rpm package
suse/git&distro=SUSE Linux Enterprise Server for SAP Applications 12
pkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-1000117 | Hig | 8.8 | < 2.12.3-27.5.1 | 2.12.3-27.5.1 | Oct 5, 2017 | A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an un | |
| CVE-2015-7545 | Cri | 9.8 | < 1.8.5.6-15.1 | 1.8.5.6-15.1 | Apr 13, 2016 | The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in | |
| CVE-2016-2324 | Cri | 9.8 | < 1.8.5.6-18.1 | 1.8.5.6-18.1 | Apr 8, 2016 | Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. | |
| CVE-2016-2315 | Cri | 9.8 | < 1.8.5.6-18.1 | 1.8.5.6-18.1 | Apr 8, 2016 | revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow. |
- affected < 2.12.3-27.5.1fixed 2.12.3-27.5.1
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an un
- affected < 1.8.5.6-15.1fixed 1.8.5.6-15.1
The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in
- affected < 1.8.5.6-18.1fixed 1.8.5.6-18.1
Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
- affected < 1.8.5.6-18.1fixed 1.8.5.6-18.1
revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.