Vulnerabilities > GIT SCM > GIT > 2.14.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-30 | CVE-2018-11235 | Path Traversal vulnerability in multiple products In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. | 7.8 |
| 2018-05-30 | CVE-2018-11233 | Out-of-bounds Read vulnerability in multiple products In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory. | 7.5 |
| 2018-02-09 | CVE-2018-1000021 | Improper Input Validation vulnerability in Git-Scm GIT GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. | 5.0 |
| 2017-10-14 | CVE-2017-15298 | Resource Exhaustion vulnerability in multiple products Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. | 5.5 |
| 2017-10-05 | CVE-2017-1000117 | Open Redirect vulnerability in Git-Scm GIT A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. | 8.8 |
| 2017-09-29 | CVE-2017-14867 | OS Command Injection vulnerability in multiple products Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. | 8.8 |