Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-14867 (GCVE-0-2017-14867)
Vulnerability from cvelistv5 – Published: 2017-09-28 14:00 – Updated: 2024-08-05 19:42
VLAI?
EPSS
Summary
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:42:21.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/09/26/9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/876854"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.debian.org/debian-security-announce/2017/msg00246.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://public-inbox.org/git/xmqqy3p29ekj.fsf%40gitster.mtv.corp.google.com/T/#u"
},
{
"name": "1039431",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039431"
},
{
"name": "101060",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101060"
},
{
"name": "DSA-3984",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-3984"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openwall.com/lists/oss-security/2017/09/26/9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/876854"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.debian.org/debian-security-announce/2017/msg00246.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://public-inbox.org/git/xmqqy3p29ekj.fsf%40gitster.mtv.corp.google.com/T/#u"
},
{
"name": "1039431",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039431"
},
{
"name": "101060",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101060"
},
{
"name": "DSA-3984",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-3984"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14867",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2017/09/26/9",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2017/09/26/9"
},
{
"name": "https://bugs.debian.org/876854",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/876854"
},
{
"name": "https://lists.debian.org/debian-security-announce/2017/msg00246.html",
"refsource": "CONFIRM",
"url": "https://lists.debian.org/debian-security-announce/2017/msg00246.html"
},
{
"name": "https://public-inbox.org/git/xmqqy3p29ekj.fsf@gitster.mtv.corp.google.com/T/#u",
"refsource": "CONFIRM",
"url": "https://public-inbox.org/git/xmqqy3p29ekj.fsf@gitster.mtv.corp.google.com/T/#u"
},
{
"name": "1039431",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039431"
},
{
"name": "101060",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101060"
},
{
"name": "DSA-3984",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3984"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14867",
"datePublished": "2017-09-28T14:00:00",
"dateReserved": "2017-09-28T00:00:00",
"dateUpdated": "2024-08-05T19:42:21.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.10.4\", \"matchCriteriaId\": \"869803A7-F867-498B-AE64-424EE475E890\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:git-scm:git:2.11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B97E04C0-465C-4A2D-8FD5-FC75094E3736\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:git-scm:git:2.11.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4EA24D16-84C8-4DF6-B4E1-288A3C991518\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:git-scm:git:2.11.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FAA9C323-AEAA-4A55-849B-B0E731709AD6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:git-scm:git:2.11.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"301975E7-A398-49F1-BC07-5D72643C16D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:git-scm:git:2.12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9CAC635-62EE-49EC-A5AA-5B4D8A1C6AC8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:git-scm:git:2.12.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"79BF6D70-E21E-4E47-A41E-C063659A7786\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:git-scm:git:2.12.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5EDA604D-2901-4AF2-9411-80681B445F19\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:git-scm:git:2.12.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6EC96D3-BD11-4E2A-9E7B-276F4311EF54\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:git-scm:git:2.12.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"58C65FA3-5BA4-40E5-A0C3-38E464A60D05\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:git-scm:git:2.13.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5EE0CA61-E0C2-432C-9095-DEDC2DDA32E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:git-scm:git:2.13.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5CF7CD32-A6BB-474A-A356-C2BFBBE9910A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:git-scm:git:2.13.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6945B1B-75CF-42F5-A93E-D077CA1ED9E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:git-scm:git:2.13.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D3A3F02-578A-4C96-B0A8-AED9204B8872\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:git-scm:git:2.13.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17B08345-AE7F-4130-AD09-A5BA2F2C2F71\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:git-scm:git:2.13.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D69295DA-2E14-4FF3-8778-7650B20A75B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:git-scm:git:2.14.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"75FFDA48-13E9-4918-BA44-EE3BCF670B31\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:git-scm:git:2.14.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"75FDC16B-61FD-4D08-8EBF-D0DAB07079BC\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.\"}, {\"lang\": \"es\", \"value\": \"Git en versiones anteriores a la 2.10.5, las versiones 2.11.x anteriores a 2.11.4, las 2.12.x anteriores a2.12.5, las 2.13.x anteriores a 2.13.6 y las 2.14.x anteriores a 2.14.2 emplean scripts de Perl no seguros para dar soporte a subcomandos como cvsserver. Esto permite que los atacantes ejecuten comandos arbitrarios del sistema operativo mediante metacaracteres shell en un nombre de m\\u00f3dulo. El c\\u00f3digo vulnerable puede alcanzarse mediante git-shell incluso sin soporte para CVS.\"}]",
"id": "CVE-2017-14867",
"lastModified": "2024-11-21T03:13:40.097",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:C/I:C/A:C\", \"baseScore\": 9.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2017-09-29T01:34:50.047",
"references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2017/09/26/9\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/101060\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039431\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://bugs.debian.org/876854\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-security-announce/2017/msg00246.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://public-inbox.org/git/xmqqy3p29ekj.fsf%40gitster.mtv.corp.google.com/T/#u\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.debian.org/security/2017/dsa-3984\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2017/09/26/9\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/101060\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039431\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://bugs.debian.org/876854\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-security-announce/2017/msg00246.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://public-inbox.org/git/xmqqy3p29ekj.fsf%40gitster.mtv.corp.google.com/T/#u\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2017/dsa-3984\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2017-14867\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-09-29T01:34:50.047\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.\"},{\"lang\":\"es\",\"value\":\"Git en versiones anteriores a la 2.10.5, las versiones 2.11.x anteriores a 2.11.4, las 2.12.x anteriores a2.12.5, las 2.13.x anteriores a 2.13.6 y las 2.14.x anteriores a 2.14.2 emplean scripts de Perl no seguros para dar soporte a subcomandos como cvsserver. Esto permite que los atacantes ejecuten comandos arbitrarios del sistema operativo mediante metacaracteres shell en un nombre de m\u00f3dulo. El c\u00f3digo vulnerable puede alcanzarse mediante git-shell incluso sin soporte para CVS.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.10.4\",\"matchCriteriaId\":\"869803A7-F867-498B-AE64-424EE475E890\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:2.11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B97E04C0-465C-4A2D-8FD5-FC75094E3736\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:2.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EA24D16-84C8-4DF6-B4E1-288A3C991518\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:2.11.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAA9C323-AEAA-4A55-849B-B0E731709AD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:2.11.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"301975E7-A398-49F1-BC07-5D72643C16D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:2.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9CAC635-62EE-49EC-A5AA-5B4D8A1C6AC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:2.12.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79BF6D70-E21E-4E47-A41E-C063659A7786\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:2.12.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EDA604D-2901-4AF2-9411-80681B445F19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:2.12.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6EC96D3-BD11-4E2A-9E7B-276F4311EF54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:2.12.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58C65FA3-5BA4-40E5-A0C3-38E464A60D05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:2.13.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EE0CA61-E0C2-432C-9095-DEDC2DDA32E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:2.13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CF7CD32-A6BB-474A-A356-C2BFBBE9910A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:2.13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6945B1B-75CF-42F5-A93E-D077CA1ED9E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:2.13.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D3A3F02-578A-4C96-B0A8-AED9204B8872\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:2.13.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17B08345-AE7F-4130-AD09-A5BA2F2C2F71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:2.13.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D69295DA-2E14-4FF3-8778-7650B20A75B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:2.14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75FFDA48-13E9-4918-BA44-EE3BCF670B31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:2.14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75FDC16B-61FD-4D08-8EBF-D0DAB07079BC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2017/09/26/9\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/101060\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039431\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugs.debian.org/876854\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-security-announce/2017/msg00246.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://public-inbox.org/git/xmqqy3p29ekj.fsf%40gitster.mtv.corp.google.com/T/#u\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.debian.org/security/2017/dsa-3984\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2017/09/26/9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/101060\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039431\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugs.debian.org/876854\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-security-announce/2017/msg00246.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://public-inbox.org/git/xmqqy3p29ekj.fsf%40gitster.mtv.corp.google.com/T/#u\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2017/dsa-3984\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
CNVD-2017-34695
Vulnerability from cnvd - Published: 2017-11-21
VLAI Severity ?
Title
Git操作系统命令注入漏洞
Description
Git是美国软件开发者林纳斯-托瓦兹(Linus Torvalds)所研发的一套免费、开源的分布式版本控制系统。
Git操作系统存在命令注入漏洞。攻击者可借助模块名中的shell元字符利用该漏洞执行任意的操作系统命令。
Severity
高
Patch Name
Git操作系统命令注入漏洞的补丁
Patch Description
Git是美国软件开发者林纳斯-托瓦兹(Linus Torvalds)所研发的一套免费、开源的分布式版本控制系统。
Git操作系统存在命令注入漏洞。攻击者可借助模块名中的shell元字符利用该漏洞执行任意的操作系统命令。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页: https://git-scm.com/
Reference
https://nvd.nist.gov/vuln/detail/CVE-2017-14867
http://www.securityfocus.com/bid/101060
Impacted products
| Name | ['GIT Git <2.10.5', 'GIT Git 2.11.*,<2.11.4', 'GIT Git 2.12.*,<2.12.5', 'GIT Git 2.13.*,<2.13.6', 'GIT Git 2.14.*,<2.14.2'] |
|---|
{
"bids": {
"bid": {
"bidNumber": "101060"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2017-14867"
}
},
"description": "Git\u662f\u7f8e\u56fd\u8f6f\u4ef6\u5f00\u53d1\u8005\u6797\u7eb3\u65af-\u6258\u74e6\u5179\uff08Linus Torvalds\uff09\u6240\u7814\u53d1\u7684\u4e00\u5957\u514d\u8d39\u3001\u5f00\u6e90\u7684\u5206\u5e03\u5f0f\u7248\u672c\u63a7\u5236\u7cfb\u7edf\u3002\r\n\r\nGit\u64cd\u4f5c\u7cfb\u7edf\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u6a21\u5757\u540d\u4e2d\u7684shell\u5143\u5b57\u7b26\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u7684\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u3002",
"discovererName": "Git",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://git-scm.com/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-34695",
"openTime": "2017-11-21",
"patchDescription": "Git\u662f\u7f8e\u56fd\u8f6f\u4ef6\u5f00\u53d1\u8005\u6797\u7eb3\u65af-\u6258\u74e6\u5179\uff08Linus Torvalds\uff09\u6240\u7814\u53d1\u7684\u4e00\u5957\u514d\u8d39\u3001\u5f00\u6e90\u7684\u5206\u5e03\u5f0f\u7248\u672c\u63a7\u5236\u7cfb\u7edf\u3002\r\n\r\nGit\u64cd\u4f5c\u7cfb\u7edf\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u6a21\u5757\u540d\u4e2d\u7684shell\u5143\u5b57\u7b26\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u7684\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Git\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"GIT Git \u003c2.10.5",
"GIT Git 2.11.*\uff0c\u003c2.11.4",
"GIT Git 2.12.*\uff0c\u003c2.12.5",
"GIT Git 2.13.*\uff0c\u003c2.13.6",
"GIT Git 2.14.*\uff0c\u003c2.14.2"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-14867\r\nhttp://www.securityfocus.com/bid/101060",
"serverity": "\u9ad8",
"submitTime": "2017-09-29",
"title": "Git\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}
MSRC_CVE-2017-14867
Vulnerability from csaf_microsoft - Published: 2017-09-02 00:00 - Updated: 2025-09-03 19:28Summary
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2017-14867 Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2017/msrc_cve-2017-14867.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.",
"tracking": {
"current_release_date": "2025-09-03T19:28:37.000Z",
"generator": {
"date": "2025-10-19T17:11:55.815Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2017-14867",
"initial_release_date": "2017-09-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-09-03T19:28:37.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
},
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "16817"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 git 2.45.2-1",
"product": {
"name": "\u003cazl3 git 2.45.2-1",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "azl3 git 2.45.2-1",
"product": {
"name": "azl3 git 2.45.2-1",
"product_id": "16899"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 git 2.45.2-1",
"product": {
"name": "\u003cazl3 git 2.45.2-1",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "azl3 git 2.45.2-1",
"product": {
"name": "azl3 git 2.45.2-1",
"product_id": "16899"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 git 2.42.0-2",
"product": {
"name": "\u003cazl3 git 2.42.0-2",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 git 2.42.0-2",
"product": {
"name": "azl3 git 2.42.0-2",
"product_id": "19689"
}
}
],
"category": "product_name",
"name": "git"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 git 2.45.2-1 as a component of Azure Linux 3.0",
"product_id": "17084-2"
},
"product_reference": "2",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 git 2.45.2-1 as a component of Azure Linux 3.0",
"product_id": "16899-17084"
},
"product_reference": "16899",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 git 2.45.2-1 as a component of Azure Linux 3.0",
"product_id": "16817-3"
},
"product_reference": "3",
"relates_to_product_reference": "16817"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 git 2.45.2-1 as a component of Azure Linux 3.0",
"product_id": "16899-16817"
},
"product_reference": "16899",
"relates_to_product_reference": "16817"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 git 2.42.0-2 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 git 2.42.0-2 as a component of Azure Linux 3.0",
"product_id": "19689-17084"
},
"product_reference": "19689",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-14867",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0026#39;OS Command Injection\u0026#39;)"
},
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"16899-17084",
"16899-16817",
"19689-17084"
],
"known_affected": [
"17084-2",
"16817-3",
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2017-14867 Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2017/msrc_cve-2017-14867.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-03T19:28:37.000Z",
"details": "2.45.2-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-2",
"16817-3",
"17084-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"17084-2",
"16817-3",
"17084-1"
]
}
],
"title": "Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support."
}
]
}
GHSA-H66V-9G4G-85X5
Vulnerability from github – Published: 2022-05-13 01:11 – Updated: 2025-04-20 03:46
VLAI?
Details
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.
Severity ?
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2017-14867"
],
"database_specific": {
"cwe_ids": [
"CWE-78"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-09-29T01:34:00Z",
"severity": "HIGH"
},
"details": "Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.",
"id": "GHSA-h66v-9g4g-85x5",
"modified": "2025-04-20T03:46:02Z",
"published": "2022-05-13T01:11:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14867"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/876854"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-security-announce/2017/msg00246.html"
},
{
"type": "WEB",
"url": "https://public-inbox.org/git/xmqqy3p29ekj.fsf%40gitster.mtv.corp.google.com/T/#u"
},
{
"type": "WEB",
"url": "https://public-inbox.org/git/xmqqy3p29ekj.fsf@gitster.mtv.corp.google.com/T/#u"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-3984"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2017/09/26/9"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101060"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039431"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
FKIE_CVE-2017-14867
Vulnerability from fkie_nvd - Published: 2017-09-29 01:34 - Updated: 2025-04-20 01:37
Severity ?
Summary
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| git-scm | git | * | |
| git-scm | git | 2.11.0 | |
| git-scm | git | 2.11.1 | |
| git-scm | git | 2.11.2 | |
| git-scm | git | 2.11.3 | |
| git-scm | git | 2.12.0 | |
| git-scm | git | 2.12.1 | |
| git-scm | git | 2.12.2 | |
| git-scm | git | 2.12.3 | |
| git-scm | git | 2.12.4 | |
| git-scm | git | 2.13.0 | |
| git-scm | git | 2.13.1 | |
| git-scm | git | 2.13.2 | |
| git-scm | git | 2.13.3 | |
| git-scm | git | 2.13.4 | |
| git-scm | git | 2.13.5 | |
| git-scm | git | 2.14.0 | |
| git-scm | git | 2.14.1 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"matchCriteriaId": "869803A7-F867-498B-AE64-424EE475E890",
"versionEndIncluding": "2.10.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:git-scm:git:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B97E04C0-465C-4A2D-8FD5-FC75094E3736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:git-scm:git:2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA24D16-84C8-4DF6-B4E1-288A3C991518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:git-scm:git:2.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA9C323-AEAA-4A55-849B-B0E731709AD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:git-scm:git:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "301975E7-A398-49F1-BC07-5D72643C16D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:git-scm:git:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9CAC635-62EE-49EC-A5AA-5B4D8A1C6AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:git-scm:git:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79BF6D70-E21E-4E47-A41E-C063659A7786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:git-scm:git:2.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDA604D-2901-4AF2-9411-80681B445F19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:git-scm:git:2.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A6EC96D3-BD11-4E2A-9E7B-276F4311EF54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:git-scm:git:2.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "58C65FA3-5BA4-40E5-A0C3-38E464A60D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:git-scm:git:2.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5EE0CA61-E0C2-432C-9095-DEDC2DDA32E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:git-scm:git:2.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CF7CD32-A6BB-474A-A356-C2BFBBE9910A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:git-scm:git:2.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6945B1B-75CF-42F5-A93E-D077CA1ED9E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:git-scm:git:2.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3A3F02-578A-4C96-B0A8-AED9204B8872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:git-scm:git:2.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "17B08345-AE7F-4130-AD09-A5BA2F2C2F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:git-scm:git:2.13.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D69295DA-2E14-4FF3-8778-7650B20A75B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:git-scm:git:2.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "75FFDA48-13E9-4918-BA44-EE3BCF670B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:git-scm:git:2.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75FDC16B-61FD-4D08-8EBF-D0DAB07079BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support."
},
{
"lang": "es",
"value": "Git en versiones anteriores a la 2.10.5, las versiones 2.11.x anteriores a 2.11.4, las 2.12.x anteriores a2.12.5, las 2.13.x anteriores a 2.13.6 y las 2.14.x anteriores a 2.14.2 emplean scripts de Perl no seguros para dar soporte a subcomandos como cvsserver. Esto permite que los atacantes ejecuten comandos arbitrarios del sistema operativo mediante metacaracteres shell en un nombre de m\u00f3dulo. El c\u00f3digo vulnerable puede alcanzarse mediante git-shell incluso sin soporte para CVS."
}
],
"id": "CVE-2017-14867",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-29T01:34:50.047",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/09/26/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101060"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039431"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/876854"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-security-announce/2017/msg00246.html"
},
{
"source": "cve@mitre.org",
"url": "https://public-inbox.org/git/xmqqy3p29ekj.fsf%40gitster.mtv.corp.google.com/T/#u"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/09/26/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/876854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-security-announce/2017/msg00246.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://public-inbox.org/git/xmqqy3p29ekj.fsf%40gitster.mtv.corp.google.com/T/#u"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3984"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
SUSE-SU-2017:2747-1
Vulnerability from csaf_suse - Published: 2017-10-17 11:38 - Updated: 2017-10-17 11:38Summary
Security update for git
Notes
Title of the patch
Security update for git
Description of the patch
This update for git fixes the following issues:
This security issue was fixed:
- CVE-2017-14867: Git used unsafe Perl scripts to support subcommands such as
cvsserver, which allowed attackers to execute arbitrary OS commands via shell
metacharacters in a module name (bsc#1061041).
Patchnames
SUSE-CAASP-ALL-2017-1704,SUSE-OpenStack-Cloud-6-2017-1704,SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1704,SUSE-SLE-RPI-12-SP2-2017-1704,SUSE-SLE-SAP-12-SP1-2017-1704,SUSE-SLE-SDK-12-SP2-2017-1704,SUSE-SLE-SDK-12-SP3-2017-1704,SUSE-SLE-SERVER-12-SP1-2017-1704,SUSE-SLE-SERVER-12-SP2-2017-1704,SUSE-SLE-SERVER-12-SP3-2017-1704
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for git",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for git fixes the following issues:\n\nThis security issue was fixed:\n\n- CVE-2017-14867: Git used unsafe Perl scripts to support subcommands such as\n cvsserver, which allowed attackers to execute arbitrary OS commands via shell\n metacharacters in a module name (bsc#1061041).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-CAASP-ALL-2017-1704,SUSE-OpenStack-Cloud-6-2017-1704,SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1704,SUSE-SLE-RPI-12-SP2-2017-1704,SUSE-SLE-SAP-12-SP1-2017-1704,SUSE-SLE-SDK-12-SP2-2017-1704,SUSE-SLE-SDK-12-SP3-2017-1704,SUSE-SLE-SERVER-12-SP1-2017-1704,SUSE-SLE-SERVER-12-SP2-2017-1704,SUSE-SLE-SERVER-12-SP3-2017-1704",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2747-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:2747-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172747-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:2747-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-October/003301.html"
},
{
"category": "self",
"summary": "SUSE Bug 1061041",
"url": "https://bugzilla.suse.com/1061041"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-14867 page",
"url": "https://www.suse.com/security/cve/CVE-2017-14867/"
}
],
"title": "Security update for git",
"tracking": {
"current_release_date": "2017-10-17T11:38:17Z",
"generator": {
"date": "2017-10-17T11:38:17Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:2747-1",
"initial_release_date": "2017-10-17T11:38:17Z",
"revision_history": [
{
"date": "2017-10-17T11:38:17Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "git-core-2.12.3-27.9.1.aarch64",
"product": {
"name": "git-core-2.12.3-27.9.1.aarch64",
"product_id": "git-core-2.12.3-27.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "git-2.12.3-27.9.1.aarch64",
"product": {
"name": "git-2.12.3-27.9.1.aarch64",
"product_id": "git-2.12.3-27.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "git-arch-2.12.3-27.9.1.aarch64",
"product": {
"name": "git-arch-2.12.3-27.9.1.aarch64",
"product_id": "git-arch-2.12.3-27.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "git-cvs-2.12.3-27.9.1.aarch64",
"product": {
"name": "git-cvs-2.12.3-27.9.1.aarch64",
"product_id": "git-cvs-2.12.3-27.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "git-daemon-2.12.3-27.9.1.aarch64",
"product": {
"name": "git-daemon-2.12.3-27.9.1.aarch64",
"product_id": "git-daemon-2.12.3-27.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "git-email-2.12.3-27.9.1.aarch64",
"product": {
"name": "git-email-2.12.3-27.9.1.aarch64",
"product_id": "git-email-2.12.3-27.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "git-gui-2.12.3-27.9.1.aarch64",
"product": {
"name": "git-gui-2.12.3-27.9.1.aarch64",
"product_id": "git-gui-2.12.3-27.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "git-svn-2.12.3-27.9.1.aarch64",
"product": {
"name": "git-svn-2.12.3-27.9.1.aarch64",
"product_id": "git-svn-2.12.3-27.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "git-web-2.12.3-27.9.1.aarch64",
"product": {
"name": "git-web-2.12.3-27.9.1.aarch64",
"product_id": "git-web-2.12.3-27.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "gitk-2.12.3-27.9.1.aarch64",
"product": {
"name": "gitk-2.12.3-27.9.1.aarch64",
"product_id": "gitk-2.12.3-27.9.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "git-doc-2.12.3-27.9.1.noarch",
"product": {
"name": "git-doc-2.12.3-27.9.1.noarch",
"product_id": "git-doc-2.12.3-27.9.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "git-core-2.12.3-27.9.1.ppc64le",
"product": {
"name": "git-core-2.12.3-27.9.1.ppc64le",
"product_id": "git-core-2.12.3-27.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "git-2.12.3-27.9.1.ppc64le",
"product": {
"name": "git-2.12.3-27.9.1.ppc64le",
"product_id": "git-2.12.3-27.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "git-arch-2.12.3-27.9.1.ppc64le",
"product": {
"name": "git-arch-2.12.3-27.9.1.ppc64le",
"product_id": "git-arch-2.12.3-27.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "git-cvs-2.12.3-27.9.1.ppc64le",
"product": {
"name": "git-cvs-2.12.3-27.9.1.ppc64le",
"product_id": "git-cvs-2.12.3-27.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "git-daemon-2.12.3-27.9.1.ppc64le",
"product": {
"name": "git-daemon-2.12.3-27.9.1.ppc64le",
"product_id": "git-daemon-2.12.3-27.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "git-email-2.12.3-27.9.1.ppc64le",
"product": {
"name": "git-email-2.12.3-27.9.1.ppc64le",
"product_id": "git-email-2.12.3-27.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "git-gui-2.12.3-27.9.1.ppc64le",
"product": {
"name": "git-gui-2.12.3-27.9.1.ppc64le",
"product_id": "git-gui-2.12.3-27.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "git-svn-2.12.3-27.9.1.ppc64le",
"product": {
"name": "git-svn-2.12.3-27.9.1.ppc64le",
"product_id": "git-svn-2.12.3-27.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "git-web-2.12.3-27.9.1.ppc64le",
"product": {
"name": "git-web-2.12.3-27.9.1.ppc64le",
"product_id": "git-web-2.12.3-27.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gitk-2.12.3-27.9.1.ppc64le",
"product": {
"name": "gitk-2.12.3-27.9.1.ppc64le",
"product_id": "gitk-2.12.3-27.9.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "git-2.12.3-27.9.1.s390x",
"product": {
"name": "git-2.12.3-27.9.1.s390x",
"product_id": "git-2.12.3-27.9.1.s390x"
}
},
{
"category": "product_version",
"name": "git-arch-2.12.3-27.9.1.s390x",
"product": {
"name": "git-arch-2.12.3-27.9.1.s390x",
"product_id": "git-arch-2.12.3-27.9.1.s390x"
}
},
{
"category": "product_version",
"name": "git-core-2.12.3-27.9.1.s390x",
"product": {
"name": "git-core-2.12.3-27.9.1.s390x",
"product_id": "git-core-2.12.3-27.9.1.s390x"
}
},
{
"category": "product_version",
"name": "git-cvs-2.12.3-27.9.1.s390x",
"product": {
"name": "git-cvs-2.12.3-27.9.1.s390x",
"product_id": "git-cvs-2.12.3-27.9.1.s390x"
}
},
{
"category": "product_version",
"name": "git-daemon-2.12.3-27.9.1.s390x",
"product": {
"name": "git-daemon-2.12.3-27.9.1.s390x",
"product_id": "git-daemon-2.12.3-27.9.1.s390x"
}
},
{
"category": "product_version",
"name": "git-email-2.12.3-27.9.1.s390x",
"product": {
"name": "git-email-2.12.3-27.9.1.s390x",
"product_id": "git-email-2.12.3-27.9.1.s390x"
}
},
{
"category": "product_version",
"name": "git-gui-2.12.3-27.9.1.s390x",
"product": {
"name": "git-gui-2.12.3-27.9.1.s390x",
"product_id": "git-gui-2.12.3-27.9.1.s390x"
}
},
{
"category": "product_version",
"name": "git-svn-2.12.3-27.9.1.s390x",
"product": {
"name": "git-svn-2.12.3-27.9.1.s390x",
"product_id": "git-svn-2.12.3-27.9.1.s390x"
}
},
{
"category": "product_version",
"name": "git-web-2.12.3-27.9.1.s390x",
"product": {
"name": "git-web-2.12.3-27.9.1.s390x",
"product_id": "git-web-2.12.3-27.9.1.s390x"
}
},
{
"category": "product_version",
"name": "gitk-2.12.3-27.9.1.s390x",
"product": {
"name": "gitk-2.12.3-27.9.1.s390x",
"product_id": "gitk-2.12.3-27.9.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "git-core-2.12.3-27.9.1.x86_64",
"product": {
"name": "git-core-2.12.3-27.9.1.x86_64",
"product_id": "git-core-2.12.3-27.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "git-2.12.3-27.9.1.x86_64",
"product": {
"name": "git-2.12.3-27.9.1.x86_64",
"product_id": "git-2.12.3-27.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "git-arch-2.12.3-27.9.1.x86_64",
"product": {
"name": "git-arch-2.12.3-27.9.1.x86_64",
"product_id": "git-arch-2.12.3-27.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "git-cvs-2.12.3-27.9.1.x86_64",
"product": {
"name": "git-cvs-2.12.3-27.9.1.x86_64",
"product_id": "git-cvs-2.12.3-27.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "git-daemon-2.12.3-27.9.1.x86_64",
"product": {
"name": "git-daemon-2.12.3-27.9.1.x86_64",
"product_id": "git-daemon-2.12.3-27.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "git-email-2.12.3-27.9.1.x86_64",
"product": {
"name": "git-email-2.12.3-27.9.1.x86_64",
"product_id": "git-email-2.12.3-27.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "git-gui-2.12.3-27.9.1.x86_64",
"product": {
"name": "git-gui-2.12.3-27.9.1.x86_64",
"product_id": "git-gui-2.12.3-27.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "git-svn-2.12.3-27.9.1.x86_64",
"product": {
"name": "git-svn-2.12.3-27.9.1.x86_64",
"product_id": "git-svn-2.12.3-27.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "git-web-2.12.3-27.9.1.x86_64",
"product": {
"name": "git-web-2.12.3-27.9.1.x86_64",
"product_id": "git-web-2.12.3-27.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "gitk-2.12.3-27.9.1.x86_64",
"product": {
"name": "gitk-2.12.3-27.9.1.x86_64",
"product_id": "gitk-2.12.3-27.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 6",
"product": {
"name": "SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.12.3-27.9.1.x86_64 as component of SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6:git-core-2.12.3-27.9.1.x86_64"
},
"product_reference": "git-core-2.12.3-27.9.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-doc-2.12.3-27.9.1.noarch as component of SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6:git-doc-2.12.3-27.9.1.noarch"
},
"product_reference": "git-doc-2.12.3-27.9.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.12.3-27.9.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:git-core-2.12.3-27.9.1.aarch64"
},
"product_reference": "git-core-2.12.3-27.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-doc-2.12.3-27.9.1.noarch as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:git-doc-2.12.3-27.9.1.noarch"
},
"product_reference": "git-doc-2.12.3-27.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.12.3-27.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:git-core-2.12.3-27.9.1.ppc64le"
},
"product_reference": "git-core-2.12.3-27.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.12.3-27.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:git-core-2.12.3-27.9.1.x86_64"
},
"product_reference": "git-core-2.12.3-27.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-doc-2.12.3-27.9.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:git-doc-2.12.3-27.9.1.noarch"
},
"product_reference": "git-doc-2.12.3-27.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-2.12.3-27.9.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-2.12.3-27.9.1.aarch64"
},
"product_reference": "git-2.12.3-27.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-2.12.3-27.9.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-2.12.3-27.9.1.ppc64le"
},
"product_reference": "git-2.12.3-27.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-2.12.3-27.9.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-2.12.3-27.9.1.s390x"
},
"product_reference": "git-2.12.3-27.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-2.12.3-27.9.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-2.12.3-27.9.1.x86_64"
},
"product_reference": "git-2.12.3-27.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-arch-2.12.3-27.9.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-arch-2.12.3-27.9.1.aarch64"
},
"product_reference": "git-arch-2.12.3-27.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-arch-2.12.3-27.9.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-arch-2.12.3-27.9.1.ppc64le"
},
"product_reference": "git-arch-2.12.3-27.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-arch-2.12.3-27.9.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-arch-2.12.3-27.9.1.s390x"
},
"product_reference": "git-arch-2.12.3-27.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-arch-2.12.3-27.9.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-arch-2.12.3-27.9.1.x86_64"
},
"product_reference": "git-arch-2.12.3-27.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.12.3-27.9.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-core-2.12.3-27.9.1.aarch64"
},
"product_reference": "git-core-2.12.3-27.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.12.3-27.9.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-core-2.12.3-27.9.1.ppc64le"
},
"product_reference": "git-core-2.12.3-27.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.12.3-27.9.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-core-2.12.3-27.9.1.s390x"
},
"product_reference": "git-core-2.12.3-27.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.12.3-27.9.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-core-2.12.3-27.9.1.x86_64"
},
"product_reference": "git-core-2.12.3-27.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cvs-2.12.3-27.9.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-cvs-2.12.3-27.9.1.aarch64"
},
"product_reference": "git-cvs-2.12.3-27.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cvs-2.12.3-27.9.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-cvs-2.12.3-27.9.1.ppc64le"
},
"product_reference": "git-cvs-2.12.3-27.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cvs-2.12.3-27.9.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-cvs-2.12.3-27.9.1.s390x"
},
"product_reference": "git-cvs-2.12.3-27.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cvs-2.12.3-27.9.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-cvs-2.12.3-27.9.1.x86_64"
},
"product_reference": "git-cvs-2.12.3-27.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-daemon-2.12.3-27.9.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-daemon-2.12.3-27.9.1.aarch64"
},
"product_reference": "git-daemon-2.12.3-27.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-daemon-2.12.3-27.9.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-daemon-2.12.3-27.9.1.ppc64le"
},
"product_reference": "git-daemon-2.12.3-27.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-daemon-2.12.3-27.9.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-daemon-2.12.3-27.9.1.s390x"
},
"product_reference": "git-daemon-2.12.3-27.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-daemon-2.12.3-27.9.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-daemon-2.12.3-27.9.1.x86_64"
},
"product_reference": "git-daemon-2.12.3-27.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-doc-2.12.3-27.9.1.noarch as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-doc-2.12.3-27.9.1.noarch"
},
"product_reference": "git-doc-2.12.3-27.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-email-2.12.3-27.9.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-email-2.12.3-27.9.1.aarch64"
},
"product_reference": "git-email-2.12.3-27.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-email-2.12.3-27.9.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-email-2.12.3-27.9.1.ppc64le"
},
"product_reference": "git-email-2.12.3-27.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-email-2.12.3-27.9.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-email-2.12.3-27.9.1.s390x"
},
"product_reference": "git-email-2.12.3-27.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-email-2.12.3-27.9.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-email-2.12.3-27.9.1.x86_64"
},
"product_reference": "git-email-2.12.3-27.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-gui-2.12.3-27.9.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-gui-2.12.3-27.9.1.aarch64"
},
"product_reference": "git-gui-2.12.3-27.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-gui-2.12.3-27.9.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-gui-2.12.3-27.9.1.ppc64le"
},
"product_reference": "git-gui-2.12.3-27.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-gui-2.12.3-27.9.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-gui-2.12.3-27.9.1.s390x"
},
"product_reference": "git-gui-2.12.3-27.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-gui-2.12.3-27.9.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-gui-2.12.3-27.9.1.x86_64"
},
"product_reference": "git-gui-2.12.3-27.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-svn-2.12.3-27.9.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-svn-2.12.3-27.9.1.aarch64"
},
"product_reference": "git-svn-2.12.3-27.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-svn-2.12.3-27.9.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-svn-2.12.3-27.9.1.ppc64le"
},
"product_reference": "git-svn-2.12.3-27.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-svn-2.12.3-27.9.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-svn-2.12.3-27.9.1.s390x"
},
"product_reference": "git-svn-2.12.3-27.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-svn-2.12.3-27.9.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-svn-2.12.3-27.9.1.x86_64"
},
"product_reference": "git-svn-2.12.3-27.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-web-2.12.3-27.9.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-web-2.12.3-27.9.1.aarch64"
},
"product_reference": "git-web-2.12.3-27.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-web-2.12.3-27.9.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-web-2.12.3-27.9.1.ppc64le"
},
"product_reference": "git-web-2.12.3-27.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-web-2.12.3-27.9.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-web-2.12.3-27.9.1.s390x"
},
"product_reference": "git-web-2.12.3-27.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-web-2.12.3-27.9.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:git-web-2.12.3-27.9.1.x86_64"
},
"product_reference": "git-web-2.12.3-27.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gitk-2.12.3-27.9.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:gitk-2.12.3-27.9.1.aarch64"
},
"product_reference": "gitk-2.12.3-27.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gitk-2.12.3-27.9.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:gitk-2.12.3-27.9.1.ppc64le"
},
"product_reference": "gitk-2.12.3-27.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gitk-2.12.3-27.9.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:gitk-2.12.3-27.9.1.s390x"
},
"product_reference": "gitk-2.12.3-27.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gitk-2.12.3-27.9.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:gitk-2.12.3-27.9.1.x86_64"
},
"product_reference": "gitk-2.12.3-27.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-2.12.3-27.9.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-2.12.3-27.9.1.aarch64"
},
"product_reference": "git-2.12.3-27.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-2.12.3-27.9.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-2.12.3-27.9.1.ppc64le"
},
"product_reference": "git-2.12.3-27.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-2.12.3-27.9.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-2.12.3-27.9.1.s390x"
},
"product_reference": "git-2.12.3-27.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-2.12.3-27.9.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-2.12.3-27.9.1.x86_64"
},
"product_reference": "git-2.12.3-27.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-arch-2.12.3-27.9.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-arch-2.12.3-27.9.1.aarch64"
},
"product_reference": "git-arch-2.12.3-27.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-arch-2.12.3-27.9.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-arch-2.12.3-27.9.1.ppc64le"
},
"product_reference": "git-arch-2.12.3-27.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-arch-2.12.3-27.9.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-arch-2.12.3-27.9.1.s390x"
},
"product_reference": "git-arch-2.12.3-27.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-arch-2.12.3-27.9.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-arch-2.12.3-27.9.1.x86_64"
},
