CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7619
https://notcve.org/view.php?id=CVE-2020-7619
02 Apr 2020 — get-git-data through 1.3.1 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the arguments provided to get-git-data. get-git-data versiones hasta 1.3.1, es vulnerable a una Inyección de Comandos. Es posible inyectar comandos arbitrarios como parte de los argumentos proporcionados en get-git-data. • https://github.com/chardos/get-git-data/blob/master/index.js#L7%2C • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-6114
https://notcve.org/view.php?id=CVE-2012-6114
28 Jan 2020 — The git-changelog utility in git-extras 1.7.0 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/changelog or (2) /tmp/.git-effort. La utilidad git-changelog en git-extras versión 1.7.0, permite a usuarios locales sobrescribir archivos arbitrarios por medio de un ataque de tipo symlink en (1) /tmp/changelog o (2) /tmp/.git-effort. • http://www.openwall.com/lists/oss-security/2013/01/22/8 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-10776
https://notcve.org/view.php?id=CVE-2019-10776
07 Jan 2020 — In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2. En la línea 240 del archivo "index.js", el comando run ejecuta el comando git con una variable controlada por el usuario llamada remoteUrl. Esto afecta a git-diff-apply todas las versiones anteriores a la versión 0.22.2. • https://github.com/ossf-cve-benchmark/CVE-2019-10776 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 10%CPEs: 11EXPL: 0CVE-2019-1387 – git: Remote code execution in recursive clones with nested submodules
https://notcve.org/view.php?id=CVE-2019-1387
10 Dec 2019 — An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones. Se encontró un problema en Git versiones anteriores a v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4 y v2. 14.6. Los clones recursivos están... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2019-1353 – Gentoo Linux Security Advisory 202003-30
https://notcve.org/view.php?id=CVE-2019-1353
10 Dec 2019 — An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active. El controlador IEC870IP para Vijeo Citect y Citect SCADA de AVENA y Power SCADA Operation de Schneider Electric, presenta una vulnerabilidad de desbordamiento de búfer que podría resultar en un bl... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html •
CVSS: 3.6EPSS: 0%CPEs: 12EXPL: 0CVE-2019-1348 – git: Arbitrary path overwriting via export-marks in-stream command feature
https://notcve.org/view.php?id=CVE-2019-1348
10 Dec 2019 — An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths. Se encontró un problema en Git anterior a la versión v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4 y v2. 14.6 La opción --export-marks de git fast-import también se expone a trav... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 10EXPL: 1CVE-2019-19604 – Ubuntu Security Notice USN-4220-1
https://notcve.org/view.php?id=CVE-2019-19604
10 Dec 2019 — Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository. Una ejecución de comandos arbitrarios es posible en Git versiones anteriores a 2.20.2, versiones 2.21.x anteriores a 2.21.1, versiones 2.22.x anteriores a 2.22.2, versiones 2.23.x anteriores a 2.23.1 y versiones 2.24.x anteriores a 2.24.1, po... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2013-1425
https://notcve.org/view.php?id=CVE-2013-1425
07 Nov 2019 — ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions. ldap-git-backup versiones anteriores a 1.0.4, expone hashes de contraseña debido a permisos de directorio incorrectos. • https://github.com/elmar/ldap-git-backup/commit/a90f3217fce87962db82d212f73af70693087124 • CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2018-19486 – git: Improper handling of PATH allows for commands to be executed from the current directory
https://notcve.org/view.php?id=CVE-2018-19486
23 Nov 2018 — Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017. Git, en versiones anteriores a la 2.19.2 en Linux y UNIX, ejecuta comandos desde el directorio de trabajo actual (como si '.' estuviera al final de $PATH) en determinados casos relacionados con la API run_command() y run-command.c, debido a un cam... • http://www.securityfocus.com/bid/106020 • CWE-426: Untrusted Search Path •
CVSS: 9.8EPSS: 68%CPEs: 24EXPL: 11CVE-2018-17456 – Git Submodule - Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2018-17456
06 Oct 2018 — Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. Git en versiones anteriores a la 2.14.5, versiones 2.15.x anteriores a la 2.15.3, versiones 2.16.x anteriores a la 2.16.5, versiones 2.17.x anteriores a la 2.17.2, versiones 2.18.x anteriores a la 2.18.1 y versiones 2.... • https://packetstorm.news/files/id/150380 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •