IDCVSSSummaryLast (major) updatePublished
CVE-2018-19486 7.5
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to exec
23-11-2018 - 03:29 23-11-2018 - 03:29
CVE-2018-17456 7.5
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has
06-10-2018 - 10:29 06-10-2018 - 10:29
CVE-2018-11235 6.8
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that
30-05-2018 - 00:29 30-05-2018 - 00:29
CVE-2018-11233 5.0
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.
30-05-2018 - 00:29 30-05-2018 - 00:29
CVE-2018-1000021 6.8
GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious
09-02-2018 - 18:29 09-02-2018 - 18:29
CVE-2017-15298 4.3
Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected pro
14-10-2017 - 18:29 14-10-2017 - 18:29
CVE-2017-1000117 6.8
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of
04-10-2017 - 21:29 04-10-2017 - 21:29
CVE-2016-2324 10.0
Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
02-12-2016 - 22:24 08-04-2016 - 10:59
CVE-2016-2315 10.0
revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
02-12-2016 - 22:24 08-04-2016 - 10:59
Back to Top Mark selected
Back to Top