Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
git vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-28955
git-bug prior to 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations (most often seen on Windows).
Git-bug Project Git-bug
9.8
CVSSv3
CVE-2020-28490
The package async-git prior to 1.13.2 are vulnerable to Command Injection via shell meta-characters (back-ticks). For example: git.reset('atouch HACKEDb')
Async-git Project Async-git
9.8
CVSSv3
CVE-2021-3190
The async-git package prior to 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag.
Async-git Project Async-git
9.8
CVSSv3
CVE-2021-3028
git-big-picture prior to 1.0.0 mishandles ' characters in a branch name, leading to code execution.
Git-big-picture Project Git-big-picture
1 Github repository
9.8
CVSSv3
CVE-2020-17530
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.
Apache Struts
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Communications Policy Management 12.5.0
Oracle Financial Services Data Integration Hub 8.0.6
Oracle Financial Services Data Integration Hub 8.0.3
Oracle Hospitality Opera 5 5.6
Oracle Communications Pricing Design Center 12.0.0.3.0
Oracle Mysql Enterprise Monitor 8.0.23
Oracle Communications Diameter Intelligence Hub 8.2.3
Oracle Communications Diameter Intelligence Hub 8.0.0
Oracle Communications Diameter Intelligence Hub 8.2.0
Oracle Communications Diameter Intelligence Hub 8.1.0
18 Github repositories
1 Article
9.8
CVSSv3
CVE-2020-28991
Gitea 0.9.99 up to and including 1.12.x prior to 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go.
Gitea Gitea
9.8
CVSSv3
CVE-2020-27955
Git LFS 2.12.0 allows Remote Code Execution.
Git Large File Storage Project Git Large File Storage 2.12.0
21 Github repositories
9.8
CVSSv3
CVE-2020-8239
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack. This fix also requires Server Side Upgrade due to Standalone Host Checker Client (Windows) and Windows PDC.
Pulsesecure Pulse Secure Desktop Client
Pulsesecure Pulse Secure Desktop Client 9.1
2 Github repositories
9.8
CVSSv3
CVE-2020-16147
The login page in Telmat AccessLog <= 6.0 (TAL_20180415) allows an malicious user to get root shell access via Unauthenticated code injection over the network.
Telmat Accesslog Firmware
Telmat Educ\\@box Firmware
Telmat Git\\@box Firmware
9.8
CVSSv3
CVE-2019-0230
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
Apache Struts
Oracle Financial Services Market Risk Measurement And Management 8.0.6
Oracle Communications Policy Management 12.5.0
Oracle Financial Services Data Integration Hub 8.0.6
Oracle Financial Services Data Integration Hub 8.0.3
Oracle Mysql Enterprise Monitor
10 Github repositories
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »