| Max CVSS | 10.0 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-1387 | 6.8 |
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names
|
26-06-2024 - 10:15 | 18-12-2019 - 21:15 | |
| CVE-2016-2324 | 10.0 |
Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
|
21-06-2023 - 15:18 | 08-04-2016 - 14:59 | |
| CVE-2020-5260 | 5.0 |
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from se
|
19-03-2021 - 18:21 | 14-04-2020 - 23:15 | |
| CVE-2010-3906 | 4.3 |
Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters.
|
26-01-2021 - 14:55 | 17-12-2010 - 19:00 | |
| CVE-2013-0308 | 4.3 |
The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL serve
|
26-01-2021 - 14:55 | 08-03-2013 - 21:55 | |
| CVE-2018-17456 | 7.5 |
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has
|
24-08-2020 - 17:37 | 06-10-2018 - 14:29 | |
| CVE-2020-11008 | 5.0 |
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open fo
|
22-05-2020 - 19:15 | 21-04-2020 - 19:15 | |
| CVE-2018-11235 | 6.8 |
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that
|
02-05-2020 - 00:15 | 30-05-2018 - 04:29 | |
| CVE-2017-8386 | 6.5 |
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain pr
|
03-10-2019 - 00:03 | 01-06-2017 - 16:29 | |
| CVE-2017-1000117 | 6.8 |
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of
|
03-10-2019 - 00:03 | 05-10-2017 - 01:29 | |
| CVE-2015-7545 | 7.5 |
The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execut
|
30-10-2018 - 16:27 | 13-04-2016 - 15:59 |