rpm package
suse/git&distro=SUSE OpenStack Cloud 8
pkg:rpm/suse/git&distro=SUSE%20OpenStack%20Cloud%208
Vulnerabilities (27)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-1350 | — | < 2.12.3-27.22.1 | 2.12.3-27.22.1 | Jan 24, 2020 | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387. | ||
| CVE-2019-1349 | — | < 2.12.3-27.22.1 | 2.12.3-27.22.1 | Jan 24, 2020 | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387. | ||
| CVE-2019-1387 | — | < 2.12.3-27.22.1 | 2.12.3-27.22.1 | Dec 18, 2019 | An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attac | ||
| CVE-2019-19604 | — | < 2.12.3-27.22.1 | 2.12.3-27.22.1 | Dec 10, 2019 | Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository. | ||
| CVE-2018-17456 | — | < 2.12.3-27.17.2 | 2.12.3-27.17.2 | Oct 6, 2018 | Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a ' | ||
| CVE-2018-11235 | — | < 2.12.3-27.14.1 | 2.12.3-27.14.1 | May 30, 2018 | In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-subm | ||
| CVE-2018-11233 | — | < 2.12.3-27.14.1 | 2.12.3-27.14.1 | May 30, 2018 | In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory. |
- CVE-2019-1350Jan 24, 2020affected < 2.12.3-27.22.1fixed 2.12.3-27.22.1
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.
- CVE-2019-1349Jan 24, 2020affected < 2.12.3-27.22.1fixed 2.12.3-27.22.1
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.
- CVE-2019-1387Dec 18, 2019affected < 2.12.3-27.22.1fixed 2.12.3-27.22.1
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attac
- CVE-2019-19604Dec 10, 2019affected < 2.12.3-27.22.1fixed 2.12.3-27.22.1
Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.
- CVE-2018-17456Oct 6, 2018affected < 2.12.3-27.17.2fixed 2.12.3-27.17.2
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '
- CVE-2018-11235May 30, 2018affected < 2.12.3-27.14.1fixed 2.12.3-27.14.1
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-subm
- CVE-2018-11233May 30, 2018affected < 2.12.3-27.14.1fixed 2.12.3-27.14.1
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.
Page 2 of 2