Vulnerabilities > GIT SCM > GIT > 2.14.1

DATE CVE VULNERABILITY TITLE RISK
2018-05-30 CVE-2018-11235 Path Traversal vulnerability in multiple products
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur.
7.8
2018-05-30 CVE-2018-11233 Out-of-bounds Read vulnerability in multiple products
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.
network
low complexity
canonical git-scm CWE-125
7.5
2018-02-09 CVE-2018-1000021 Improper Input Validation vulnerability in Git-Scm GIT
GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE.
network
high complexity
git-scm CWE-20
5.0
2017-10-14 CVE-2017-15298 Resource Exhaustion vulnerability in multiple products
Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb.
local
low complexity
git-scm canonical CWE-400
5.5
2017-09-29 CVE-2017-14867 OS Command Injection vulnerability in multiple products
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name.
network
low complexity
git-scm debian CWE-78
8.8