Vulnerabilities > GIT SCM

DATE CVE VULNERABILITY TITLE RISK
2016-04-08 CVE-2016-2324 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
network
low complexity
suse opensuse git-scm CWE-119
critical
9.8
2016-04-08 CVE-2016-2315 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
network
low complexity
suse opensuse git-scm CWE-119
critical
9.8
2013-03-08 CVE-2013-0308 Improper Input Validation vulnerability in Git-Scm GIT
The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
network
git-scm CWE-20
4.3
2010-12-17 CVE-2010-3906 Cross-Site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters.
network
git git-scm CWE-79
4.3