This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Git-Scm First view 2018-05-30
Product Git Last view 2018-11-23
Version 2.16.0 Type Application
Update rc2  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:git-scm:git

Activity : Overall

Related : CVE

  Date Alert Description
9.8 2018-11-23 CVE-2018-19486

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.

9.8 2018-10-06 CVE-2018-17456

Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.

7.8 2018-05-30 CVE-2018-11235

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.

7.5 2018-05-30 CVE-2018-11233

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.

CWE : Common Weakness Enumeration

%idName
25% (1) CWE-426 Untrusted Search Path
25% (1) CWE-125 Out-of-bounds Read
25% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
25% (1) CWE-20 Improper Input Validation

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-f467c36c2b.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-b10e54263a.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-abfd4c6ac3.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-75f7624a9f.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-42eab0f5b9.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-29afefd172.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-1c1a318a0b.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-06090dff59.nasl - Type: ACT_GATHER_INFO
2018-12-21 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1136.nasl - Type: ACT_GATHER_INFO
2018-12-20 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1136.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1388.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3408.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1377.nasl - Type: ACT_GATHER_INFO
2018-10-26 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1093.nasl - Type: ACT_GATHER_INFO
2018-10-22 Name: The remote Fedora host is missing a security update.
File: fedora_2018-d5139c4fd6.nasl - Type: ACT_GATHER_INFO
2018-10-19 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1093.nasl - Type: ACT_GATHER_INFO
2018-10-16 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_8c08ab4cd06c11e8b35c001b217b3468.nasl - Type: ACT_GATHER_INFO
2018-10-15 Name: The remote Fedora host is missing a security update.
File: fedora_2018-7d993184f6.nasl - Type: ACT_GATHER_INFO
2018-10-11 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-283-01.nasl - Type: ACT_GATHER_INFO
2018-10-09 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4311.nasl - Type: ACT_GATHER_INFO
2018-09-11 Name: The version of Atlassian SourceTree installed on the remote host is affected ...
File: atlassian_sourcetree_2_7_6_macosx.nasl - Type: ACT_GATHER_INFO
2018-09-11 Name: The version of Atlassian SourceTree installed on the remote host is affected ...
File: atlassian_sourcetree_2_6_9.nasl - Type: ACT_GATHER_INFO
2018-07-24 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0053.nasl - Type: ACT_GATHER_INFO
2018-07-24 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0145.nasl - Type: ACT_GATHER_INFO
2018-07-06 Name: The remote Fedora host is missing a security update.
File: fedora_2018-94eb743dad.nasl - Type: ACT_GATHER_INFO