| Max CVSS | 10.0 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2020-5260 | 5.0 |
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from se
|
21-11-2024 - 05:33 | 14-04-2020 - 23:15 | |
| CVE-2019-1387 | 6.8 |
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names
|
26-06-2024 - 10:15 | 18-12-2019 - 21:15 | |
| CVE-2016-2324 | 10.0 |
Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
|
21-06-2023 - 15:18 | 08-04-2016 - 14:59 | |
| CVE-2018-17456 | 7.5 |
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has
|
24-08-2020 - 17:37 | 06-10-2018 - 14:29 | |
| CVE-2020-11008 | 5.0 |
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open fo
|
22-05-2020 - 19:15 | 21-04-2020 - 19:15 | |
| CVE-2018-11235 | 6.8 |
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that
|
02-05-2020 - 00:15 | 30-05-2018 - 04:29 | |
| CVE-2017-8386 | 6.5 |
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain pr
|
03-10-2019 - 00:03 | 01-06-2017 - 16:29 | |
| CVE-2017-1000117 | 6.8 |
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of
|
03-10-2019 - 00:03 | 05-10-2017 - 01:29 | |
| CVE-2015-7545 | 7.5 |
The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execut
|
30-10-2018 - 16:27 | 13-04-2016 - 15:59 |