git N/A