"product_reference": "git-arch-2.12.3-27.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.12.3-27.9.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-core-2.12.3-27.9.1.aarch64"
},
"product_reference": "git-core-2.12.3-27.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.12.3-27.9.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-core-2.12.3-27.9.1.ppc64le"
},
"product_reference": "git-core-2.12.3-27.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.12.3-27.9.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-core-2.12.3-27.9.1.s390x"
},
"product_reference": "git-core-2.12.3-27.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.12.3-27.9.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-core-2.12.3-27.9.1.x86_64"
},
"product_reference": "git-core-2.12.3-27.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cvs-2.12.3-27.9.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-cvs-2.12.3-27.9.1.aarch64"
},
"product_reference": "git-cvs-2.12.3-27.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cvs-2.12.3-27.9.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-cvs-2.12.3-27.9.1.ppc64le"
},
"product_reference": "git-cvs-2.12.3-27.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cvs-2.12.3-27.9.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-cvs-2.12.3-27.9.1.s390x"
},
"product_reference": "git-cvs-2.12.3-27.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cvs-2.12.3-27.9.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-cvs-2.12.3-27.9.1.x86_64"
},
"product_reference": "git-cvs-2.12.3-27.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-daemon-2.12.3-27.9.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-daemon-2.12.3-27.9.1.aarch64"
},
"product_reference": "git-daemon-2.12.3-27.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-daemon-2.12.3-27.9.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-daemon-2.12.3-27.9.1.ppc64le"
},
"product_reference": "git-daemon-2.12.3-27.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-daemon-2.12.3-27.9.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-daemon-2.12.3-27.9.1.s390x"
},
"product_reference": "git-daemon-2.12.3-27.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-daemon-2.12.3-27.9.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-daemon-2.12.3-27.9.1.x86_64"
},
"product_reference": "git-daemon-2.12.3-27.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-doc-2.12.3-27.9.1.noarch as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-doc-2.12.3-27.9.1.noarch"
},
"product_reference": "git-doc-2.12.3-27.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-email-2.12.3-27.9.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-email-2.12.3-27.9.1.aarch64"
},
"product_reference": "git-email-2.12.3-27.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-email-2.12.3-27.9.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-email-2.12.3-27.9.1.ppc64le"
},
"product_reference": "git-email-2.12.3-27.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-email-2.12.3-27.9.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-email-2.12.3-27.9.1.s390x"
},
"product_reference": "git-email-2.12.3-27.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-email-2.12.3-27.9.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-email-2.12.3-27.9.1.x86_64"
},
"product_reference": "git-email-2.12.3-27.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-gui-2.12.3-27.9.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-gui-2.12.3-27.9.1.aarch64"
},
"product_reference": "git-gui-2.12.3-27.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-gui-2.12.3-27.9.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-gui-2.12.3-27.9.1.ppc64le"
},
"product_reference": "git-gui-2.12.3-27.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-gui-2.12.3-27.9.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-gui-2.12.3-27.9.1.s390x"
},
"product_reference": "git-gui-2.12.3-27.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-gui-2.12.3-27.9.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-gui-2.12.3-27.9.1.x86_64"
},
"product_reference": "git-gui-2.12.3-27.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-svn-2.12.3-27.9.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-svn-2.12.3-27.9.1.aarch64"
},
"product_reference": "git-svn-2.12.3-27.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-svn-2.12.3-27.9.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-svn-2.12.3-27.9.1.ppc64le"
},
"product_reference": "git-svn-2.12.3-27.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-svn-2.12.3-27.9.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-svn-2.12.3-27.9.1.s390x"
},
"product_reference": "git-svn-2.12.3-27.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-svn-2.12.3-27.9.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-svn-2.12.3-27.9.1.x86_64"
},
"product_reference": "git-svn-2.12.3-27.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-web-2.12.3-27.9.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-web-2.12.3-27.9.1.aarch64"
},
"product_reference": "git-web-2.12.3-27.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-web-2.12.3-27.9.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-web-2.12.3-27.9.1.ppc64le"
},
"product_reference": "git-web-2.12.3-27.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-web-2.12.3-27.9.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-web-2.12.3-27.9.1.s390x"
},
"product_reference": "git-web-2.12.3-27.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-web-2.12.3-27.9.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:git-web-2.12.3-27.9.1.x86_64"
},
"product_reference": "git-web-2.12.3-27.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gitk-2.12.3-27.9.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:gitk-2.12.3-27.9.1.aarch64"
},
"product_reference": "gitk-2.12.3-27.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gitk-2.12.3-27.9.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:gitk-2.12.3-27.9.1.ppc64le"
},
"product_reference": "gitk-2.12.3-27.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gitk-2.12.3-27.9.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:gitk-2.12.3-27.9.1.s390x"
},
"product_reference": "gitk-2.12.3-27.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gitk-2.12.3-27.9.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:gitk-2.12.3-27.9.1.x86_64"
},
"product_reference": "gitk-2.12.3-27.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.12.3-27.9.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.9.1.ppc64le"
},
"product_reference": "git-core-2.12.3-27.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.12.3-27.9.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.9.1.s390x"
},
"product_reference": "git-core-2.12.3-27.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.12.3-27.9.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.9.1.x86_64"
},
"product_reference": "git-core-2.12.3-27.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-doc-2.12.3-27.9.1.noarch as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:git-doc-2.12.3-27.9.1.noarch"
},
"product_reference": "git-doc-2.12.3-27.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.12.3-27.9.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:git-core-2.12.3-27.9.1.aarch64"
},
"product_reference": "git-core-2.12.3-27.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.12.3-27.9.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:git-core-2.12.3-27.9.1.ppc64le"
},
"product_reference": "git-core-2.12.3-27.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.12.3-27.9.1.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:git-core-2.12.3-27.9.1.s390x"
},
"product_reference": "git-core-2.12.3-27.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.12.3-27.9.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:git-core-2.12.3-27.9.1.x86_64"
},
"product_reference": "git-core-2.12.3-27.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-doc-2.12.3-27.9.1.noarch as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:git-doc-2.12.3-27.9.1.noarch"
},
"product_reference": "git-doc-2.12.3-27.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.12.3-27.9.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.9.1.aarch64"
},
"product_reference": "git-core-2.12.3-27.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.12.3-27.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.9.1.ppc64le"
},
"product_reference": "git-core-2.12.3-27.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.12.3-27.9.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.9.1.s390x"
},
"product_reference": "git-core-2.12.3-27.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.12.3-27.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.9.1.x86_64"
},
"product_reference": "git-core-2.12.3-27.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-doc-2.12.3-27.9.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-doc-2.12.3-27.9.1.noarch"
},
"product_reference": "git-doc-2.12.3-27.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.12.3-27.9.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:git-core-2.12.3-27.9.1.aarch64"
},
"product_reference": "git-core-2.12.3-27.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.12.3-27.9.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:git-core-2.12.3-27.9.1.ppc64le"
},
"product_reference": "git-core-2.12.3-27.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.12.3-27.9.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:git-core-2.12.3-27.9.1.s390x"
},
"product_reference": "git-core-2.12.3-27.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.12.3-27.9.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:git-core-2.12.3-27.9.1.x86_64"
},
"product_reference": "git-core-2.12.3-27.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.12.3-27.9.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.9.1.aarch64"
},
"product_reference": "git-core-2.12.3-27.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.12.3-27.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.9.1.ppc64le"
},
"product_reference": "git-core-2.12.3-27.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.12.3-27.9.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.9.1.s390x"
},
"product_reference": "git-core-2.12.3-27.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.12.3-27.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.9.1.x86_64"
},
"product_reference": "git-core-2.12.3-27.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-14867",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-14867"
}
],
"notes": [
{
"category": "general",
"text": "Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:git-doc-2.12.3-27.9.1.noarch",
"SUSE Linux Enterprise Server 12 SP2:git-core-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:git-core-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:git-core-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:git-core-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:git-doc-2.12.3-27.9.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:git-core-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:git-core-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:git-core-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:git-core-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:git-core-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:git-doc-2.12.3-27.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:git-core-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:git-core-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:git-doc-2.12.3-27.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-doc-2.12.3-27.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-arch-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-arch-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-arch-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-arch-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-core-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-core-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-core-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-core-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-cvs-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-cvs-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-cvs-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-cvs-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-daemon-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-daemon-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-daemon-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-daemon-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-doc-2.12.3-27.9.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-email-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-email-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-email-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-email-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-gui-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-gui-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-gui-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-gui-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-svn-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-svn-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-svn-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-svn-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-web-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-web-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-web-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-web-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gitk-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gitk-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gitk-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gitk-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-arch-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-arch-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-arch-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-arch-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-core-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-core-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-core-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-core-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-cvs-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-cvs-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-cvs-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-cvs-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-daemon-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-daemon-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-daemon-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-daemon-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-doc-2.12.3-27.9.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-email-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-email-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-email-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-email-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-gui-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-gui-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-gui-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-gui-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-svn-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-svn-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-svn-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-svn-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-web-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-web-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-web-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-web-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:gitk-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:gitk-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:gitk-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:gitk-2.12.3-27.9.1.x86_64",
"SUSE OpenStack Cloud 6:git-core-2.12.3-27.9.1.x86_64",
"SUSE OpenStack Cloud 6:git-doc-2.12.3-27.9.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-14867",
"url": "https://www.suse.com/security/cve/CVE-2017-14867"
},
{
"category": "external",
"summary": "SUSE Bug 1060377 for CVE-2017-14867",
"url": "https://bugzilla.suse.com/1060377"
},
{
"category": "external",
"summary": "SUSE Bug 1060378 for CVE-2017-14867",
"url": "https://bugzilla.suse.com/1060378"
},
{
"category": "external",
"summary": "SUSE Bug 1061041 for CVE-2017-14867",
"url": "https://bugzilla.suse.com/1061041"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:git-doc-2.12.3-27.9.1.noarch",
"SUSE Linux Enterprise Server 12 SP2:git-core-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:git-core-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:git-core-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:git-core-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:git-doc-2.12.3-27.9.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:git-core-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:git-core-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:git-core-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:git-core-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:git-core-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:git-doc-2.12.3-27.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:git-core-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:git-core-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:git-doc-2.12.3-27.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-doc-2.12.3-27.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-arch-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-arch-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-arch-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-arch-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-core-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-core-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-core-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-core-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-cvs-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-cvs-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-cvs-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-cvs-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-daemon-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-daemon-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-daemon-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-daemon-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-doc-2.12.3-27.9.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-email-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-email-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-email-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-email-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-gui-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-gui-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-gui-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-gui-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-svn-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-svn-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-svn-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-svn-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-web-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-web-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-web-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-web-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gitk-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gitk-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gitk-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gitk-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-arch-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-arch-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-arch-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-arch-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-core-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-core-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-core-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-core-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-cvs-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-cvs-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-cvs-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-cvs-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-daemon-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-daemon-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-daemon-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-daemon-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-doc-2.12.3-27.9.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-email-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-email-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-email-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-email-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-gui-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-gui-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-gui-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-gui-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-svn-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-svn-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-svn-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-svn-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-web-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-web-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-web-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-web-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:gitk-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:gitk-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:gitk-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:gitk-2.12.3-27.9.1.x86_64",
