rpm package
opensuse/libgit2&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/libgit2&distro=openSUSE%20Tumbleweed
Vulnerabilities (23)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-24577 | — | < 1.7.2-1.1 | 1.7.2-1.1 | Feb 6, 2024 | libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary | ||
| CVE-2024-24575 | — | < 1.7.2-2.1 | 1.7.2-2.1 | Feb 6, 2024 | libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_revparse_single` can cause the function to enter an infinite loop, potentia | ||
| CVE-2024-24574 | — | < 1.7.2-1.1 | 1.7.2-1.1 | Feb 5, 2024 | phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in ver | ||
| CVE-2023-22742 | — | < 1.5.1-1.1 | 1.5.1-1.1 | Jan 20, 2023 | libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the `certificate_check` field of libgit2' | ||
| CVE-2022-29187 | — | < 1.7.1-3.1 | 1.7.1-3.1 | Jul 12, 2022 | Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, fo | ||
| CVE-2022-24765 | — | < 1.4.3-1.1 | 1.4.3-1.1 | Apr 12, 2022 | Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked | ||
| CVE-2019-1353 | — | < 1.1.1-1.2 | 1.1.1-1.2 | Jan 24, 2020 | An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none o | ||
| CVE-2019-1348 | — | < 1.1.1-1.2 | 1.1.1-1.2 | Jan 24, 2020 | An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitr | ||
| CVE-2019-1354 | — | < 1.1.1-1.2 | 1.1.1-1.2 | Jan 24, 2020 | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387. | ||
| CVE-2019-1352 | — | < 1.1.1-1.2 | 1.1.1-1.2 | Jan 24, 2020 | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387. | ||
| CVE-2019-1351 | — | < 1.1.1-1.2 | 1.1.1-1.2 | Jan 24, 2020 | A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'. | ||
| CVE-2019-1350 | — | < 1.1.1-1.2 | 1.1.1-1.2 | Jan 24, 2020 | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387. | ||
| CVE-2019-1349 | — | < 1.1.1-1.2 | 1.1.1-1.2 | Jan 24, 2020 | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387. | ||
| CVE-2019-1387 | — | < 1.1.1-1.2 | 1.1.1-1.2 | Dec 18, 2019 | An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attac | ||
| CVE-2018-17456 | — | < 1.1.1-1.2 | 1.1.1-1.2 | Oct 6, 2018 | Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a ' | ||
| CVE-2018-10887 | — | < 1.1.1-1.2 | 1.1.1-1.2 | Jul 10, 2018 | A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacke | ||
| CVE-2018-11235 | — | < 1.1.1-1.2 | 1.1.1-1.2 | May 30, 2018 | In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-subm | ||
| CVE-2018-8098 | — | < 1.1.1-1.2 | 1.1.1-1.2 | Mar 14, 2018 | Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via a crafted repository index file. | ||
| CVE-2016-10130 | Med | 5.9 | < 1.1.1-1.2 | 1.1.1-1.2 | Mar 24, 2017 | The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable. | |
| CVE-2016-10128 | Cri | 9.8 | < 1.1.1-1.2 | 1.1.1-1.2 | Mar 24, 2017 | Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet. |
- CVE-2024-24577Feb 6, 2024affected < 1.7.2-1.1fixed 1.7.2-1.1
libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary
- CVE-2024-24575Feb 6, 2024affected < 1.7.2-2.1fixed 1.7.2-2.1
libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_revparse_single` can cause the function to enter an infinite loop, potentia
- CVE-2024-24574Feb 5, 2024affected < 1.7.2-1.1fixed 1.7.2-1.1
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in ver
- CVE-2023-22742Jan 20, 2023affected < 1.5.1-1.1fixed 1.5.1-1.1
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the `certificate_check` field of libgit2'
- CVE-2022-29187Jul 12, 2022affected < 1.7.1-3.1fixed 1.7.1-3.1
Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, fo
- CVE-2022-24765Apr 12, 2022affected < 1.4.3-1.1fixed 1.4.3-1.1
Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked
- CVE-2019-1353Jan 24, 2020affected < 1.1.1-1.2fixed 1.1.1-1.2
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none o
- CVE-2019-1348Jan 24, 2020affected < 1.1.1-1.2fixed 1.1.1-1.2
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitr
- CVE-2019-1354Jan 24, 2020affected < 1.1.1-1.2fixed 1.1.1-1.2
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387.
- CVE-2019-1352Jan 24, 2020affected < 1.1.1-1.2fixed 1.1.1-1.2
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387.
- CVE-2019-1351Jan 24, 2020affected < 1.1.1-1.2fixed 1.1.1-1.2
A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.
- CVE-2019-1350Jan 24, 2020affected < 1.1.1-1.2fixed 1.1.1-1.2
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.
- CVE-2019-1349Jan 24, 2020affected < 1.1.1-1.2fixed 1.1.1-1.2
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.
- CVE-2019-1387Dec 18, 2019affected < 1.1.1-1.2fixed 1.1.1-1.2
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attac
- CVE-2018-17456Oct 6, 2018affected < 1.1.1-1.2fixed 1.1.1-1.2
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '
- CVE-2018-10887Jul 10, 2018affected < 1.1.1-1.2fixed 1.1.1-1.2
A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacke
- CVE-2018-11235May 30, 2018affected < 1.1.1-1.2fixed 1.1.1-1.2
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-subm
- CVE-2018-8098Mar 14, 2018affected < 1.1.1-1.2fixed 1.1.1-1.2
Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via a crafted repository index file.
- affected < 1.1.1-1.2fixed 1.1.1-1.2
The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.
- affected < 1.1.1-1.2fixed 1.1.1-1.2
Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.
Page 1 of 2