Lucene search
K

4 matches found

CVE
CVE
added 2017/10/04 1:0 a.m.311 views

CVE-2017-1000117

CVE-2017-1000117 is a command-injection vulnerability in Git caused by insufficient validation of ssh:// URL handling, enabling arbitrary code execution when a malicious URL is processed (e.g., via git clone --recurse-submodules or a crafted .gitmodules). The connected advisories confirm the issu...

8.8CVSS7.9AI score0.77823EPSS
CVE
CVE
added 2017/09/28 2:0 p.m.213 views

CVE-2017-14867

CVE-2017-14867 affects Git and is caused by unsafe Perl scripts used to support subcommands (notably cvsserver). Vulnerable builds include Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2. The flaw allows an attacker to execute arbitrar...

9CVSS8.8AI score0.36003EPSS
CVE
CVE
added 2017/10/14 7:0 p.m.202 views

CVE-2017-15298

CVE-2017-15298 is linked to Git up to version 2.14.2, where a vulnerability in how layers of tree objects are handled can allow a remote attacker to cause a denial of service via a crafted repository, with potential disk impact. The issue arises from memory data structure construction that may ex...

5.5CVSS5.3AI score0.01641EPSS
CVE
CVE
added 2017/03/20 12:0 a.m.157 views

CVE-2014-9938

CVE-2014-9938 is disclosed in multiple feeds as a vulnerability in Git where the git-prompt.sh script failed to sanitize branch names, enabling potential code execution via PS1 in affected Git versions. Connected documents corroborate this vulnerability as part of EulerOS advisories and Nessus/NV...

8.8CVSS8.5AI score0.0232EPSS