VYPR

rpm package

opensuse/git&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/git&distro=openSUSE%20Tumbleweed

Vulnerabilities (49)

  • CVE-2022-41903Jan 17, 2023
    affected < 2.39.1-1.1fixed 2.39.1-1.1

    Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer ove

  • CVE-2022-39260Oct 19, 2022
    affected < 2.38.1-1.1fixed 2.38.1-1.1

    Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function

  • CVE-2022-39253Oct 19, 2022
    affected < 2.38.1-1.1fixed 2.38.1-1.1

    Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and ta

  • CVE-2022-29187Jul 12, 2022
    affected < 2.37.1-1.1fixed 2.37.1-1.1

    Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, fo

  • CVE-2022-24765Apr 12, 2022
    affected < 2.35.3-1.1fixed 2.35.3-1.1

    Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked

  • CVE-2021-21300Mar 9, 2021
    affected < 2.33.0-1.3fixed 2.33.0-1.3

    Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a c

  • CVE-2020-11008Apr 21, 2020
    affected < 2.33.0-1.3fixed 2.33.0-1.3

    Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ cred

  • CVE-2020-5260Apr 14, 2020
    affected < 2.33.0-1.3fixed 2.33.0-1.3

    Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the o

  • CVE-2014-9390Feb 12, 2020
    affected < 2.11.0-1.1fixed 2.11.0-1.1

    Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all

  • CVE-2019-1353Jan 24, 2020
    affected < 2.33.0-1.3fixed 2.33.0-1.3

    An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none o

  • CVE-2019-1348Jan 24, 2020
    affected < 2.33.0-1.3fixed 2.33.0-1.3

    An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitr

  • CVE-2019-1354Jan 24, 2020
    affected < 2.33.0-1.3fixed 2.33.0-1.3

    A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387.

  • CVE-2019-1352Jan 24, 2020
    affected < 2.33.0-1.3fixed 2.33.0-1.3

    A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387.

  • CVE-2019-1351Jan 24, 2020
    affected < 2.33.0-1.3fixed 2.33.0-1.3

    A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.

  • CVE-2019-1350Jan 24, 2020
    affected < 2.33.0-1.3fixed 2.33.0-1.3

    A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.

  • CVE-2019-1349Jan 24, 2020
    affected < 2.33.0-1.3fixed 2.33.0-1.3

    A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.

  • CVE-2019-1387Dec 18, 2019
    affected < 2.33.0-1.3fixed 2.33.0-1.3

    An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attac

  • CVE-2019-19604Dec 10, 2019
    affected < 2.33.0-1.3fixed 2.33.0-1.3

    Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.

  • CVE-2018-19486Nov 23, 2018
    affected < 2.33.0-1.3fixed 2.33.0-1.3

    Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.

  • CVE-2018-17456CriOct 6, 2018
    affected < 2.33.0-1.3fixed 2.33.0-1.3

    Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '