rpm package
suse/git&distro=SUSE Linux Enterprise Server 12 SP3-LTSS
pkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS
Vulnerabilities (13)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-24765 | Med | 6.0 | < 2.26.2-27.52.1 | 2.26.2-27.52.1 | Apr 12, 2022 | Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked | |
| CVE-2021-21300 | Hig | 8.0 | < 2.26.2-27.43.1 | 2.26.2-27.43.1 | Mar 9, 2021 | Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a c | |
| CVE-2020-11008 | Med | 4.0 | < 2.26.2-27.36.1 | 2.26.2-27.36.1 | Apr 21, 2020 | Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ cred | |
| CVE-2020-5260 | Cri | 9.3 | < 2.26.0-27.27.1 | 2.26.0-27.27.1 | Apr 14, 2020 | Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the o | |
| CVE-2019-1353 | Cri | 9.8 | < 2.12.3-27.22.1 | 2.12.3-27.22.1 | Jan 24, 2020 | An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none o | |
| CVE-2019-1348 | Low | 3.3 | < 2.12.3-27.22.1 | 2.12.3-27.22.1 | Jan 24, 2020 | An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitr | |
| CVE-2019-1354 | Hig | 8.8 | < 2.12.3-27.22.1 | 2.12.3-27.22.1 | Jan 24, 2020 | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387. | |
| CVE-2019-1352 | Hig | 8.8 | < 2.12.3-27.22.1 | 2.12.3-27.22.1 | Jan 24, 2020 | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387. | |
| CVE-2019-1351 | Hig | 7.5 | < 2.12.3-27.22.1 | 2.12.3-27.22.1 | Jan 24, 2020 | A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'. | |
| CVE-2019-1350 | Hig | 8.8 | < 2.12.3-27.22.1 | 2.12.3-27.22.1 | Jan 24, 2020 | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387. | |
| CVE-2019-1349 | Hig | 8.8 | < 2.12.3-27.22.1 | 2.12.3-27.22.1 | Jan 24, 2020 | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387. | |
| CVE-2019-1387 | Hig | 8.8 | < 2.12.3-27.22.1 | 2.12.3-27.22.1 | Dec 18, 2019 | An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attac | |
| CVE-2019-19604 | Hig | 7.8 | < 2.12.3-27.22.1 | 2.12.3-27.22.1 | Dec 11, 2019 | Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository. |
- affected < 2.26.2-27.52.1fixed 2.26.2-27.52.1
Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked
- affected < 2.26.2-27.43.1fixed 2.26.2-27.43.1
Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a c
- affected < 2.26.2-27.36.1fixed 2.26.2-27.36.1
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ cred
- affected < 2.26.0-27.27.1fixed 2.26.0-27.27.1
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the o
- affected < 2.12.3-27.22.1fixed 2.12.3-27.22.1
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none o
- affected < 2.12.3-27.22.1fixed 2.12.3-27.22.1
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitr
- affected < 2.12.3-27.22.1fixed 2.12.3-27.22.1
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387.
- affected < 2.12.3-27.22.1fixed 2.12.3-27.22.1
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387.
- affected < 2.12.3-27.22.1fixed 2.12.3-27.22.1
A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.
- affected < 2.12.3-27.22.1fixed 2.12.3-27.22.1
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.
- affected < 2.12.3-27.22.1fixed 2.12.3-27.22.1
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.
- affected < 2.12.3-27.22.1fixed 2.12.3-27.22.1
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attac
- affected < 2.12.3-27.22.1fixed 2.12.3-27.22.1
Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.