Vulnerabilities > GIT SCM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-14 | CVE-2023-22490 | Link Following vulnerability in Git-Scm GIT Git is a revision control system. | 5.5 |
| 2022-10-19 | CVE-2022-39253 | Link Following vulnerability in multiple products Git is an open source, scalable, distributed revision control system. | 5.5 |
| 2018-05-30 | CVE-2018-11235 | Path Traversal vulnerability in multiple products In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. | 6.8 |
| 2018-05-30 | CVE-2018-11233 | Out-of-bounds Read vulnerability in multiple products In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory. | 5.0 |
| 2018-02-09 | CVE-2018-1000021 | Improper Input Validation vulnerability in Git-Scm GIT GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. | 5.0 |
| 2017-10-14 | CVE-2017-15298 | Resource Exhaustion vulnerability in Git-Scm GIT Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. | 4.3 |
| 2017-03-20 | CVE-2014-9938 | Improper Encoding or Escaping of Output vulnerability in Git-Scm GIT contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution. | 6.8 |
| 2013-03-08 | CVE-2013-0308 | Improper Input Validation vulnerability in Git-Scm GIT The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 4.3 |
| 2010-12-17 | CVE-2010-3906 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters. | 4.3 |