Vulnerabilities > GIT SCM > GIT > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-02-14 CVE-2023-22490 Link Following vulnerability in Git-Scm GIT
Git is a revision control system.
local
low complexity
git-scm CWE-59
5.5
2022-10-19 CVE-2022-39253 Link Following vulnerability in multiple products
Git is an open source, scalable, distributed revision control system.
local
low complexity
git-scm fedoraproject apple debian CWE-59
5.5
2018-05-30 CVE-2018-11235 Path Traversal vulnerability in multiple products
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur.
6.8
2018-05-30 CVE-2018-11233 Out-of-bounds Read vulnerability in multiple products
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.
network
low complexity
canonical git-scm CWE-125
5.0
2018-02-09 CVE-2018-1000021 Improper Input Validation vulnerability in Git-Scm GIT
GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE.
network
high complexity
git-scm CWE-20
5.0
2017-10-14 CVE-2017-15298 Resource Exhaustion vulnerability in Git-Scm GIT
Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb.
4.3
2017-03-20 CVE-2014-9938 Improper Encoding or Escaping of Output vulnerability in Git-Scm GIT
contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.
network
git-scm CWE-116
6.8
2013-03-08 CVE-2013-0308 Improper Input Validation vulnerability in Git-Scm GIT
The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
network
git-scm CWE-20
4.3
2010-12-17 CVE-2010-3906 Cross-Site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters.
network
git git-scm CWE-79
4.3