Git-scm Git
9 CVEs affecting Git-scm Git. Latest disclosed: 2017-10-14. Critical: 2, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-2324 | Critical | 9.8 | 2016-04-08 | Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-… |
CVE-2016-2315 | Critical | 9.8 | 2016-04-08 | revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many… |
CVE-2017-1000117 | High | 8.8 | 2017-10-05 | A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on… |
CVE-2017-14867 | High | 8.8 | 2017-09-29 | Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands s… |
CVE-2014-9938 | High | 8.8 | 2017-03-20 | contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code executio… |
CVE-2017-15298 | Medium | 5.5 | 2017-10-14 | Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository… |
CVE-2013-0308 | | 2013-03-08 | The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName… | |
CVE-2010-3906 | | 2010-12-17 | Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp… | |
CVE-2010-2542 | | 2010-08-11 | Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in… |