VYPR

Vendor CVEs

Git

All CVEs

60 total · sorted by risk
  • CVE-2019-1387Dec 18, 2019
    risk 0.00cvss epss 0.04

    An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted…

  • CVE-2019-19604Dec 10, 2019
    risk 0.00cvss epss 0.04

    Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.

  • CVE-2018-19486Nov 23, 2018
    risk 0.00cvss epss 0.04

    Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.

  • CVE-2015-7082Dec 11, 2015
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in Git before 2.5.4, as used in Apple Xcode before 7.2, have unknown impact and attack vectors. NOTE: this CVE is associated only with Xcode use cases.

  • CVE-2013-0308Mar 8, 2013
    risk 0.00cvss epss 0.02

    The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid…

  • CVE-2010-2542Aug 11, 2010
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy.

  • CVE-2008-5916Jan 21, 2009
    risk 0.00cvss epss 0.00

    gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and…

  • CVE-2008-5516Jan 20, 2009
    risk 0.00cvss epss 0.04

    The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to git_search.

  • CVE-2008-3546Aug 7, 2008
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep.

  • CVE-2006-0477Jan 31, 2006
    risk 0.00cvss epss 0.03

    Buffer overflow in git-checkout-index in GIT before 1.1.5 allows remote attackers to execute arbitrary code via an index file with a long symbolic link.

Page 2 of 2