Vulnerabilities (CVE)

Vendor filter

Git-scm Subscribe

Product filter

Git Subscribe

Filter

9 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-17456 4 Git-scm, Canonical, Debian and 1 more 11 Git, Ubuntu Linux, Debian Linux and 8 more 2019-04-22 7.5
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file...
CVE-2018-19486 2 Git-scm, Canonical 2 Git, Ubuntu Linux 2019-04-11 7.5
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to...
CVE-2017-15298 2 Git-scm, Canonical 2 Git, Ubuntu Linux 2019-03-12 4.3
Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected...
CVE-2016-2315 4 Suse, Git-scm, Novell and 1 more 10 Linux Enterprise Software Development Kit, Leap, Linux Enterprise Debuginfo and 7 more 2018-10-30 10.0
revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
CVE-2016-2324 4 Suse, Git-scm, Novell and 1 more 10 Linux Enterprise Software Development Kit, Leap, Linux Enterprise Debuginfo and 7 more 2018-10-30 10.0
Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
CVE-2018-11235 5 Git-scm, Gitforwindows, Canonical and 2 more 9 Git, Git, Ubuntu Linux and 6 more 2018-10-21 6.8
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine...
CVE-2018-11233 2 Git-scm, Canonical 2 Git, Ubuntu Linux 2018-10-21 5.0
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.
CVE-2018-1000021 1 Git-scm 1 Git 2018-03-06 6.8
GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a...
CVE-2017-1000117 1 Git-scm 1 Git 2018-01-05 6.8
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file...