|Link||package | bugs open | bugs closed | Wiki | GitHub | web search|
|Description||A linkable library for Git|
|CVE-2019-1387||AVG-1075||Medium||Yes||Arbitrary code execution||
A security issue has been found in git before 2.24.1 where recursive clones are currently affected by a vulnerability that is caused by too-lax validation...
|CVE-2019-1354||AVG-1075||High||Yes||Arbitrary code execution||
Filenames on Linux/Unix can contain backslashes. On Windows, backslashes are directory separators. Git did not use to refuse to write out tracked files with...
|CVE-2019-1353||AVG-1075||Medium||Yes||Arbitrary code execution||
When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS...
|CVE-2019-1352||AVG-1075||Medium||Yes||Arbitrary code execution||
A security issue has been found in git before 2.24.1 where it was unaware of NTFS Alternate Data Streams, allowing files inside the .git/ directory to be...
|CVE-2019-1351||AVG-1075||Medium||Yes||Arbitrary code execution||
While the only permitted drive letters for physical drives on Windows are letters of the US-English alphabet, this restriction does not apply to virtual...
|CVE-2019-1350||AVG-1075||Medium||Yes||Arbitrary code execution||
Incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs.
|CVE-2019-1349||AVG-1075||Medium||Yes||Arbitrary code execution||
A security issue has been found in git before 2.24.1 when using submodule paths that refer to the same file system entity (e.g. using the NTFS Alternate...
|CVE-2019-1348||AVG-1075||High||Yes||Arbitrary code execution||
A security issue has been found in git before 2.24.1 where the --export-marks option of git fast-import is exposed also via the in- stream command feature...
An issue has been discovered when checking certificate validity before clobbering the error variable. A valid parameter is provided to indicate whether the...
|CVE-2016-10129||AVG-131||Medium||Yes||Denial of service||
The Git protocol does not specify what should happen in the case of an empty packet line (that is a packet line "0004"). currently it indicates success, but...
|CVE-2016-10128||AVG-131||High||Yes||Arbitrary code execution||
Each packet line in the Git protocol is prefixed by a four-byte length of how much data will follow, which we parse in `git_pkt_parse_line`. The transmitted...
|CVE-2016-8569||AVG-45||Low||Yes||Denial of service||
A null pointer dereference has been discovered while showing a malformed object file.
|CVE-2016-8568||AVG-45||Low||Yes||Denial of service||
A heap-based read out-of-bounds access has been discovered while parsing a malformed object file.
|15 Jan 2017||ASA-201701-21||AVG-131||High||multiple issues|
|16 Nov 2016||ASA-201611-17||AVG-45||Low||denial of service|