CVSS: 10.0EPSS: 8%CPEs: 10EXPL: 0CVE-2016-2324 – git: path_name() integer truncation and overflow leading to buffer overflow
https://notcve.org/view.php?id=CVE-2016-2324
16 Mar 2016 — Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. Desboradmiento de entero en Git en versiones anteriores a 2.7.4 permite a atacantes remotos ejecutar código arbitrario a través de un (1) nombre de archivo grande o (2) muchos árboles anidados, lo que desencadena un desbordamiento de buffer basado en memoria dinámica. An integer truncation flaw and an integer overflow flaw, both... • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183147.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-194: Unexpected Sign Extension •
CVSS: 9.8EPSS: 6%CPEs: 23EXPL: 1CVE-2015-7545 – git: arbitrary code execution via crafted URLs
https://notcve.org/view.php?id=CVE-2015-7545
16 Dec 2015 — The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule. El (1) git-remote-ext y (2) otros programas de ayuda remotos no especificados en Git en versiones anteriores a 2.3.10, 2.4.x en versiones anteriores a 2.4.10, 2.5.x... • https://github.com/avuserow/bug-free-chainsaw • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7082 – Apple Security Advisory 2015-12-08-6
https://notcve.org/view.php?id=CVE-2015-7082
10 Dec 2015 — Multiple unspecified vulnerabilities in Git before 2.5.4, as used in Apple Xcode before 7.2, have unknown impact and attack vectors. NOTE: this CVE is associated only with Xcode use cases. Múltiples vulnerabilidades no especificadas en Git en versiones anteriores a 2.5.4, como se utiliza en Apple Xcode en versiones anteriores a 7.2, tienen impacto y vectores de ataque desconocidos. NOTA: ésta CVE esta asociada solo con casos de uso Xcode. Xcode 7.2 is now available and addresses four vulnerabilities. • http://lists.apple.com/archives/security-announce/2015/Dec/msg00004.html •