rpm package
suse/git&distro=SUSE Linux Enterprise Module for Basesystem 15
pkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015
Vulnerabilities (13)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-1353 | — | < 2.16.4-3.17.2 | 2.16.4-3.17.2 | Jan 24, 2020 | An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none o | ||
| CVE-2019-1348 | — | < 2.16.4-3.17.2 | 2.16.4-3.17.2 | Jan 24, 2020 | An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitr | ||
| CVE-2019-1354 | — | < 2.16.4-3.17.2 | 2.16.4-3.17.2 | Jan 24, 2020 | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387. | ||
| CVE-2019-1352 | — | < 2.16.4-3.17.2 | 2.16.4-3.17.2 | Jan 24, 2020 | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387. | ||
| CVE-2019-1351 | — | < 2.16.4-3.17.2 | 2.16.4-3.17.2 | Jan 24, 2020 | A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'. | ||
| CVE-2019-1350 | — | < 2.16.4-3.17.2 | 2.16.4-3.17.2 | Jan 24, 2020 | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387. | ||
| CVE-2019-1349 | — | < 2.16.4-3.17.2 | 2.16.4-3.17.2 | Jan 24, 2020 | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387. | ||
| CVE-2019-1387 | — | < 2.16.4-3.17.2 | 2.16.4-3.17.2 | Dec 18, 2019 | An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attac | ||
| CVE-2019-19604 | — | < 2.16.4-3.17.2 | 2.16.4-3.17.2 | Dec 10, 2019 | Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository. | ||
| CVE-2018-19486 | — | < 2.16.4-3.9.2 | 2.16.4-3.9.2 | Nov 23, 2018 | Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017. | ||
| CVE-2018-17456 | — | < 2.16.4-3.6.1 | 2.16.4-3.6.1 | Oct 6, 2018 | Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a ' | ||
| CVE-2018-11235 | — | < 2.16.4-3.3.2 | 2.16.4-3.3.2 | May 30, 2018 | In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-subm | ||
| CVE-2018-11233 | — | < 2.16.4-3.3.2 | 2.16.4-3.3.2 | May 30, 2018 | In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory. |
- CVE-2019-1353Jan 24, 2020affected < 2.16.4-3.17.2fixed 2.16.4-3.17.2
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none o
- CVE-2019-1348Jan 24, 2020affected < 2.16.4-3.17.2fixed 2.16.4-3.17.2
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitr
- CVE-2019-1354Jan 24, 2020affected < 2.16.4-3.17.2fixed 2.16.4-3.17.2
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387.
- CVE-2019-1352Jan 24, 2020affected < 2.16.4-3.17.2fixed 2.16.4-3.17.2
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387.
- CVE-2019-1351Jan 24, 2020affected < 2.16.4-3.17.2fixed 2.16.4-3.17.2
A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.
- CVE-2019-1350Jan 24, 2020affected < 2.16.4-3.17.2fixed 2.16.4-3.17.2
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.
- CVE-2019-1349Jan 24, 2020affected < 2.16.4-3.17.2fixed 2.16.4-3.17.2
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.
- CVE-2019-1387Dec 18, 2019affected < 2.16.4-3.17.2fixed 2.16.4-3.17.2
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attac
- CVE-2019-19604Dec 10, 2019affected < 2.16.4-3.17.2fixed 2.16.4-3.17.2
Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.
- CVE-2018-19486Nov 23, 2018affected < 2.16.4-3.9.2fixed 2.16.4-3.9.2
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.
- CVE-2018-17456Oct 6, 2018affected < 2.16.4-3.6.1fixed 2.16.4-3.6.1
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '
- CVE-2018-11235May 30, 2018affected < 2.16.4-3.3.2fixed 2.16.4-3.3.2
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-subm
- CVE-2018-11233May 30, 2018affected < 2.16.4-3.3.2fixed 2.16.4-3.3.2
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.