rpm package

suse/git&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP2

pkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2

Vulnerabilities (18)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2021-21300		—	< 2.26.2-27.43.1	2.26.2-27.43.1	Mar 9, 2021	Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a c
CVE-2020-11008		—	< 2.26.2-27.36.1	2.26.2-27.36.1	Apr 21, 2020	Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ cred
CVE-2020-5260		—	< 2.26.0-27.27.1	2.26.0-27.27.1	Apr 14, 2020	Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the o
CVE-2019-1353		—	< 2.12.3-27.22.1	2.12.3-27.22.1	Jan 24, 2020	An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none o
CVE-2019-1348		—	< 2.12.3-27.22.1	2.12.3-27.22.1	Jan 24, 2020	An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitr
CVE-2019-1354		—	< 2.12.3-27.22.1	2.12.3-27.22.1	Jan 24, 2020	A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387.
CVE-2019-1352		—	< 2.12.3-27.22.1	2.12.3-27.22.1	Jan 24, 2020	A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387.
CVE-2019-1351		—	< 2.12.3-27.22.1	2.12.3-27.22.1	Jan 24, 2020	A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.
CVE-2019-1350		—	< 2.12.3-27.22.1	2.12.3-27.22.1	Jan 24, 2020	A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.
CVE-2019-1349		—	< 2.12.3-27.22.1	2.12.3-27.22.1	Jan 24, 2020	A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.
CVE-2019-1387		—	< 2.12.3-27.22.1	2.12.3-27.22.1	Dec 18, 2019	An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attac
CVE-2019-19604		—	< 2.12.3-27.22.1	2.12.3-27.22.1	Dec 10, 2019	Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.
CVE-2018-17456		—	< 2.12.3-27.17.2	2.12.3-27.17.2	Oct 6, 2018	Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '
CVE-2018-11235		—	< 2.12.3-27.14.1	2.12.3-27.14.1	May 30, 2018	In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-subm
CVE-2018-11233		—	< 2.12.3-27.14.1	2.12.3-27.14.1	May 30, 2018	In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.
CVE-2017-1000117	Hig	8.8	< 2.12.3-27.5.1	2.12.3-27.5.1	Oct 5, 2017	A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an un
CVE-2017-14867	Hig	8.8	< 2.12.3-27.9.1	2.12.3-27.9.1	Sep 29, 2017	Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The
CVE-2017-8386	Hig	8.8	< 2.12.3-26.1	2.12.3-26.1	Jun 1, 2017	git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name

CVE-2021-21300Mar 9, 2021
affected < 2.26.2-27.43.1fixed 2.26.2-27.43.1
Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a c
CVE-2020-11008Apr 21, 2020
affected < 2.26.2-27.36.1fixed 2.26.2-27.36.1
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ cred
CVE-2020-5260Apr 14, 2020
affected < 2.26.0-27.27.1fixed 2.26.0-27.27.1
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the o
CVE-2019-1353Jan 24, 2020
affected < 2.12.3-27.22.1fixed 2.12.3-27.22.1
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none o
CVE-2019-1348Jan 24, 2020
affected < 2.12.3-27.22.1fixed 2.12.3-27.22.1
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitr
CVE-2019-1354Jan 24, 2020
affected < 2.12.3-27.22.1fixed 2.12.3-27.22.1
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387.
CVE-2019-1352Jan 24, 2020
affected < 2.12.3-27.22.1fixed 2.12.3-27.22.1
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387.
CVE-2019-1351Jan 24, 2020
affected < 2.12.3-27.22.1fixed 2.12.3-27.22.1
A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.
CVE-2019-1350Jan 24, 2020
affected < 2.12.3-27.22.1fixed 2.12.3-27.22.1
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.
CVE-2019-1349Jan 24, 2020
affected < 2.12.3-27.22.1fixed 2.12.3-27.22.1
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.
CVE-2019-1387Dec 18, 2019
affected < 2.12.3-27.22.1fixed 2.12.3-27.22.1
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attac
CVE-2019-19604Dec 10, 2019
affected < 2.12.3-27.22.1fixed 2.12.3-27.22.1
Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.
CVE-2018-17456Oct 6, 2018
affected < 2.12.3-27.17.2fixed 2.12.3-27.17.2
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '
CVE-2018-11235May 30, 2018
affected < 2.12.3-27.14.1fixed 2.12.3-27.14.1
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-subm
CVE-2018-11233May 30, 2018
affected < 2.12.3-27.14.1fixed 2.12.3-27.14.1
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.
CVE-2017-1000117HigOct 5, 2017
affected < 2.12.3-27.5.1fixed 2.12.3-27.5.1
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an un
CVE-2017-14867HigSep 29, 2017
affected < 2.12.3-27.9.1fixed 2.12.3-27.9.1
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The
CVE-2017-8386HigJun 1, 2017
affected < 2.12.3-26.1fixed 2.12.3-26.1
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name