Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2017-1000117 | 6.8 |
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of
|
03-10-2019 - 00:03 | 05-10-2017 - 01:29 | |
CVE-2017-8386 | 6.5 |
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain pr
|
03-10-2019 - 00:03 | 01-06-2017 - 16:29 | |
CVE-2018-11235 | 6.8 |
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that
|
03-10-2019 - 00:03 | 30-05-2018 - 04:29 | |
CVE-2018-17456 | 7.5 |
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has
|
22-04-2019 - 17:48 | 06-10-2018 - 14:29 | |
CVE-2015-7545 | 7.5 |
The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execut
|
30-10-2018 - 16:27 | 13-04-2016 - 15:59 | |
CVE-2013-0308 | 4.3 |
The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL serve
|
29-08-2017 - 01:33 | 08-03-2013 - 21:55 | |
CVE-2010-3906 | 4.3 |
Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters.
|
01-03-2011 - 07:06 | 17-12-2010 - 19:00 |