rpm package
suse/git&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP2
pkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2
Vulnerabilities (17)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-32465 | — | < 2.26.2-150000.56.1 | 2.26.2-150000.56.1 | May 14, 2024 | Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repo | ||
| CVE-2024-32021 | — | < 2.26.2-150000.56.1 | 2.26.2-150000.56.1 | May 14, 2024 | Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as th | ||
| CVE-2024-32020 | — | < 2.26.2-150000.56.1 | 2.26.2-150000.56.1 | May 14, 2024 | Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source reposito | ||
| CVE-2024-32004 | — | < 2.26.2-150000.56.1 | 2.26.2-150000.56.1 | May 14, 2024 | Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2 | ||
| CVE-2024-32002 | — | < 2.26.2-150000.56.1 | 2.26.2-150000.56.1 | May 14, 2024 | Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a | ||
| CVE-2024-24577 | — | < 2.26.2-150000.59.1 | 2.26.2-150000.59.1 | Feb 6, 2024 | libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary | ||
| CVE-2023-29007 | — | < 2.26.2-150000.50.1 | 2.26.2-150000.50.1 | Apr 25, 2023 | Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c:: | ||
| CVE-2023-25815 | — | < 2.26.2-150000.50.1 | 2.26.2-150000.50.1 | Apr 25, 2023 | In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's impli | ||
| CVE-2023-25652 | — | < 2.26.2-150000.50.1 | 2.26.2-150000.50.1 | Apr 25, 2023 | Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled | ||
| CVE-2023-23946 | — | < 2.26.2-150000.47.1 | 2.26.2-150000.47.1 | Feb 14, 2023 | Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is r | ||
| CVE-2023-22490 | — | < 2.26.2-150000.47.1 | 2.26.2-150000.47.1 | Feb 14, 2023 | Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Gi | ||
| CVE-2022-23521 | — | < 2.26.2-150000.44.1 | 2.26.2-150000.44.1 | Jan 17, 2023 | Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for p | ||
| CVE-2022-41903 | — | < 2.26.2-150000.44.1 | 2.26.2-150000.44.1 | Jan 17, 2023 | Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer ove | ||
| CVE-2022-39260 | — | < 2.26.2-150000.47.1 | 2.26.2-150000.47.1 | Oct 19, 2022 | Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function | ||
| CVE-2022-39253 | — | < 2.26.2-150000.47.1 | 2.26.2-150000.47.1 | Oct 19, 2022 | Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and ta | ||
| CVE-2022-29187 | — | < 2.26.2-150000.41.1 | 2.26.2-150000.41.1 | Jul 12, 2022 | Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, fo | ||
| CVE-2022-24765 | — | < 2.26.2-150000.36.1 | 2.26.2-150000.36.1 | Apr 12, 2022 | Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked |
- CVE-2024-32465May 14, 2024affected < 2.26.2-150000.56.1fixed 2.26.2-150000.56.1
Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repo
- CVE-2024-32021May 14, 2024affected < 2.26.2-150000.56.1fixed 2.26.2-150000.56.1
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as th
- CVE-2024-32020May 14, 2024affected < 2.26.2-150000.56.1fixed 2.26.2-150000.56.1
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source reposito
- CVE-2024-32004May 14, 2024affected < 2.26.2-150000.56.1fixed 2.26.2-150000.56.1
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2
- CVE-2024-32002May 14, 2024affected < 2.26.2-150000.56.1fixed 2.26.2-150000.56.1
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a
- CVE-2024-24577Feb 6, 2024affected < 2.26.2-150000.59.1fixed 2.26.2-150000.59.1
libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary
- CVE-2023-29007Apr 25, 2023affected < 2.26.2-150000.50.1fixed 2.26.2-150000.50.1
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::
- CVE-2023-25815Apr 25, 2023affected < 2.26.2-150000.50.1fixed 2.26.2-150000.50.1
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's impli
- CVE-2023-25652Apr 25, 2023affected < 2.26.2-150000.50.1fixed 2.26.2-150000.50.1
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled
- CVE-2023-23946Feb 14, 2023affected < 2.26.2-150000.47.1fixed 2.26.2-150000.47.1
Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is r
- CVE-2023-22490Feb 14, 2023affected < 2.26.2-150000.47.1fixed 2.26.2-150000.47.1
Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Gi
- CVE-2022-23521Jan 17, 2023affected < 2.26.2-150000.44.1fixed 2.26.2-150000.44.1
Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for p
- CVE-2022-41903Jan 17, 2023affected < 2.26.2-150000.44.1fixed 2.26.2-150000.44.1
Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer ove
- CVE-2022-39260Oct 19, 2022affected < 2.26.2-150000.47.1fixed 2.26.2-150000.47.1
Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function
- CVE-2022-39253Oct 19, 2022affected < 2.26.2-150000.47.1fixed 2.26.2-150000.47.1
Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and ta
- CVE-2022-29187Jul 12, 2022affected < 2.26.2-150000.41.1fixed 2.26.2-150000.41.1
Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, fo
- CVE-2022-24765Apr 12, 2022affected < 2.26.2-150000.36.1fixed 2.26.2-150000.36.1
Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked