rpm package
suse/git&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP4
pkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4
Vulnerabilities (22)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-29007 | — | < 2.26.2-27.69.1 | 2.26.2-27.69.1 | Apr 25, 2023 | Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c:: | ||
| CVE-2023-25815 | — | < 2.26.2-27.69.1 | 2.26.2-27.69.1 | Apr 25, 2023 | In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's impli | ||
| CVE-2023-25652 | — | < 2.26.2-27.69.1 | 2.26.2-27.69.1 | Apr 25, 2023 | Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled | ||
| CVE-2023-23946 | — | < 2.26.2-27.66.1 | 2.26.2-27.66.1 | Feb 14, 2023 | Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is r | ||
| CVE-2023-22490 | — | < 2.26.2-27.66.1 | 2.26.2-27.66.1 | Feb 14, 2023 | Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Gi | ||
| CVE-2022-23521 | — | < 2.26.2-27.63.2 | 2.26.2-27.63.2 | Jan 17, 2023 | Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for p | ||
| CVE-2022-41903 | — | < 2.26.2-27.63.2 | 2.26.2-27.63.2 | Jan 17, 2023 | Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer ove | ||
| CVE-2022-29187 | — | < 2.26.2-27.57.1 | 2.26.2-27.57.1 | Jul 12, 2022 | Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, fo | ||
| CVE-2022-24765 | — | < 2.26.2-27.52.1 | 2.26.2-27.52.1 | Apr 12, 2022 | Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked | ||
| CVE-2021-21300 | — | < 2.26.2-27.43.1 | 2.26.2-27.43.1 | Mar 9, 2021 | Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a c | ||
| CVE-2020-11008 | — | < 2.26.2-27.36.1 | 2.26.2-27.36.1 | Apr 21, 2020 | Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ cred | ||
| CVE-2020-5260 | — | < 2.26.0-27.27.1 | 2.26.0-27.27.1 | Apr 14, 2020 | Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the o | ||
| CVE-2019-1353 | — | < 2.12.3-27.22.1 | 2.12.3-27.22.1 | Jan 24, 2020 | An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none o | ||
| CVE-2019-1348 | — | < 2.12.3-27.22.1 | 2.12.3-27.22.1 | Jan 24, 2020 | An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitr | ||
| CVE-2019-1354 | — | < 2.12.3-27.22.1 | 2.12.3-27.22.1 | Jan 24, 2020 | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387. | ||
| CVE-2019-1352 | — | < 2.12.3-27.22.1 | 2.12.3-27.22.1 | Jan 24, 2020 | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387. | ||
| CVE-2019-1351 | — | < 2.12.3-27.22.1 | 2.12.3-27.22.1 | Jan 24, 2020 | A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'. | ||
| CVE-2019-1350 | — | < 2.12.3-27.22.1 | 2.12.3-27.22.1 | Jan 24, 2020 | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387. | ||
| CVE-2019-1349 | — | < 2.12.3-27.22.1 | 2.12.3-27.22.1 | Jan 24, 2020 | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387. | ||
| CVE-2019-1387 | — | < 2.12.3-27.22.1 | 2.12.3-27.22.1 | Dec 18, 2019 | An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attac |
- CVE-2023-29007Apr 25, 2023affected < 2.26.2-27.69.1fixed 2.26.2-27.69.1
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::
- CVE-2023-25815Apr 25, 2023affected < 2.26.2-27.69.1fixed 2.26.2-27.69.1
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's impli
- CVE-2023-25652Apr 25, 2023affected < 2.26.2-27.69.1fixed 2.26.2-27.69.1
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled
- CVE-2023-23946Feb 14, 2023affected < 2.26.2-27.66.1fixed 2.26.2-27.66.1
Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is r
- CVE-2023-22490Feb 14, 2023affected < 2.26.2-27.66.1fixed 2.26.2-27.66.1
Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Gi
- CVE-2022-23521Jan 17, 2023affected < 2.26.2-27.63.2fixed 2.26.2-27.63.2
Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for p
- CVE-2022-41903Jan 17, 2023affected < 2.26.2-27.63.2fixed 2.26.2-27.63.2
Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer ove
- CVE-2022-29187Jul 12, 2022affected < 2.26.2-27.57.1fixed 2.26.2-27.57.1
Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, fo
- CVE-2022-24765Apr 12, 2022affected < 2.26.2-27.52.1fixed 2.26.2-27.52.1
Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked
- CVE-2021-21300Mar 9, 2021affected < 2.26.2-27.43.1fixed 2.26.2-27.43.1
Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a c
- CVE-2020-11008Apr 21, 2020affected < 2.26.2-27.36.1fixed 2.26.2-27.36.1
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ cred
- CVE-2020-5260Apr 14, 2020affected < 2.26.0-27.27.1fixed 2.26.0-27.27.1
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the o
- CVE-2019-1353Jan 24, 2020affected < 2.12.3-27.22.1fixed 2.12.3-27.22.1
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none o
- CVE-2019-1348Jan 24, 2020affected < 2.12.3-27.22.1fixed 2.12.3-27.22.1
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitr
- CVE-2019-1354Jan 24, 2020affected < 2.12.3-27.22.1fixed 2.12.3-27.22.1
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387.
- CVE-2019-1352Jan 24, 2020affected < 2.12.3-27.22.1fixed 2.12.3-27.22.1
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387.
- CVE-2019-1351Jan 24, 2020affected < 2.12.3-27.22.1fixed 2.12.3-27.22.1
A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.
- CVE-2019-1350Jan 24, 2020affected < 2.12.3-27.22.1fixed 2.12.3-27.22.1
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.
- CVE-2019-1349Jan 24, 2020affected < 2.12.3-27.22.1fixed 2.12.3-27.22.1
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.
- CVE-2019-1387Dec 18, 2019affected < 2.12.3-27.22.1fixed 2.12.3-27.22.1
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attac
Page 1 of 2