"SUSE OpenStack Cloud 6:git-core-2.12.3-27.9.1.x86_64",
"SUSE OpenStack Cloud 6:git-doc-2.12.3-27.9.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:git-doc-2.12.3-27.9.1.noarch",
"SUSE Linux Enterprise Server 12 SP2:git-core-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:git-core-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:git-core-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:git-core-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:git-doc-2.12.3-27.9.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:git-core-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:git-core-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:git-core-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:git-core-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:git-core-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:git-doc-2.12.3-27.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:git-core-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:git-core-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:git-doc-2.12.3-27.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-doc-2.12.3-27.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-arch-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-arch-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-arch-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-arch-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-core-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-core-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-core-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-core-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-cvs-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-cvs-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-cvs-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-cvs-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-daemon-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-daemon-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-daemon-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-daemon-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-doc-2.12.3-27.9.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-email-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-email-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-email-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-email-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-gui-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-gui-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-gui-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-gui-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-svn-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-svn-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-svn-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-svn-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-web-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-web-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-web-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:git-web-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gitk-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gitk-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gitk-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gitk-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-arch-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-arch-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-arch-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-arch-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-core-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-core-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-core-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-core-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-cvs-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-cvs-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-cvs-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-cvs-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-daemon-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-daemon-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-daemon-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-daemon-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-doc-2.12.3-27.9.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-email-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-email-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-email-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-email-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-gui-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-gui-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-gui-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-gui-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-svn-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-svn-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-svn-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-svn-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-web-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-web-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-web-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:git-web-2.12.3-27.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:gitk-2.12.3-27.9.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:gitk-2.12.3-27.9.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:gitk-2.12.3-27.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:gitk-2.12.3-27.9.1.x86_64",
"SUSE OpenStack Cloud 6:git-core-2.12.3-27.9.1.x86_64",
"SUSE OpenStack Cloud 6:git-doc-2.12.3-27.9.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-10-17T11:38:17Z",
"details": "important"
}
],
"title": "CVE-2017-14867"
}
]
}
SUSE-SU-2017:2717-1
Vulnerability from csaf_suse - Published: 2017-10-12 14:32 - Updated: 2017-10-12 14:32Summary
Security update for git
Notes
Title of the patch
Security update for git
Description of the patch
This update for git fixes the following issues:
- CVE-2017-14867: A cvsserver perl script command injection was fixed (CVE-2017-14867, bsc#1061041):
Patchnames
sdksp4-git-13310,slestso13-git-13310
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for git",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for git fixes the following issues:\n\n- CVE-2017-14867: A cvsserver perl script command injection was fixed (CVE-2017-14867, bsc#1061041):\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sdksp4-git-13310,slestso13-git-13310",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2717-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:2717-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172717-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:2717-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-October/003294.html"
},
{
"category": "self",
"summary": "SUSE Bug 1061041",
"url": "https://bugzilla.suse.com/1061041"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-14867 page",
"url": "https://www.suse.com/security/cve/CVE-2017-14867/"
}
],
"title": "Security update for git",
"tracking": {
"current_release_date": "2017-10-12T14:32:28Z",
"generator": {
"date": "2017-10-12T14:32:28Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:2717-1",
"initial_release_date": "2017-10-12T14:32:28Z",
"revision_history": [
{
"date": "2017-10-12T14:32:28Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "git-1.7.12.4-0.18.6.1.i586",
"product": {
"name": "git-1.7.12.4-0.18.6.1.i586",
"product_id": "git-1.7.12.4-0.18.6.1.i586"
}
},
{
"category": "product_version",
"name": "git-arch-1.7.12.4-0.18.6.1.i586",
"product": {
"name": "git-arch-1.7.12.4-0.18.6.1.i586",
"product_id": "git-arch-1.7.12.4-0.18.6.1.i586"
}
},
{
"category": "product_version",
"name": "git-core-1.7.12.4-0.18.6.1.i586",
"product": {
"name": "git-core-1.7.12.4-0.18.6.1.i586",
"product_id": "git-core-1.7.12.4-0.18.6.1.i586"
}
},
{
"category": "product_version",
"name": "git-cvs-1.7.12.4-0.18.6.1.i586",
"product": {
"name": "git-cvs-1.7.12.4-0.18.6.1.i586",
"product_id": "git-cvs-1.7.12.4-0.18.6.1.i586"
}
},
{
"category": "product_version",
"name": "git-daemon-1.7.12.4-0.18.6.1.i586",
"product": {
"name": "git-daemon-1.7.12.4-0.18.6.1.i586",
"product_id": "git-daemon-1.7.12.4-0.18.6.1.i586"
}
},
{
"category": "product_version",
"name": "git-email-1.7.12.4-0.18.6.1.i586",
"product": {
"name": "git-email-1.7.12.4-0.18.6.1.i586",
"product_id": "git-email-1.7.12.4-0.18.6.1.i586"
}
},
{
"category": "product_version",
"name": "git-gui-1.7.12.4-0.18.6.1.i586",
"product": {
"name": "git-gui-1.7.12.4-0.18.6.1.i586",
"product_id": "git-gui-1.7.12.4-0.18.6.1.i586"
}
},
{
"category": "product_version",
"name": "git-svn-1.7.12.4-0.18.6.1.i586",
"product": {
"name": "git-svn-1.7.12.4-0.18.6.1.i586",
"product_id": "git-svn-1.7.12.4-0.18.6.1.i586"
}
},
{
"category": "product_version",
"name": "git-web-1.7.12.4-0.18.6.1.i586",
"product": {
"name": "git-web-1.7.12.4-0.18.6.1.i586",
"product_id": "git-web-1.7.12.4-0.18.6.1.i586"
}
},
{
"category": "product_version",
"name": "gitk-1.7.12.4-0.18.6.1.i586",
"product": {
"name": "gitk-1.7.12.4-0.18.6.1.i586",
"product_id": "gitk-1.7.12.4-0.18.6.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "git-1.7.12.4-0.18.6.1.ia64",
"product": {
"name": "git-1.7.12.4-0.18.6.1.ia64",
"product_id": "git-1.7.12.4-0.18.6.1.ia64"
}
},
{
"category": "product_version",
"name": "git-arch-1.7.12.4-0.18.6.1.ia64",
"product": {
"name": "git-arch-1.7.12.4-0.18.6.1.ia64",
"product_id": "git-arch-1.7.12.4-0.18.6.1.ia64"
}
},
{
"category": "product_version",
"name": "git-core-1.7.12.4-0.18.6.1.ia64",
"product": {
"name": "git-core-1.7.12.4-0.18.6.1.ia64",
"product_id": "git-core-1.7.12.4-0.18.6.1.ia64"
}
},
{
"category": "product_version",
"name": "git-cvs-1.7.12.4-0.18.6.1.ia64",
"product": {
"name": "git-cvs-1.7.12.4-0.18.6.1.ia64",
"product_id": "git-cvs-1.7.12.4-0.18.6.1.ia64"
}
},
{
"category": "product_version",
"name": "git-daemon-1.7.12.4-0.18.6.1.ia64",
"product": {
"name": "git-daemon-1.7.12.4-0.18.6.1.ia64",
"product_id": "git-daemon-1.7.12.4-0.18.6.1.ia64"
}
},
{
"category": "product_version",
"name": "git-email-1.7.12.4-0.18.6.1.ia64",
"product": {
"name": "git-email-1.7.12.4-0.18.6.1.ia64",
"product_id": "git-email-1.7.12.4-0.18.6.1.ia64"
}
},
{
"category": "product_version",
"name": "git-gui-1.7.12.4-0.18.6.1.ia64",
"product": {
"name": "git-gui-1.7.12.4-0.18.6.1.ia64",
"product_id": "git-gui-1.7.12.4-0.18.6.1.ia64"
}
},
{
"category": "product_version",
"name": "git-svn-1.7.12.4-0.18.6.1.ia64",
"product": {
"name": "git-svn-1.7.12.4-0.18.6.1.ia64",
"product_id": "git-svn-1.7.12.4-0.18.6.1.ia64"
}
},
{
"category": "product_version",
"name": "git-web-1.7.12.4-0.18.6.1.ia64",
"product": {
"name": "git-web-1.7.12.4-0.18.6.1.ia64",
"product_id": "git-web-1.7.12.4-0.18.6.1.ia64"
}
},
{
"category": "product_version",
"name": "gitk-1.7.12.4-0.18.6.1.ia64",
"product": {
"name": "gitk-1.7.12.4-0.18.6.1.ia64",
"product_id": "gitk-1.7.12.4-0.18.6.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "git-1.7.12.4-0.18.6.1.ppc64",
"product": {
"name": "git-1.7.12.4-0.18.6.1.ppc64",
"product_id": "git-1.7.12.4-0.18.6.1.ppc64"
}
},
{
"category": "product_version",
"name": "git-arch-1.7.12.4-0.18.6.1.ppc64",
"product": {
"name": "git-arch-1.7.12.4-0.18.6.1.ppc64",
"product_id": "git-arch-1.7.12.4-0.18.6.1.ppc64"
}
},
{
"category": "product_version",
"name": "git-core-1.7.12.4-0.18.6.1.ppc64",
"product": {
"name": "git-core-1.7.12.4-0.18.6.1.ppc64",
"product_id": "git-core-1.7.12.4-0.18.6.1.ppc64"
}
},
{
"category": "product_version",
"name": "git-cvs-1.7.12.4-0.18.6.1.ppc64",
"product": {
"name": "git-cvs-1.7.12.4-0.18.6.1.ppc64",
"product_id": "git-cvs-1.7.12.4-0.18.6.1.ppc64"
}
},
{
"category": "product_version",
"name": "git-daemon-1.7.12.4-0.18.6.1.ppc64",
"product": {
"name": "git-daemon-1.7.12.4-0.18.6.1.ppc64",
"product_id": "git-daemon-1.7.12.4-0.18.6.1.ppc64"
}
},
{
"category": "product_version",
"name": "git-email-1.7.12.4-0.18.6.1.ppc64",
"product": {
"name": "git-email-1.7.12.4-0.18.6.1.ppc64",
"product_id": "git-email-1.7.12.4-0.18.6.1.ppc64"
}
},
{
"category": "product_version",
"name": "git-gui-1.7.12.4-0.18.6.1.ppc64",
"product": {
"name": "git-gui-1.7.12.4-0.18.6.1.ppc64",
"product_id": "git-gui-1.7.12.4-0.18.6.1.ppc64"
}
},
{
"category": "product_version",
"name": "git-svn-1.7.12.4-0.18.6.1.ppc64",
"product": {
"name": "git-svn-1.7.12.4-0.18.6.1.ppc64",
"product_id": "git-svn-1.7.12.4-0.18.6.1.ppc64"
}
},
{
"category": "product_version",
"name": "git-web-1.7.12.4-0.18.6.1.ppc64",
"product": {
"name": "git-web-1.7.12.4-0.18.6.1.ppc64",
"product_id": "git-web-1.7.12.4-0.18.6.1.ppc64"
}
},
{
"category": "product_version",
"name": "gitk-1.7.12.4-0.18.6.1.ppc64",
"product": {
"name": "gitk-1.7.12.4-0.18.6.1.ppc64",
"product_id": "gitk-1.7.12.4-0.18.6.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "git-1.7.12.4-0.18.6.1.s390x",
"product": {
"name": "git-1.7.12.4-0.18.6.1.s390x",
"product_id": "git-1.7.12.4-0.18.6.1.s390x"
}
},
{
"category": "product_version",
"name": "git-arch-1.7.12.4-0.18.6.1.s390x",
"product": {
"name": "git-arch-1.7.12.4-0.18.6.1.s390x",
"product_id": "git-arch-1.7.12.4-0.18.6.1.s390x"
}
},
{
"category": "product_version",
"name": "git-core-1.7.12.4-0.18.6.1.s390x",
"product": {
"name": "git-core-1.7.12.4-0.18.6.1.s390x",
"product_id": "git-core-1.7.12.4-0.18.6.1.s390x"
}
},
{
"category": "product_version",
"name": "git-cvs-1.7.12.4-0.18.6.1.s390x",
"product": {
"name": "git-cvs-1.7.12.4-0.18.6.1.s390x",
"product_id": "git-cvs-1.7.12.4-0.18.6.1.s390x"
}
},
{
"category": "product_version",
"name": "git-daemon-1.7.12.4-0.18.6.1.s390x",
"product": {
"name": "git-daemon-1.7.12.4-0.18.6.1.s390x",
"product_id": "git-daemon-1.7.12.4-0.18.6.1.s390x"
}
},
{
"category": "product_version",
"name": "git-email-1.7.12.4-0.18.6.1.s390x",
"product": {
"name": "git-email-1.7.12.4-0.18.6.1.s390x",
"product_id": "git-email-1.7.12.4-0.18.6.1.s390x"
}
},
{
"category": "product_version",
"name": "git-gui-1.7.12.4-0.18.6.1.s390x",
"product": {
"name": "git-gui-1.7.12.4-0.18.6.1.s390x",
"product_id": "git-gui-1.7.12.4-0.18.6.1.s390x"
}
},
{
"category": "product_version",
"name": "git-svn-1.7.12.4-0.18.6.1.s390x",
"product": {
"name": "git-svn-1.7.12.4-0.18.6.1.s390x",
"product_id": "git-svn-1.7.12.4-0.18.6.1.s390x"
}
},
{
"category": "product_version",
"name": "git-web-1.7.12.4-0.18.6.1.s390x",
"product": {
"name": "git-web-1.7.12.4-0.18.6.1.s390x",
"product_id": "git-web-1.7.12.4-0.18.6.1.s390x"
}
},
{
"category": "product_version",
"name": "gitk-1.7.12.4-0.18.6.1.s390x",
"product": {
"name": "gitk-1.7.12.4-0.18.6.1.s390x",
"product_id": "gitk-1.7.12.4-0.18.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "git-1.7.12.4-0.18.6.1.x86_64",
"product": {
"name": "git-1.7.12.4-0.18.6.1.x86_64",
"product_id": "git-1.7.12.4-0.18.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "git-arch-1.7.12.4-0.18.6.1.x86_64",
"product": {
"name": "git-arch-1.7.12.4-0.18.6.1.x86_64",
"product_id": "git-arch-1.7.12.4-0.18.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "git-core-1.7.12.4-0.18.6.1.x86_64",
"product": {
"name": "git-core-1.7.12.4-0.18.6.1.x86_64",
"product_id": "git-core-1.7.12.4-0.18.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "git-cvs-1.7.12.4-0.18.6.1.x86_64",
"product": {
"name": "git-cvs-1.7.12.4-0.18.6.1.x86_64",
"product_id": "git-cvs-1.7.12.4-0.18.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "git-daemon-1.7.12.4-0.18.6.1.x86_64",
"product": {
"name": "git-daemon-1.7.12.4-0.18.6.1.x86_64",
"product_id": "git-daemon-1.7.12.4-0.18.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "git-email-1.7.12.4-0.18.6.1.x86_64",
"product": {
"name": "git-email-1.7.12.4-0.18.6.1.x86_64",
"product_id": "git-email-1.7.12.4-0.18.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "git-gui-1.7.12.4-0.18.6.1.x86_64",
"product": {
"name": "git-gui-1.7.12.4-0.18.6.1.x86_64",
"product_id": "git-gui-1.7.12.4-0.18.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "git-svn-1.7.12.4-0.18.6.1.x86_64",
"product": {
"name": "git-svn-1.7.12.4-0.18.6.1.x86_64",
"product_id": "git-svn-1.7.12.4-0.18.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "git-web-1.7.12.4-0.18.6.1.x86_64",
"product": {
"name": "git-web-1.7.12.4-0.18.6.1.x86_64",
"product_id": "git-web-1.7.12.4-0.18.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "gitk-1.7.12.4-0.18.6.1.x86_64",
"product": {
"name": "gitk-1.7.12.4-0.18.6.1.x86_64",
"product_id": "gitk-1.7.12.4-0.18.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-sdk:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Studio Onsite 1.3",
"product": {
"name": "SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-studioonsite:1.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "git-1.7.12.4-0.18.6.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-1.7.12.4-0.18.6.1.i586"
},
"product_reference": "git-1.7.12.4-0.18.6.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-1.7.12.4-0.18.6.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-1.7.12.4-0.18.6.1.ia64"
},
"product_reference": "git-1.7.12.4-0.18.6.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-1.7.12.4-0.18.6.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-1.7.12.4-0.18.6.1.ppc64"
},
"product_reference": "git-1.7.12.4-0.18.6.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-1.7.12.4-0.18.6.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-1.7.12.4-0.18.6.1.s390x"
},
"product_reference": "git-1.7.12.4-0.18.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-1.7.12.4-0.18.6.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-1.7.12.4-0.18.6.1.x86_64"
},
"product_reference": "git-1.7.12.4-0.18.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-arch-1.7.12.4-0.18.6.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-arch-1.7.12.4-0.18.6.1.i586"
},
"product_reference": "git-arch-1.7.12.4-0.18.6.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-arch-1.7.12.4-0.18.6.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-arch-1.7.12.4-0.18.6.1.ia64"
},
"product_reference": "git-arch-1.7.12.4-0.18.6.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-arch-1.7.12.4-0.18.6.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-arch-1.7.12.4-0.18.6.1.ppc64"
},
"product_reference": "git-arch-1.7.12.4-0.18.6.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-arch-1.7.12.4-0.18.6.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-arch-1.7.12.4-0.18.6.1.s390x"
},
"product_reference": "git-arch-1.7.12.4-0.18.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-arch-1.7.12.4-0.18.6.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-arch-1.7.12.4-0.18.6.1.x86_64"
},
"product_reference": "git-arch-1.7.12.4-0.18.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-1.7.12.4-0.18.6.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-core-1.7.12.4-0.18.6.1.i586"
},
"product_reference": "git-core-1.7.12.4-0.18.6.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-1.7.12.4-0.18.6.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-core-1.7.12.4-0.18.6.1.ia64"
},
"product_reference": "git-core-1.7.12.4-0.18.6.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-1.7.12.4-0.18.6.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-core-1.7.12.4-0.18.6.1.ppc64"
},
"product_reference": "git-core-1.7.12.4-0.18.6.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-1.7.12.4-0.18.6.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-core-1.7.12.4-0.18.6.1.s390x"
},
"product_reference": "git-core-1.7.12.4-0.18.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-1.7.12.4-0.18.6.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-core-1.7.12.4-0.18.6.1.x86_64"
},
"product_reference": "git-core-1.7.12.4-0.18.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cvs-1.7.12.4-0.18.6.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-cvs-1.7.12.4-0.18.6.1.i586"
},
"product_reference": "git-cvs-1.7.12.4-0.18.6.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cvs-1.7.12.4-0.18.6.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-cvs-1.7.12.4-0.18.6.1.ia64"
},
"product_reference": "git-cvs-1.7.12.4-0.18.6.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cvs-1.7.12.4-0.18.6.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-cvs-1.7.12.4-0.18.6.1.ppc64"
},
"product_reference": "git-cvs-1.7.12.4-0.18.6.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cvs-1.7.12.4-0.18.6.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-cvs-1.7.12.4-0.18.6.1.s390x"
},
"product_reference": "git-cvs-1.7.12.4-0.18.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cvs-1.7.12.4-0.18.6.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-cvs-1.7.12.4-0.18.6.1.x86_64"
},
"product_reference": "git-cvs-1.7.12.4-0.18.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-daemon-1.7.12.4-0.18.6.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-daemon-1.7.12.4-0.18.6.1.i586"
},
"product_reference": "git-daemon-1.7.12.4-0.18.6.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-daemon-1.7.12.4-0.18.6.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-daemon-1.7.12.4-0.18.6.1.ia64"
},
"product_reference": "git-daemon-1.7.12.4-0.18.6.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-daemon-1.7.12.4-0.18.6.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-daemon-1.7.12.4-0.18.6.1.ppc64"
},
"product_reference": "git-daemon-1.7.12.4-0.18.6.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-daemon-1.7.12.4-0.18.6.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-daemon-1.7.12.4-0.18.6.1.s390x"
},
"product_reference": "git-daemon-1.7.12.4-0.18.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-daemon-1.7.12.4-0.18.6.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-daemon-1.7.12.4-0.18.6.1.x86_64"
},
"product_reference": "git-daemon-1.7.12.4-0.18.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-email-1.7.12.4-0.18.6.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-email-1.7.12.4-0.18.6.1.i586"
},
"product_reference": "git-email-1.7.12.4-0.18.6.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-email-1.7.12.4-0.18.6.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-email-1.7.12.4-0.18.6.1.ia64"
},
"product_reference": "git-email-1.7.12.4-0.18.6.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-email-1.7.12.4-0.18.6.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-email-1.7.12.4-0.18.6.1.ppc64"
},
"product_reference": "git-email-1.7.12.4-0.18.6.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-email-1.7.12.4-0.18.6.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-email-1.7.12.4-0.18.6.1.s390x"
},
"product_reference": "git-email-1.7.12.4-0.18.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-email-1.7.12.4-0.18.6.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-email-1.7.12.4-0.18.6.1.x86_64"
},
"product_reference": "git-email-1.7.12.4-0.18.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-gui-1.7.12.4-0.18.6.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-gui-1.7.12.4-0.18.6.1.i586"
},
"product_reference": "git-gui-1.7.12.4-0.18.6.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-gui-1.7.12.4-0.18.6.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-gui-1.7.12.4-0.18.6.1.ia64"
},
"product_reference": "git-gui-1.7.12.4-0.18.6.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-gui-1.7.12.4-0.18.6.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-gui-1.7.12.4-0.18.6.1.ppc64"
},
"product_reference": "git-gui-1.7.12.4-0.18.6.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-gui-1.7.12.4-0.18.6.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-gui-1.7.12.4-0.18.6.1.s390x"
},
"product_reference": "git-gui-1.7.12.4-0.18.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-gui-1.7.12.4-0.18.6.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-gui-1.7.12.4-0.18.6.1.x86_64"
},
"product_reference": "git-gui-1.7.12.4-0.18.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-svn-1.7.12.4-0.18.6.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-svn-1.7.12.4-0.18.6.1.i586"
},
"product_reference": "git-svn-1.7.12.4-0.18.6.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-svn-1.7.12.4-0.18.6.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-svn-1.7.12.4-0.18.6.1.ia64"
},
"product_reference": "git-svn-1.7.12.4-0.18.6.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-svn-1.7.12.4-0.18.6.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-svn-1.7.12.4-0.18.6.1.ppc64"
},
"product_reference": "git-svn-1.7.12.4-0.18.6.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-svn-1.7.12.4-0.18.6.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-svn-1.7.12.4-0.18.6.1.s390x"
},
"product_reference": "git-svn-1.7.12.4-0.18.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-svn-1.7.12.4-0.18.6.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-svn-1.7.12.4-0.18.6.1.x86_64"
},
"product_reference": "git-svn-1.7.12.4-0.18.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-web-1.7.12.4-0.18.6.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-web-1.7.12.4-0.18.6.1.i586"
},
"product_reference": "git-web-1.7.12.4-0.18.6.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-web-1.7.12.4-0.18.6.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-web-1.7.12.4-0.18.6.1.ia64"
},
"product_reference": "git-web-1.7.12.4-0.18.6.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-web-1.7.12.4-0.18.6.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-web-1.7.12.4-0.18.6.1.ppc64"
},
"product_reference": "git-web-1.7.12.4-0.18.6.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-web-1.7.12.4-0.18.6.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-web-1.7.12.4-0.18.6.1.s390x"
},
"product_reference": "git-web-1.7.12.4-0.18.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-web-1.7.12.4-0.18.6.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:git-web-1.7.12.4-0.18.6.1.x86_64"
},
"product_reference": "git-web-1.7.12.4-0.18.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gitk-1.7.12.4-0.18.6.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:gitk-1.7.12.4-0.18.6.1.i586"
},
"product_reference": "gitk-1.7.12.4-0.18.6.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gitk-1.7.12.4-0.18.6.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:gitk-1.7.12.4-0.18.6.1.ia64"
},
"product_reference": "gitk-1.7.12.4-0.18.6.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gitk-1.7.12.4-0.18.6.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:gitk-1.7.12.4-0.18.6.1.ppc64"
},
"product_reference": "gitk-1.7.12.4-0.18.6.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gitk-1.7.12.4-0.18.6.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:gitk-1.7.12.4-0.18.6.1.s390x"
},
"product_reference": "gitk-1.7.12.4-0.18.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gitk-1.7.12.4-0.18.6.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:gitk-1.7.12.4-0.18.6.1.x86_64"
},
"product_reference": "gitk-1.7.12.4-0.18.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-1.7.12.4-0.18.6.1.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:git-1.7.12.4-0.18.6.1.x86_64"
},
"product_reference": "git-1.7.12.4-0.18.6.1.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-1.7.12.4-0.18.6.1.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:git-core-1.7.12.4-0.18.6.1.x86_64"
},
"product_reference": "git-core-1.7.12.4-0.18.6.1.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-14867",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-14867"
}
],
"notes": [
{
"category": "general",
"text": "Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-1.7.12.4-0.18.6.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-1.7.12.4-0.18.6.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-1.7.12.4-0.18.6.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-1.7.12.4-0.18.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-1.7.12.4-0.18.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-arch-1.7.12.4-0.18.6.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-arch-1.7.12.4-0.18.6.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-arch-1.7.12.4-0.18.6.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-arch-1.7.12.4-0.18.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-arch-1.7.12.4-0.18.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-core-1.7.12.4-0.18.6.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-core-1.7.12.4-0.18.6.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-core-1.7.12.4-0.18.6.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-core-1.7.12.4-0.18.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-core-1.7.12.4-0.18.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-cvs-1.7.12.4-0.18.6.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-cvs-1.7.12.4-0.18.6.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-cvs-1.7.12.4-0.18.6.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-cvs-1.7.12.4-0.18.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-cvs-1.7.12.4-0.18.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-daemon-1.7.12.4-0.18.6.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-daemon-1.7.12.4-0.18.6.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-daemon-1.7.12.4-0.18.6.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-daemon-1.7.12.4-0.18.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-daemon-1.7.12.4-0.18.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-email-1.7.12.4-0.18.6.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-email-1.7.12.4-0.18.6.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-email-1.7.12.4-0.18.6.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-email-1.7.12.4-0.18.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-email-1.7.12.4-0.18.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-gui-1.7.12.4-0.18.6.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-gui-1.7.12.4-0.18.6.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-gui-1.7.12.4-0.18.6.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-gui-1.7.12.4-0.18.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-gui-1.7.12.4-0.18.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-svn-1.7.12.4-0.18.6.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-svn-1.7.12.4-0.18.6.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-svn-1.7.12.4-0.18.6.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-svn-1.7.12.4-0.18.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-svn-1.7.12.4-0.18.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-web-1.7.12.4-0.18.6.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-web-1.7.12.4-0.18.6.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-web-1.7.12.4-0.18.6.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-web-1.7.12.4-0.18.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-web-1.7.12.4-0.18.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:gitk-1.7.12.4-0.18.6.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:gitk-1.7.12.4-0.18.6.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:gitk-1.7.12.4-0.18.6.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:gitk-1.7.12.4-0.18.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:gitk-1.7.12.4-0.18.6.1.x86_64",
"SUSE Studio Onsite 1.3:git-1.7.12.4-0.18.6.1.x86_64",
"SUSE Studio Onsite 1.3:git-core-1.7.12.4-0.18.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-14867",
"url": "https://www.suse.com/security/cve/CVE-2017-14867"
},
{
"category": "external",
"summary": "SUSE Bug 1060377 for CVE-2017-14867",
"url": "https://bugzilla.suse.com/1060377"
},
{
"category": "external",
"summary": "SUSE Bug 1060378 for CVE-2017-14867",
"url": "https://bugzilla.suse.com/1060378"
},
{
"category": "external",
"summary": "SUSE Bug 1061041 for CVE-2017-14867",
"url": "https://bugzilla.suse.com/1061041"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-1.7.12.4-0.18.6.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-1.7.12.4-0.18.6.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-1.7.12.4-0.18.6.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-1.7.12.4-0.18.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-1.7.12.4-0.18.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-arch-1.7.12.4-0.18.6.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-arch-1.7.12.4-0.18.6.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-arch-1.7.12.4-0.18.6.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-arch-1.7.12.4-0.18.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-arch-1.7.12.4-0.18.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-core-1.7.12.4-0.18.6.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-core-1.7.12.4-0.18.6.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-core-1.7.12.4-0.18.6.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-core-1.7.12.4-0.18.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-core-1.7.12.4-0.18.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-cvs-1.7.12.4-0.18.6.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-cvs-1.7.12.4-0.18.6.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-cvs-1.7.12.4-0.18.6.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-cvs-1.7.12.4-0.18.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-cvs-1.7.12.4-0.18.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-daemon-1.7.12.4-0.18.6.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-daemon-1.7.12.4-0.18.6.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-daemon-1.7.12.4-0.18.6.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-daemon-1.7.12.4-0.18.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-daemon-1.7.12.4-0.18.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-email-1.7.12.4-0.18.6.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-email-1.7.12.4-0.18.6.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-email-1.7.12.4-0.18.6.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-email-1.7.12.4-0.18.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-email-1.7.12.4-0.18.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-gui-1.7.12.4-0.18.6.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-gui-1.7.12.4-0.18.6.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-gui-1.7.12.4-0.18.6.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-gui-1.7.12.4-0.18.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-gui-1.7.12.4-0.18.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-svn-1.7.12.4-0.18.6.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-svn-1.7.12.4-0.18.6.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-svn-1.7.12.4-0.18.6.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-svn-1.7.12.4-0.18.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-svn-1.7.12.4-0.18.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-web-1.7.12.4-0.18.6.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-web-1.7.12.4-0.18.6.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-web-1.7.12.4-0.18.6.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-web-1.7.12.4-0.18.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-web-1.7.12.4-0.18.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:gitk-1.7.12.4-0.18.6.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:gitk-1.7.12.4-0.18.6.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:gitk-1.7.12.4-0.18.6.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:gitk-1.7.12.4-0.18.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:gitk-1.7.12.4-0.18.6.1.x86_64",
"SUSE Studio Onsite 1.3:git-1.7.12.4-0.18.6.1.x86_64",
"SUSE Studio Onsite 1.3:git-core-1.7.12.4-0.18.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-1.7.12.4-0.18.6.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-1.7.12.4-0.18.6.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-1.7.12.4-0.18.6.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-1.7.12.4-0.18.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-1.7.12.4-0.18.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-arch-1.7.12.4-0.18.6.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-arch-1.7.12.4-0.18.6.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-arch-1.7.12.4-0.18.6.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-arch-1.7.12.4-0.18.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-arch-1.7.12.4-0.18.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-core-1.7.12.4-0.18.6.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-core-1.7.12.4-0.18.6.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-core-1.7.12.4-0.18.6.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-core-1.7.12.4-0.18.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-core-1.7.12.4-0.18.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-cvs-1.7.12.4-0.18.6.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-cvs-1.7.12.4-0.18.6.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-cvs-1.7.12.4-0.18.6.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-cvs-1.7.12.4-0.18.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-cvs-1.7.12.4-0.18.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-daemon-1.7.12.4-0.18.6.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-daemon-1.7.12.4-0.18.6.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-daemon-1.7.12.4-0.18.6.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-daemon-1.7.12.4-0.18.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-daemon-1.7.12.4-0.18.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-email-1.7.12.4-0.18.6.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-email-1.7.12.4-0.18.6.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-email-1.7.12.4-0.18.6.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-email-1.7.12.4-0.18.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-email-1.7.12.4-0.18.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-gui-1.7.12.4-0.18.6.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-gui-1.7.12.4-0.18.6.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-gui-1.7.12.4-0.18.6.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-gui-1.7.12.4-0.18.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-gui-1.7.12.4-0.18.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-svn-1.7.12.4-0.18.6.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-svn-1.7.12.4-0.18.6.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-svn-1.7.12.4-0.18.6.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-svn-1.7.12.4-0.18.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-svn-1.7.12.4-0.18.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-web-1.7.12.4-0.18.6.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-web-1.7.12.4-0.18.6.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-web-1.7.12.4-0.18.6.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-web-1.7.12.4-0.18.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:git-web-1.7.12.4-0.18.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:gitk-1.7.12.4-0.18.6.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:gitk-1.7.12.4-0.18.6.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:gitk-1.7.12.4-0.18.6.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:gitk-1.7.12.4-0.18.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:gitk-1.7.12.4-0.18.6.1.x86_64",
"SUSE Studio Onsite 1.3:git-1.7.12.4-0.18.6.1.x86_64",
"SUSE Studio Onsite 1.3:git-core-1.7.12.4-0.18.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-10-12T14:32:28Z",
"details": "important"
}
],
"title": "CVE-2017-14867"
}
]
}
SUSE-SU-2025:20049-1
Vulnerability from csaf_suse - Published: 2025-02-03 08:55 - Updated: 2025-02-03 08:55Summary
Security update for git
Notes
Title of the patch
Security update for git
Description of the patch
This update for git fixes the following issues:
git was updated to 2.45.1:
* CVE-2024-32002: recursive clones on case-insensitive
filesystems that support symbolic links are susceptible to case
confusion (bsc#1224168)
* CVE-2024-32004: arbitrary code execution during local clones
(bsc#1224170)
* CVE-2024-32020: file overwriting vulnerability during local
clones (bsc#1224171)
* CVE-2024-32021: git may create hardlinks to arbitrary user-
readable files (bsc#1224172)
* CVE-2024-32465: arbitrary code execution during clone operations
(bsc#1224173)
Update to 2.45.0:
* Improved efficiency managing repositories with many references
("git init --ref-format=reftable")
* "git checkout -p" and friends learned that that "@" is a
synonym for "HEAD"
* cli improvements handling refs
* Expanded a number of commands and options, UI improvements
* status.showUntrackedFiles now accepts "true"
* git-cherry-pick(1) now automatically drops redundant commits
with new --empty option
* The userdiff patterns for C# has been updated.
Update to 2.44.0:
* "git checkout -B <branch>" now longer allows switching to a
branch that is in use on another worktree. The users need to
use "--ignore-other-worktrees" option.
* Faster server-side rebases with git replay
* Faster pack generation with multi-pack reuse
* rebase auto-squashing now works in non-interactive mode
* pathspec now understands attr, e.g. ':(attr:~binary) for
selecting non-binaries, or builtin_objectmode for selecting
items by file mode or other properties
* Many other cli UI and internal improvements and extensions
- Do not replace apparmor configuration, fixes bsc#1216545
Update to 2.43.2:
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.2.txt
* Update to a new feature recently added, "git show-ref --exists".
* Rename detection logic ignored the final line of a file if it
is an incomplete line.
* "git diff --no-rename A B" did not disable rename detection but
did not trigger an error from the command line parser.
* "git diff --no-index file1 file2" segfaulted while invoking the
external diff driver, which has been corrected.
* A failed "git tag -s" did not necessarily result in an error
depending on the crypto backend, which has been corrected.
* "git stash" sometimes was silent even when it failed due to
unwritable index file, which has been corrected.
* Recent conversion to allow more than 0/1 in GIT_FLUSH broke the
mechanism by flipping what yes/no means by mistake, which has
been corrected.
Update to 2.43.1:
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.1.txt
- gitweb AppArmor profile: allow reading etc/gitweb-common.conf
(bsc#1218664)
- git moved to /usr/libexec/git/git, update AppArmor profile
accordingly (bsc#1218588)
Update to 2.43.0:
* The "--rfc" option of "git format-patch" used to be a valid way to
override an earlier "--subject-prefix=<something>" on the command
line and replace it with "[RFC PATCH]", but from this release, it
merely prefixes the string "RFC " in front of the given subject
prefix. If you are negatively affected by this change, please use
"--subject-prefix=PATCH --rfc" as a replacement.
* In Git 2.42, "git rev-list --stdin" learned to take non-revisions
(like "--not") from the standard input, but the way such a "--not" was
handled was quite confusing, which has been rethought. The updated
rule is that "--not" given from the command line only affects revs
given from the command line that comes but not revs read from the
standard input, and "--not" read from the standard input affects
revs given from the standard input and not revs given from the
command line.
* A message written in olden time prevented a branch from getting
checked out, saying it is already checked out elsewhere. But these
days, we treat a branch that is being bisected or rebased just like
a branch that is checked out and protect it from getting modified
with the same codepath. The message has been rephrased to say that
the branch is "in use" to avoid confusion.
* Hourly and other schedules of "git maintenance" jobs are randomly
distributed now.
* "git cmd -h" learned to signal which options can be negated by
listing such options like "--[no-]opt".
* The way authentication related data other than passwords (e.g.,
oauth token and password expiration data) are stored in libsecret
keyrings has been rethought.
* Update the libsecret and wincred credential helpers to correctly
match which credential to erase; they erased the wrong entry in
some cases.
* Git GUI updates.
* "git format-patch" learned a new "--description-file" option that
lets cover letter description to be fed; this can be used on
detached HEAD where there is no branch description available, and
also can override the branch description if there is one.
* Use of the "--max-pack-size" option to allow multiple packfiles to
be created is now supported even when we are sending unreachable
objects to cruft packs.
* "git format-patch --rfc --subject-prefix=<foo>" used to ignore the
"--subject-prefix" option and used "[RFC PATCH]"; now we will add
"RFC" prefix to whatever subject prefix is specified.
* "git log --format" has been taught the %(decorate) placeholder for
further customization over what the "--decorate" option offers.
* The default log message created by "git revert", when reverting a
commit that records a revert, has been tweaked, to encourage people
to describe complex "revert of revert of revert" situations better in
their own words.
* The command-line completion support (in contrib/) learned to
complete "git commit --trailer=" for possible trailer keys.
* "git update-index" learned the "--show-index-version" option to
inspect the index format version used by the on-disk index file.
* "git diff" learned the "diff.statNameWidth" configuration variable,
to give the default width for the name part in the "--stat" output.
* "git range-diff --notes=foo" compared "log --notes=foo --notes" of
the two ranges, instead of using just the specified notes tree,
which has been corrected to use only the specified notes tree.
* The command line completion script (in contrib/) can be told to
complete aliases by including ": git <cmd> ;" in the alias to tell
it that the alias should be completed in a similar way to how "git
<cmd>" is completed. The parsing code for the alias has been
loosened to allow ';' without an extra space before it.
* "git for-each-ref" and friends learned to apply mailmap to
authorname and other fields in a more flexible way than using
separate placeholder letters like %a[eElL] every time we want to
come up with small variants.
* "git repack" machinery learned to pay attention to the "--filter="
option.
* "git repack" learned the "--max-cruft-size" option to prevent cruft
packs from growing without bounds.
* "git merge-tree" learned to take strategy backend specific options
via the "-X" option, like "git merge" does.
* "git log" and friends learned the "--dd" option that is a
short-hand for "--diff-merges=first-parent -p".
* The attribute subsystem learned to honor the "attr.tree"
configuration variable that specifies which tree to read the
.gitattributes files from.
* "git merge-file" learns a mode to read three variants of the
contents to be merged from blob objects.
* see https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.0.txt
Update 2.42.1:
* Fix "git diff" exit code handling
Patchnames
SUSE-SLE-Micro-6.0-48
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for git",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for git fixes the following issues:\n\ngit was updated to 2.45.1:\n\n * CVE-2024-32002: recursive clones on case-insensitive\n filesystems that support symbolic links are susceptible to case\n confusion (bsc#1224168)\n * CVE-2024-32004: arbitrary code execution during local clones\n (bsc#1224170)\n * CVE-2024-32020: file overwriting vulnerability during local\n clones (bsc#1224171)\n * CVE-2024-32021: git may create hardlinks to arbitrary user-\n readable files (bsc#1224172)\n * CVE-2024-32465: arbitrary code execution during clone operations\n (bsc#1224173)\n\nUpdate to 2.45.0:\n\n * Improved efficiency managing repositories with many references\n (\"git init --ref-format=reftable\")\n * \"git checkout -p\" and friends learned that that \"@\" is a\n synonym for \"HEAD\"\n * cli improvements handling refs\n * Expanded a number of commands and options, UI improvements\n * status.showUntrackedFiles now accepts \"true\"\n * git-cherry-pick(1) now automatically drops redundant commits\n with new --empty option\n * The userdiff patterns for C# has been updated.\n\nUpdate to 2.44.0:\n\n * \"git checkout -B \u003cbranch\u003e\" now longer allows switching to a\n branch that is in use on another worktree. The users need to\n use \"--ignore-other-worktrees\" option.\n * Faster server-side rebases with git replay\n * Faster pack generation with multi-pack reuse\n * rebase auto-squashing now works in non-interactive mode\n * pathspec now understands attr, e.g. \u0027:(attr:~binary) for\n selecting non-binaries, or builtin_objectmode for selecting\n items by file mode or other properties\n * Many other cli UI and internal improvements and extensions\n\n- Do not replace apparmor configuration, fixes bsc#1216545\n\nUpdate to 2.43.2:\n\n * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.2.txt\n * Update to a new feature recently added, \"git show-ref --exists\".\n * Rename detection logic ignored the final line of a file if it\n is an incomplete line.\n * \"git diff --no-rename A B\" did not disable rename detection but\n did not trigger an error from the command line parser.\n * \"git diff --no-index file1 file2\" segfaulted while invoking the\n external diff driver, which has been corrected.\n * A failed \"git tag -s\" did not necessarily result in an error\n depending on the crypto backend, which has been corrected.\n * \"git stash\" sometimes was silent even when it failed due to\n unwritable index file, which has been corrected.\n * Recent conversion to allow more than 0/1 in GIT_FLUSH broke the\n mechanism by flipping what yes/no means by mistake, which has\n been corrected.\n\nUpdate to 2.43.1:\n\n * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.1.txt\n\n- gitweb AppArmor profile: allow reading etc/gitweb-common.conf\n (bsc#1218664)\n\n- git moved to /usr/libexec/git/git, update AppArmor profile\n accordingly (bsc#1218588)\n\nUpdate to 2.43.0:\n\n * The \"--rfc\" option of \"git format-patch\" used to be a valid way to\n override an earlier \"--subject-prefix=\u003csomething\u003e\" on the command\n line and replace it with \"[RFC PATCH]\", but from this release, it\n merely prefixes the string \"RFC \" in front of the given subject\n prefix. If you are negatively affected by this change, please use\n \"--subject-prefix=PATCH --rfc\" as a replacement.\n * In Git 2.42, \"git rev-list --stdin\" learned to take non-revisions\n (like \"--not\") from the standard input, but the way such a \"--not\" was\n handled was quite confusing, which has been rethought. The updated\n rule is that \"--not\" given from the command line only affects revs\n given from the command line that comes but not revs read from the\n standard input, and \"--not\" read from the standard input affects\n revs given from the standard input and not revs given from the\n command line.\n * A message written in olden time prevented a branch from getting\n checked out, saying it is already checked out elsewhere. But these\n days, we treat a branch that is being bisected or rebased just like\n a branch that is checked out and protect it from getting modified\n with the same codepath. The message has been rephrased to say that\n the branch is \"in use\" to avoid confusion.\n * Hourly and other schedules of \"git maintenance\" jobs are randomly\n distributed now.\n * \"git cmd -h\" learned to signal which options can be negated by\n listing such options like \"--[no-]opt\".\n * The way authentication related data other than passwords (e.g.,\n oauth token and password expiration data) are stored in libsecret\n keyrings has been rethought.\n * Update the libsecret and wincred credential helpers to correctly\n match which credential to erase; they erased the wrong entry in\n some cases.\n * Git GUI updates.\n * \"git format-patch\" learned a new \"--description-file\" option that\n lets cover letter description to be fed; this can be used on\n detached HEAD where there is no branch description available, and\n also can override the branch description if there is one.\n * Use of the \"--max-pack-size\" option to allow multiple packfiles to\n be created is now supported even when we are sending unreachable\n objects to cruft packs.\n * \"git format-patch --rfc --subject-prefix=\u003cfoo\u003e\" used to ignore the\n \"--subject-prefix\" option and used \"[RFC PATCH]\"; now we will add\n \"RFC\" prefix to whatever subject prefix is specified.\n * \"git log --format\" has been taught the %(decorate) placeholder for\n further customization over what the \"--decorate\" option offers.\n * The default log message created by \"git revert\", when reverting a\n commit that records a revert, has been tweaked, to encourage people\n to describe complex \"revert of revert of revert\" situations better in\n their own words.\n * The command-line completion support (in contrib/) learned to\n complete \"git commit --trailer=\" for possible trailer keys.\n * \"git update-index\" learned the \"--show-index-version\" option to\n inspect the index format version used by the on-disk index file.\n * \"git diff\" learned the \"diff.statNameWidth\" configuration variable,\n to give the default width for the name part in the \"--stat\" output.\n * \"git range-diff --notes=foo\" compared \"log --notes=foo --notes\" of\n the two ranges, instead of using just the specified notes tree,\n which has been corrected to use only the specified notes tree.\n * The command line completion script (in contrib/) can be told to\n complete aliases by including \": git \u003ccmd\u003e ;\" in the alias to tell\n it that the alias should be completed in a similar way to how \"git\n \u003ccmd\u003e\" is completed. The parsing code for the alias has been\n loosened to allow \u0027;\u0027 without an extra space before it.\n * \"git for-each-ref\" and friends learned to apply mailmap to\n authorname and other fields in a more flexible way than using\n separate placeholder letters like %a[eElL] every time we want to\n come up with small variants.\n * \"git repack\" machinery learned to pay attention to the \"--filter=\"\n option.\n * \"git repack\" learned the \"--max-cruft-size\" option to prevent cruft\n packs from growing without bounds.\n * \"git merge-tree\" learned to take strategy backend specific options\n via the \"-X\" option, like \"git merge\" does.\n * \"git log\" and friends learned the \"--dd\" option that is a\n short-hand for \"--diff-merges=first-parent -p\".\n * The attribute subsystem learned to honor the \"attr.tree\"\n configuration variable that specifies which tree to read the\n .gitattributes files from.\n * \"git merge-file\" learns a mode to read three variants of the\n contents to be merged from blob objects.\n * see https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.0.txt\n\nUpdate 2.42.1:\n\n * Fix \"git diff\" exit code handling\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-48",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20049-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20049-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520049-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20049-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021288.html"
},
{
"category": "self",
"summary": "SUSE Bug 1042640",
"url": "https://bugzilla.suse.com/1042640"
},
{
"category": "self",
"summary": "SUSE Bug 1061041",
"url": "https://bugzilla.suse.com/1061041"
},
{
"category": "self",
"summary": "SUSE Bug 1069468",
"url": "https://bugzilla.suse.com/1069468"
},
{
"category": "self",
"summary": "SUSE Bug 1082023",
"url": "https://bugzilla.suse.com/1082023"
},
{
"category": "self",
"summary": "SUSE Bug 1216545",
"url": "https://bugzilla.suse.com/1216545"
},
{
"category": "self",
"summary": "SUSE Bug 1218588",
"url": "https://bugzilla.suse.com/1218588"
},
{
"category": "self",
"summary": "SUSE Bug 1218664",
"url": "https://bugzilla.suse.com/1218664"
},
{
"category": "self",
"summary": "SUSE Bug 1224168",
"url": "https://bugzilla.suse.com/1224168"
},
{
"category": "self",
"summary": "SUSE Bug 1224170",
"url": "https://bugzilla.suse.com/1224170"
},
{
"category": "self",
"summary": "SUSE Bug 1224171",
"url": "https://bugzilla.suse.com/1224171"
},
{
"category": "self",
"summary": "SUSE Bug 1224172",
"url": "https://bugzilla.suse.com/1224172"
},
{
"category": "self",
"summary": "SUSE Bug 1224173",
"url": "https://bugzilla.suse.com/1224173"
},
{
"category": "self",
"summary": "SUSE Bug 779536",
"url": "https://bugzilla.suse.com/779536"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2005-4900 page",
"url": "https://www.suse.com/security/cve/CVE-2005-4900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-14867 page",
"url": "https://www.suse.com/security/cve/CVE-2017-14867/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-32002 page",
"url": "https://www.suse.com/security/cve/CVE-2024-32002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-32004 page",
"url": "https://www.suse.com/security/cve/CVE-2024-32004/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-32020 page",
"url": "https://www.suse.com/security/cve/CVE-2024-32020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-32021 page",
"url": "https://www.suse.com/security/cve/CVE-2024-32021/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-32465 page",
"url": "https://www.suse.com/security/cve/CVE-2024-32465/"
}
],
"title": "Security update for git",
"tracking": {
"current_release_date": "2025-02-03T08:55:36Z",
"generator": {
"date": "2025-02-03T08:55:36Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20049-1",
"initial_release_date": "2025-02-03T08:55:36Z",
"revision_history": [
{
"date": "2025-02-03T08:55:36Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "git-2.45.1-1.1.aarch64",
"product": {
"name": "git-2.45.1-1.1.aarch64",
"product_id": "git-2.45.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "git-core-2.45.1-1.1.aarch64",
"product": {
"name": "git-core-2.45.1-1.1.aarch64",
"product_id": "git-core-2.45.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "perl-Git-2.45.1-1.1.aarch64",
"product": {
"name": "perl-Git-2.45.1-1.1.aarch64",
"product_id": "perl-Git-2.45.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "git-2.45.1-1.1.s390x",
"product": {
"name": "git-2.45.1-1.1.s390x",
"product_id": "git-2.45.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "git-core-2.45.1-1.1.s390x",
"product": {
"name": "git-core-2.45.1-1.1.s390x",
"product_id": "git-core-2.45.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "perl-Git-2.45.1-1.1.s390x",
"product": {
"name": "perl-Git-2.45.1-1.1.s390x",
"product_id": "perl-Git-2.45.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "git-2.45.1-1.1.x86_64",
"product": {
"name": "git-2.45.1-1.1.x86_64",
"product_id": "git-2.45.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "git-core-2.45.1-1.1.x86_64",
"product": {
"name": "git-core-2.45.1-1.1.x86_64",
"product_id": "git-core-2.45.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "perl-Git-2.45.1-1.1.x86_64",
"product": {
"name": "perl-Git-2.45.1-1.1.x86_64",
"product_id": "perl-Git-2.45.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "git-2.45.1-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:git-2.45.1-1.1.aarch64"
},
"product_reference": "git-2.45.1-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-2.45.1-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:git-2.45.1-1.1.s390x"
},
"product_reference": "git-2.45.1-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-2.45.1-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:git-2.45.1-1.1.x86_64"
},
"product_reference": "git-2.45.1-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.45.1-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:git-core-2.45.1-1.1.aarch64"
},
"product_reference": "git-core-2.45.1-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.45.1-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:git-core-2.45.1-1.1.s390x"
},
"product_reference": "git-core-2.45.1-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.45.1-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:git-core-2.45.1-1.1.x86_64"
},
"product_reference": "git-core-2.45.1-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-Git-2.45.1-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.aarch64"
},
"product_reference": "perl-Git-2.45.1-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-Git-2.45.1-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.s390x"
},
"product_reference": "perl-Git-2.45.1-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-Git-2.45.1-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.x86_64"
},
"product_reference": "perl-Git-2.45.1-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2005-4900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2005-4900"
}
],
"notes": [
{
"category": "general",
"text": "SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing this SHA-1 issue; the existence of an identifier is not, by itself, a technology recommendation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2005-4900",
"url": "https://www.suse.com/security/cve/CVE-2005-4900"
},
{
"category": "external",
"summary": "SUSE Bug 1026646 for CVE-2005-4900",
"url": "https://bugzilla.suse.com/1026646"
},
{
"category": "external",
"summary": "SUSE Bug 1026936 for CVE-2005-4900",
"url": "https://bugzilla.suse.com/1026936"
},
{
"category": "external",
"summary": "SUSE Bug 1042640 for CVE-2005-4900",
"url": "https://bugzilla.suse.com/1042640"
},
{
"category": "external",
"summary": "SUSE Bug 1150998 for CVE-2005-4900",
"url": "https://bugzilla.suse.com/1150998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Micro 6.0:git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:36Z",
"details": "moderate"
}
],
"title": "CVE-2005-4900"
},
{
"cve": "CVE-2017-14867",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-14867"
}
],
"notes": [
{
"category": "general",
"text": "Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-14867",
"url": "https://www.suse.com/security/cve/CVE-2017-14867"
},
{
"category": "external",
"summary": "SUSE Bug 1060377 for CVE-2017-14867",
"url": "https://bugzilla.suse.com/1060377"
},
{
"category": "external",
"summary": "SUSE Bug 1060378 for CVE-2017-14867",
"url": "https://bugzilla.suse.com/1060378"
},
{
"category": "external",
"summary": "SUSE Bug 1061041 for CVE-2017-14867",
"url": "https://bugzilla.suse.com/1061041"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Micro 6.0:git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:36Z",
"details": "important"
}
],
"title": "CVE-2017-14867"
},
{
"cve": "CVE-2024-32002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-32002"
}
],
"notes": [
{
"category": "general",
"text": "Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule\u0027s worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won\u0027t work. As always, it is best to avoid cloning repositories from untrusted sources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-32002",
"url": "https://www.suse.com/security/cve/CVE-2024-32002"
},
{
"category": "external",
"summary": "SUSE Bug 1224168 for CVE-2024-32002",
"url": "https://bugzilla.suse.com/1224168"
},
{
"category": "external",
"summary": "SUSE Bug 1224170 for CVE-2024-32002",
"url": "https://bugzilla.suse.com/1224170"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:36Z",
"details": "important"
}
],
"title": "CVE-2024-32002"
},
{
"cve": "CVE-2024-32004",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-32004"
}
],
"notes": [
{
"category": "general",
"text": "Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-32004",
"url": "https://www.suse.com/security/cve/CVE-2024-32004"
},
{
"category": "external",
"summary": "SUSE Bug 1224170 for CVE-2024-32004",
"url": "https://bugzilla.suse.com/1224170"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:36Z",
"details": "important"
}
],
"title": "CVE-2024-32004"
},
{
"cve": "CVE-2024-32020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-32020"
}
],
"notes": [
{
"category": "general",
"text": "Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository\u0027s object database when source and target repository reside on the same disk. If the source repository is owned by a different user, then those hardlinked files may be rewritten at any point in time by the untrusted user. Cloning local repositories will cause Git to either copy or hardlink files of the source repository into the target repository. This significantly speeds up such local clones compared to doing a \"proper\" clone and saves both disk space and compute time. When cloning a repository located on the same disk that is owned by a different user than the current user we also end up creating such hardlinks. These files will continue to be owned and controlled by the potentially-untrusted user and can be rewritten by them at will in the future. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-32020",
"url": "https://www.suse.com/security/cve/CVE-2024-32020"
},
{
"category": "external",
"summary": "SUSE Bug 1224171 for CVE-2024-32020",
"url": "https://bugzilla.suse.com/1224171"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:36Z",
"details": "moderate"
}
],
"title": "CVE-2024-32020"
},
{
"cve": "CVE-2024-32021",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-32021"
}
],
"notes": [
{
"category": "general",
"text": "Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target repository in the `objects/` directory. Cloning a local repository over the filesystem may creating hardlinks to arbitrary user-owned files on the same filesystem in the target Git repository\u0027s `objects/` directory. When cloning a repository over the filesystem (without explicitly specifying the `file://` protocol or `--no-local`), the optimizations for local cloning\nwill be used, which include attempting to hard link the object files instead of copying them. While the code includes checks against symbolic links in the source repository, which were added during the fix for CVE-2022-39253, these checks can still be raced because the hard link operation ultimately follows symlinks. If the object on the filesystem appears as a file during the check, and then a symlink during the operation, this will allow the adversary to bypass the check and create hardlinks in the destination objects directory to arbitrary, user-readable files. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-32021",
"url": "https://www.suse.com/security/cve/CVE-2024-32021"
},
{
"category": "external",
"summary": "SUSE Bug 1224172 for CVE-2024-32021",
"url": "https://bugzilla.suse.com/1224172"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:36Z",
"details": "moderate"
}
],
"title": "CVE-2024-32021"
},
{
"cve": "CVE-2024-32465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-32465"
}
],
"notes": [
{
"category": "general",
"text": "Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but vulnerabilities allow those protections to be bypassed. In the context of cloning local repositories owned by other users, this vulnerability has been covered in CVE-2024-32004. But there are circumstances where the fixes for CVE-2024-32004 are not enough: For example, when obtaining a `.zip` file containing a full copy of a Git repository, it should not be trusted by default to be safe, as e.g. hooks could be configured to run within the context of that repository. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid using Git in repositories that have been obtained via archives from untrusted sources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-32465",
"url": "https://www.suse.com/security/cve/CVE-2024-32465"
},
{
"category": "external",
"summary": "SUSE Bug 1224170 for CVE-2024-32465",
"url": "https://bugzilla.suse.com/1224170"
},
{
"category": "external",
"summary": "SUSE Bug 1224173 for CVE-2024-32465",
"url": "https://bugzilla.suse.com/1224173"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:git-core-2.45.1-1.1.x86_64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.aarch64",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.s390x",
"SUSE Linux Micro 6.0:perl-Git-2.45.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:36Z",
"details": "important"
}
],
"title": "CVE-2024-32465"
}
]
}
OPENSUSE-SU-2024:10786-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
git-2.33.0-1.3 on GA media
Notes
Title of the patch
git-2.33.0-1.3 on GA media
Description of the patch
These are all security issues fixed in the git-2.33.0-1.3 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10786
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "git-2.33.0-1.3 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the git-2.33.0-1.3 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10786",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10786-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2005-4900 page",
"url": "https://www.suse.com/security/cve/CVE-2005-4900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-1000117 page",
"url": "https://www.suse.com/security/cve/CVE-2017-1000117/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-14867 page",
"url": "https://www.suse.com/security/cve/CVE-2017-14867/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15298 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15298/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8386 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8386/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-11233 page",
"url": "https://www.suse.com/security/cve/CVE-2018-11233/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-11235 page",
"url": "https://www.suse.com/security/cve/CVE-2018-11235/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17456 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17456/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19486 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19486/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1348 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1348/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1349 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1349/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1350 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1350/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1351 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1351/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1352 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1352/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1353 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1353/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1354 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1354/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1387 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1387/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19604 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19604/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11008 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11008/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-5260 page",
"url": "https://www.suse.com/security/cve/CVE-2020-5260/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21300 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21300/"
}
],
"title": "git-2.33.0-1.3 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10786-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "git-2.33.0-1.3.aarch64",
"product": {
"name": "git-2.33.0-1.3.aarch64",
"product_id": "git-2.33.0-1.3.aarch64"
}
},
{
"category": "product_version",
"name": "git-arch-2.33.0-1.3.aarch64",
"product": {
"name": "git-arch-2.33.0-1.3.aarch64",
"product_id": "git-arch-2.33.0-1.3.aarch64"
}
},
{
"category": "product_version",
"name": "git-core-2.33.0-1.3.aarch64",
"product": {
"name": "git-core-2.33.0-1.3.aarch64",
"product_id": "git-core-2.33.0-1.3.aarch64"
}
},
{
"category": "product_version",
"name": "git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"product": {
"name": "git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"product_id": "git-credential-gnome-keyring-2.33.0-1.3.aarch64"
}
},
{
"category": "product_version",
"name": "git-credential-libsecret-2.33.0-1.3.aarch64",
"product": {
"name": "git-credential-libsecret-2.33.0-1.3.aarch64",
"product_id": "git-credential-libsecret-2.33.0-1.3.aarch64"
}
},
{
"category": "product_version",
"name": "git-cvs-2.33.0-1.3.aarch64",
"product": {
"name": "git-cvs-2.33.0-1.3.aarch64",
"product_id": "git-cvs-2.33.0-1.3.aarch64"
}
},
{
"category": "product_version",
"name": "git-daemon-2.33.0-1.3.aarch64",
"product": {
"name": "git-daemon-2.33.0-1.3.aarch64",
"product_id": "git-daemon-2.33.0-1.3.aarch64"
}
},
{
"category": "product_version",
"name": "git-doc-2.33.0-1.3.aarch64",
"product": {
"name": "git-doc-2.33.0-1.3.aarch64",
"product_id": "git-doc-2.33.0-1.3.aarch64"
}
},
{
"category": "product_version",
"name": "git-email-2.33.0-1.3.aarch64",
"product": {
"name": "git-email-2.33.0-1.3.aarch64",
"product_id": "git-email-2.33.0-1.3.aarch64"
}
},
{
"category": "product_version",
"name": "git-gui-2.33.0-1.3.aarch64",
"product": {
"name": "git-gui-2.33.0-1.3.aarch64",
"product_id": "git-gui-2.33.0-1.3.aarch64"
}
},
{
"category": "product_version",
"name": "git-p4-2.33.0-1.3.aarch64",
"product": {
"name": "git-p4-2.33.0-1.3.aarch64",
"product_id": "git-p4-2.33.0-1.3.aarch64"
}
},
{
"category": "product_version",
"name": "git-svn-2.33.0-1.3.aarch64",
"product": {
"name": "git-svn-2.33.0-1.3.aarch64",
"product_id": "git-svn-2.33.0-1.3.aarch64"
}
},
{
"category": "product_version",
"name": "git-web-2.33.0-1.3.aarch64",
"product": {
"name": "git-web-2.33.0-1.3.aarch64",
"product_id": "git-web-2.33.0-1.3.aarch64"
}
},
{
"category": "product_version",
"name": "gitk-2.33.0-1.3.aarch64",
"product": {
"name": "gitk-2.33.0-1.3.aarch64",
"product_id": "gitk-2.33.0-1.3.aarch64"
}
},
{
"category": "product_version",
"name": "perl-Git-2.33.0-1.3.aarch64",
"product": {
"name": "perl-Git-2.33.0-1.3.aarch64",
"product_id": "perl-Git-2.33.0-1.3.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "git-2.33.0-1.3.ppc64le",
"product": {
"name": "git-2.33.0-1.3.ppc64le",
"product_id": "git-2.33.0-1.3.ppc64le"
}
},
{
"category": "product_version",
"name": "git-arch-2.33.0-1.3.ppc64le",
"product": {
"name": "git-arch-2.33.0-1.3.ppc64le",
"product_id": "git-arch-2.33.0-1.3.ppc64le"
}
},
{
"category": "product_version",
"name": "git-core-2.33.0-1.3.ppc64le",
"product": {
"name": "git-core-2.33.0-1.3.ppc64le",
"product_id": "git-core-2.33.0-1.3.ppc64le"
}
},
{
"category": "product_version",
"name": "git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"product": {
"name": "git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"product_id": "git-credential-gnome-keyring-2.33.0-1.3.ppc64le"
}
},
{
"category": "product_version",
"name": "git-credential-libsecret-2.33.0-1.3.ppc64le",
"product": {
"name": "git-credential-libsecret-2.33.0-1.3.ppc64le",
"product_id": "git-credential-libsecret-2.33.0-1.3.ppc64le"
}
},
{
"category": "product_version",
"name": "git-cvs-2.33.0-1.3.ppc64le",
"product": {
"name": "git-cvs-2.33.0-1.3.ppc64le",
"product_id": "git-cvs-2.33.0-1.3.ppc64le"
}
},
{
"category": "product_version",
"name": "git-daemon-2.33.0-1.3.ppc64le",
"product": {
"name": "git-daemon-2.33.0-1.3.ppc64le",
"product_id": "git-daemon-2.33.0-1.3.ppc64le"
}
},
{
"category": "product_version",
"name": "git-doc-2.33.0-1.3.ppc64le",
"product": {
"name": "git-doc-2.33.0-1.3.ppc64le",
"product_id": "git-doc-2.33.0-1.3.ppc64le"
}
},
{
"category": "product_version",
"name": "git-email-2.33.0-1.3.ppc64le",
"product": {
"name": "git-email-2.33.0-1.3.ppc64le",
"product_id": "git-email-2.33.0-1.3.ppc64le"
}
},
{
"category": "product_version",
"name": "git-gui-2.33.0-1.3.ppc64le",
"product": {
"name": "git-gui-2.33.0-1.3.ppc64le",
"product_id": "git-gui-2.33.0-1.3.ppc64le"
}
},
{
"category": "product_version",
"name": "git-p4-2.33.0-1.3.ppc64le",
"product": {
"name": "git-p4-2.33.0-1.3.ppc64le",
"product_id": "git-p4-2.33.0-1.3.ppc64le"
}
},
{
"category": "product_version",
"name": "git-svn-2.33.0-1.3.ppc64le",
"product": {
"name": "git-svn-2.33.0-1.3.ppc64le",
"product_id": "git-svn-2.33.0-1.3.ppc64le"
}
},
{
"category": "product_version",
"name": "git-web-2.33.0-1.3.ppc64le",
"product": {
"name": "git-web-2.33.0-1.3.ppc64le",
"product_id": "git-web-2.33.0-1.3.ppc64le"
}
},
{
"category": "product_version",
"name": "gitk-2.33.0-1.3.ppc64le",
"product": {
"name": "gitk-2.33.0-1.3.ppc64le",
"product_id": "gitk-2.33.0-1.3.ppc64le"
}
},
{
"category": "product_version",
"name": "perl-Git-2.33.0-1.3.ppc64le",
"product": {
"name": "perl-Git-2.33.0-1.3.ppc64le",
"product_id": "perl-Git-2.33.0-1.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "git-2.33.0-1.3.s390x",
"product": {
"name": "git-2.33.0-1.3.s390x",
"product_id": "git-2.33.0-1.3.s390x"
}
},
{
"category": "product_version",
"name": "git-arch-2.33.0-1.3.s390x",
"product": {
"name": "git-arch-2.33.0-1.3.s390x",
"product_id": "git-arch-2.33.0-1.3.s390x"
}
},
{
"category": "product_version",
"name": "git-core-2.33.0-1.3.s390x",
"product": {
"name": "git-core-2.33.0-1.3.s390x",
"product_id": "git-core-2.33.0-1.3.s390x"
}
},
{
"category": "product_version",
"name": "git-credential-gnome-keyring-2.33.0-1.3.s390x",
"product": {
"name": "git-credential-gnome-keyring-2.33.0-1.3.s390x",
"product_id": "git-credential-gnome-keyring-2.33.0-1.3.s390x"
}
},
{
"category": "product_version",
"name": "git-credential-libsecret-2.33.0-1.3.s390x",
"product": {
"name": "git-credential-libsecret-2.33.0-1.3.s390x",
"product_id": "git-credential-libsecret-2.33.0-1.3.s390x"
}
},
{
"category": "product_version",
"name": "git-cvs-2.33.0-1.3.s390x",
"product": {
"name": "git-cvs-2.33.0-1.3.s390x",
"product_id": "git-cvs-2.33.0-1.3.s390x"
}
},
{
"category": "product_version",
"name": "git-daemon-2.33.0-1.3.s390x",
"product": {
"name": "git-daemon-2.33.0-1.3.s390x",
"product_id": "git-daemon-2.33.0-1.3.s390x"
}
},
{
"category": "product_version",
"name": "git-doc-2.33.0-1.3.s390x",
"product": {
"name": "git-doc-2.33.0-1.3.s390x",
"product_id": "git-doc-2.33.0-1.3.s390x"
}
},
{
"category": "product_version",
"name": "git-email-2.33.0-1.3.s390x",
"product": {
"name": "git-email-2.33.0-1.3.s390x",
"product_id": "git-email-2.33.0-1.3.s390x"
}
},
{
"category": "product_version",
"name": "git-gui-2.33.0-1.3.s390x",
"product": {
"name": "git-gui-2.33.0-1.3.s390x",
"product_id": "git-gui-2.33.0-1.3.s390x"
}
},
{
"category": "product_version",
"name": "git-p4-2.33.0-1.3.s390x",
"product": {
"name": "git-p4-2.33.0-1.3.s390x",
"product_id": "git-p4-2.33.0-1.3.s390x"
}
},
{
"category": "product_version",
"name": "git-svn-2.33.0-1.3.s390x",
"product": {
"name": "git-svn-2.33.0-1.3.s390x",
"product_id": "git-svn-2.33.0-1.3.s390x"
}
},
{
"category": "product_version",
"name": "git-web-2.33.0-1.3.s390x",
"product": {
"name": "git-web-2.33.0-1.3.s390x",
"product_id": "git-web-2.33.0-1.3.s390x"
}
},
{
"category": "product_version",
"name": "gitk-2.33.0-1.3.s390x",
"product": {
"name": "gitk-2.33.0-1.3.s390x",
"product_id": "gitk-2.33.0-1.3.s390x"
}
},
{
"category": "product_version",
"name": "perl-Git-2.33.0-1.3.s390x",
"product": {
"name": "perl-Git-2.33.0-1.3.s390x",
"product_id": "perl-Git-2.33.0-1.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "git-2.33.0-1.3.x86_64",
"product": {
"name": "git-2.33.0-1.3.x86_64",
"product_id": "git-2.33.0-1.3.x86_64"
}
},
{
"category": "product_version",
"name": "git-arch-2.33.0-1.3.x86_64",
"product": {
"name": "git-arch-2.33.0-1.3.x86_64",
"product_id": "git-arch-2.33.0-1.3.x86_64"
}
},
{
"category": "product_version",
"name": "git-core-2.33.0-1.3.x86_64",
"product": {
"name": "git-core-2.33.0-1.3.x86_64",
"product_id": "git-core-2.33.0-1.3.x86_64"
}
},
{
"category": "product_version",
"name": "git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"product": {
"name": "git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"product_id": "git-credential-gnome-keyring-2.33.0-1.3.x86_64"
}
},
{
"category": "product_version",
"name": "git-credential-libsecret-2.33.0-1.3.x86_64",
"product": {
"name": "git-credential-libsecret-2.33.0-1.3.x86_64",
"product_id": "git-credential-libsecret-2.33.0-1.3.x86_64"
}
},
{
"category": "product_version",
"name": "git-cvs-2.33.0-1.3.x86_64",
"product": {
"name": "git-cvs-2.33.0-1.3.x86_64",
"product_id": "git-cvs-2.33.0-1.3.x86_64"
}
},
{
"category": "product_version",
"name": "git-daemon-2.33.0-1.3.x86_64",
"product": {
"name": "git-daemon-2.33.0-1.3.x86_64",
"product_id": "git-daemon-2.33.0-1.3.x86_64"
}
},
{
"category": "product_version",
"name": "git-doc-2.33.0-1.3.x86_64",
"product": {
"name": "git-doc-2.33.0-1.3.x86_64",
"product_id": "git-doc-2.33.0-1.3.x86_64"
}
},
{
"category": "product_version",
"name": "git-email-2.33.0-1.3.x86_64",
"product": {
"name": "git-email-2.33.0-1.3.x86_64",
"product_id": "git-email-2.33.0-1.3.x86_64"
}
},
{
"category": "product_version",
"name": "git-gui-2.33.0-1.3.x86_64",
"product": {
"name": "git-gui-2.33.0-1.3.x86_64",
"product_id": "git-gui-2.33.0-1.3.x86_64"
}
},
{
"category": "product_version",
"name": "git-p4-2.33.0-1.3.x86_64",
"product": {
"name": "git-p4-2.33.0-1.3.x86_64",
"product_id": "git-p4-2.33.0-1.3.x86_64"
}
},
{
"category": "product_version",
"name": "git-svn-2.33.0-1.3.x86_64",
"product": {
"name": "git-svn-2.33.0-1.3.x86_64",
"product_id": "git-svn-2.33.0-1.3.x86_64"
}
},
{
"category": "product_version",
"name": "git-web-2.33.0-1.3.x86_64",
"product": {
"name": "git-web-2.33.0-1.3.x86_64",
"product_id": "git-web-2.33.0-1.3.x86_64"
}
},
{
"category": "product_version",
"name": "gitk-2.33.0-1.3.x86_64",
"product": {
"name": "gitk-2.33.0-1.3.x86_64",
"product_id": "gitk-2.33.0-1.3.x86_64"
}
},
{
"category": "product_version",
"name": "perl-Git-2.33.0-1.3.x86_64",
"product": {
"name": "perl-Git-2.33.0-1.3.x86_64",
"product_id": "perl-Git-2.33.0-1.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "git-2.33.0-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64"
},
"product_reference": "git-2.33.0-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-2.33.0-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le"
},
"product_reference": "git-2.33.0-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-2.33.0-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-2.33.0-1.3.s390x"
},
"product_reference": "git-2.33.0-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-2.33.0-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64"
},
"product_reference": "git-2.33.0-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-arch-2.33.0-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64"
},
"product_reference": "git-arch-2.33.0-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-arch-2.33.0-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le"
},
"product_reference": "git-arch-2.33.0-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-arch-2.33.0-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x"
},
"product_reference": "git-arch-2.33.0-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-arch-2.33.0-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64"
},
"product_reference": "git-arch-2.33.0-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.33.0-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64"
},
"product_reference": "git-core-2.33.0-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.33.0-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le"
},
"product_reference": "git-core-2.33.0-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.33.0-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x"
},
"product_reference": "git-core-2.33.0-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.33.0-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64"
},
"product_reference": "git-core-2.33.0-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-credential-gnome-keyring-2.33.0-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64"
},
"product_reference": "git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-credential-gnome-keyring-2.33.0-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le"
},
"product_reference": "git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-credential-gnome-keyring-2.33.0-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x"
},
"product_reference": "git-credential-gnome-keyring-2.33.0-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-credential-gnome-keyring-2.33.0-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64"
},
"product_reference": "git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-credential-libsecret-2.33.0-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64"
},
"product_reference": "git-credential-libsecret-2.33.0-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-credential-libsecret-2.33.0-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le"
},
"product_reference": "git-credential-libsecret-2.33.0-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-credential-libsecret-2.33.0-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x"
},
"product_reference": "git-credential-libsecret-2.33.0-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-credential-libsecret-2.33.0-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64"
},
"product_reference": "git-credential-libsecret-2.33.0-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cvs-2.33.0-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64"
},
"product_reference": "git-cvs-2.33.0-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cvs-2.33.0-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le"
},
"product_reference": "git-cvs-2.33.0-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cvs-2.33.0-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x"
},
"product_reference": "git-cvs-2.33.0-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cvs-2.33.0-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64"
},
"product_reference": "git-cvs-2.33.0-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-daemon-2.33.0-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64"
},
"product_reference": "git-daemon-2.33.0-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-daemon-2.33.0-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le"
},
"product_reference": "git-daemon-2.33.0-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-daemon-2.33.0-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x"
},
"product_reference": "git-daemon-2.33.0-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-daemon-2.33.0-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64"
},
"product_reference": "git-daemon-2.33.0-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-doc-2.33.0-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64"
},
"product_reference": "git-doc-2.33.0-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-doc-2.33.0-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le"
},
"product_reference": "git-doc-2.33.0-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-doc-2.33.0-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x"
},
"product_reference": "git-doc-2.33.0-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-doc-2.33.0-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64"
},
"product_reference": "git-doc-2.33.0-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-email-2.33.0-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64"
},
"product_reference": "git-email-2.33.0-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-email-2.33.0-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le"
},
"product_reference": "git-email-2.33.0-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-email-2.33.0-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x"
},
"product_reference": "git-email-2.33.0-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-email-2.33.0-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64"
},
"product_reference": "git-email-2.33.0-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-gui-2.33.0-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64"
},
"product_reference": "git-gui-2.33.0-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-gui-2.33.0-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le"
},
"product_reference": "git-gui-2.33.0-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-gui-2.33.0-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x"
},
"product_reference": "git-gui-2.33.0-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-gui-2.33.0-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64"
},
"product_reference": "git-gui-2.33.0-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-p4-2.33.0-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64"
},
"product_reference": "git-p4-2.33.0-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-p4-2.33.0-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le"
},
"product_reference": "git-p4-2.33.0-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-p4-2.33.0-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x"
},
"product_reference": "git-p4-2.33.0-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-p4-2.33.0-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64"
},
"product_reference": "git-p4-2.33.0-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-svn-2.33.0-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64"
},
"product_reference": "git-svn-2.33.0-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-svn-2.33.0-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le"
},
"product_reference": "git-svn-2.33.0-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-svn-2.33.0-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x"
},
"product_reference": "git-svn-2.33.0-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-svn-2.33.0-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64"
},
"product_reference": "git-svn-2.33.0-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-web-2.33.0-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64"
},
"product_reference": "git-web-2.33.0-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-web-2.33.0-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le"
},
"product_reference": "git-web-2.33.0-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-web-2.33.0-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x"
},
"product_reference": "git-web-2.33.0-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-web-2.33.0-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64"
},
"product_reference": "git-web-2.33.0-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gitk-2.33.0-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64"
},
"product_reference": "gitk-2.33.0-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gitk-2.33.0-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le"
},
"product_reference": "gitk-2.33.0-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gitk-2.33.0-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x"
},
"product_reference": "gitk-2.33.0-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gitk-2.33.0-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64"
},
"product_reference": "gitk-2.33.0-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-Git-2.33.0-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64"
},
"product_reference": "perl-Git-2.33.0-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-Git-2.33.0-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le"
},
"product_reference": "perl-Git-2.33.0-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-Git-2.33.0-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x"
},
"product_reference": "perl-Git-2.33.0-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-Git-2.33.0-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
},
"product_reference": "perl-Git-2.33.0-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2005-4900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2005-4900"
}
],
"notes": [
{
"category": "general",
"text": "SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing this SHA-1 issue; the existence of an identifier is not, by itself, a technology recommendation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2005-4900",
"url": "https://www.suse.com/security/cve/CVE-2005-4900"
},
{
"category": "external",
"summary": "SUSE Bug 1026646 for CVE-2005-4900",
"url": "https://bugzilla.suse.com/1026646"
},
{
"category": "external",
"summary": "SUSE Bug 1026936 for CVE-2005-4900",
"url": "https://bugzilla.suse.com/1026936"
},
{
"category": "external",
"summary": "SUSE Bug 1042640 for CVE-2005-4900",
"url": "https://bugzilla.suse.com/1042640"
},
{
"category": "external",
"summary": "SUSE Bug 1150998 for CVE-2005-4900",
"url": "https://bugzilla.suse.com/1150998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2005-4900"
},
{
"cve": "CVE-2017-1000117",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-1000117"
}
],
"notes": [
{
"category": "general",
"text": "A malicious third-party can give a crafted \"ssh://...\" URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim\u0027s machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running \"git clone --recurse-submodules\" to trigger the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-1000117",
"url": "https://www.suse.com/security/cve/CVE-2017-1000117"
},
{
"category": "external",
"summary": "SUSE Bug 1052481 for CVE-2017-1000117",
"url": "https://bugzilla.suse.com/1052481"
},
{
"category": "external",
"summary": "SUSE Bug 1052696 for CVE-2017-1000117",
"url": "https://bugzilla.suse.com/1052696"
},
{
"category": "external",
"summary": "SUSE Bug 1052932 for CVE-2017-1000117",
"url": "https://bugzilla.suse.com/1052932"
},
{
"category": "external",
"summary": "SUSE Bug 1053364 for CVE-2017-1000117",
"url": "https://bugzilla.suse.com/1053364"
},
{
"category": "external",
"summary": "SUSE Bug 1053600 for CVE-2017-1000117",
"url": "https://bugzilla.suse.com/1053600"
},
{
"category": "external",
"summary": "SUSE Bug 1053919 for CVE-2017-1000117",
"url": "https://bugzilla.suse.com/1053919"
},
{
"category": "external",
"summary": "SUSE Bug 1054653 for CVE-2017-1000117",
"url": "https://bugzilla.suse.com/1054653"
},
{
"category": "external",
"summary": "SUSE Bug 1058214 for CVE-2017-1000117",
"url": "https://bugzilla.suse.com/1058214"
},
{
"category": "external",
"summary": "SUSE Bug 1066430 for CVE-2017-1000117",
"url": "https://bugzilla.suse.com/1066430"
},
{
"category": "external",
"summary": "SUSE Bug 1071709 for CVE-2017-1000117",
"url": "https://bugzilla.suse.com/1071709"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-1000117"
},
{
"cve": "CVE-2017-14867",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-14867"
}
],
"notes": [
{
"category": "general",
"text": "Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-14867",
"url": "https://www.suse.com/security/cve/CVE-2017-14867"
},
{
"category": "external",
"summary": "SUSE Bug 1060377 for CVE-2017-14867",
"url": "https://bugzilla.suse.com/1060377"
},
{
"category": "external",
"summary": "SUSE Bug 1060378 for CVE-2017-14867",
"url": "https://bugzilla.suse.com/1060378"
},
{
"category": "external",
"summary": "SUSE Bug 1061041 for CVE-2017-14867",
"url": "https://bugzilla.suse.com/1061041"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-14867"
},
{
"cve": "CVE-2017-15298",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15298"
}
],
"notes": [
{
"category": "general",
"text": "Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15298",
"url": "https://www.suse.com/security/cve/CVE-2017-15298"
},
{
"category": "external",
"summary": "SUSE Bug 1063412 for CVE-2017-15298",
"url": "https://bugzilla.suse.com/1063412"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-15298"
},
{
"cve": "CVE-2017-8386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8386"
}
],
"notes": [
{
"category": "general",
"text": "git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8386",
"url": "https://www.suse.com/security/cve/CVE-2017-8386"
},
{
"category": "external",
"summary": "SUSE Bug 1038395 for CVE-2017-8386",
"url": "https://bugzilla.suse.com/1038395"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-8386"
},
{
"cve": "CVE-2018-11233",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-11233"
}
],
"notes": [
{
"category": "general",
"text": "In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-11233",
"url": "https://www.suse.com/security/cve/CVE-2018-11233"
},
{
"category": "external",
"summary": "SUSE Bug 1095218 for CVE-2018-11233",
"url": "https://bugzilla.suse.com/1095218"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-11233"
},
{
"cve": "CVE-2018-11235",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-11235"
}
],
"notes": [
{
"category": "general",
"text": "In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs \"git clone --recurse-submodules\" because submodule \"names\" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with \"../\" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-11235",
"url": "https://www.suse.com/security/cve/CVE-2018-11235"
},
{
"category": "external",
"summary": "SUSE Bug 1095219 for CVE-2018-11235",
"url": "https://bugzilla.suse.com/1095219"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-11235"
},
{
"cve": "CVE-2018-17456",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17456"
}
],
"notes": [
{
"category": "general",
"text": "Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive \"git clone\" of a superproject if a .gitmodules file has a URL field beginning with a \u0027-\u0027 character.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17456",
"url": "https://www.suse.com/security/cve/CVE-2018-17456"
},
{
"category": "external",
"summary": "SUSE Bug 1110949 for CVE-2018-17456",
"url": "https://bugzilla.suse.com/1110949"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-17456"
},
{
"cve": "CVE-2018-19486",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19486"
}
],
"notes": [
{
"category": "general",
"text": "Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if \u0027.\u0027 were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19486",
"url": "https://www.suse.com/security/cve/CVE-2018-19486"
},
{
"category": "external",
"summary": "SUSE Bug 1117257 for CVE-2018-19486",
"url": "https://bugzilla.suse.com/1117257"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-19486"
},
{
"cve": "CVE-2019-1348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1348"
}
],
"notes": [
{
"category": "general",
"text": "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1348",
"url": "https://www.suse.com/security/cve/CVE-2019-1348"
},
{
"category": "external",
"summary": "SUSE Bug 1158785 for CVE-2019-1348",
"url": "https://bugzilla.suse.com/1158785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-1348"
},
{
"cve": "CVE-2019-1349",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1349"
}
],
"notes": [
{
"category": "general",
"text": "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka \u0027Git for Visual Studio Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1349",
"url": "https://www.suse.com/security/cve/CVE-2019-1349"
},
{
"category": "external",
"summary": "SUSE Bug 1158785 for CVE-2019-1349",
"url": "https://bugzilla.suse.com/1158785"
},
{
"category": "external",
"summary": "SUSE Bug 1158787 for CVE-2019-1349",
"url": "https://bugzilla.suse.com/1158787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2019-1349"
},
{
"cve": "CVE-2019-1350",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1350"
}
],
"notes": [
{
"category": "general",
"text": "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka \u0027Git for Visual Studio Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1350",
"url": "https://www.suse.com/security/cve/CVE-2019-1350"
},
{
"category": "external",
"summary": "SUSE Bug 1158785 for CVE-2019-1350",
"url": "https://bugzilla.suse.com/1158785"
},
{
"category": "external",
"summary": "SUSE Bug 1158788 for CVE-2019-1350",
"url": "https://bugzilla.suse.com/1158788"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2019-1350"
},
{
"cve": "CVE-2019-1351",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1351"
}
],
"notes": [
{
"category": "general",
"text": "A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka \u0027Git for Visual Studio Tampering Vulnerability\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1351",
"url": "https://www.suse.com/security/cve/CVE-2019-1351"
},
{
"category": "external",
"summary": "SUSE Bug 1158785 for CVE-2019-1351",
"url": "https://bugzilla.suse.com/1158785"
},
{
"category": "external",
"summary": "SUSE Bug 1158789 for CVE-2019-1351",
"url": "https://bugzilla.suse.com/1158789"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-1351"
},
{
"cve": "CVE-2019-1352",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1352"
}
],
"notes": [
{
"category": "general",
"text": "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka \u0027Git for Visual Studio Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1352",
"url": "https://www.suse.com/security/cve/CVE-2019-1352"
},
{
"category": "external",
"summary": "SUSE Bug 1158785 for CVE-2019-1352",
"url": "https://bugzilla.suse.com/1158785"
},
{
"category": "external",
"summary": "SUSE Bug 1158787 for CVE-2019-1352",
"url": "https://bugzilla.suse.com/1158787"
},
{
"category": "external",
"summary": "SUSE Bug 1158790 for CVE-2019-1352",
"url": "https://bugzilla.suse.com/1158790"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2019-1352"
},
{
"cve": "CVE-2019-1353",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1353"
}
],
"notes": [
{
"category": "general",
"text": "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as \"WSL\") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1353",
"url": "https://www.suse.com/security/cve/CVE-2019-1353"
},
{
"category": "external",
"summary": "SUSE Bug 1158785 for CVE-2019-1353",
"url": "https://bugzilla.suse.com/1158785"
},
{
"category": "external",
"summary": "SUSE Bug 1158791 for CVE-2019-1353",
"url": "https://bugzilla.suse.com/1158791"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2019-1353"
},
{
"cve": "CVE-2019-1354",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1354"
}
],
"notes": [
{
"category": "general",
"text": "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka \u0027Git for Visual Studio Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1354",
"url": "https://www.suse.com/security/cve/CVE-2019-1354"
},
{
"category": "external",
"summary": "SUSE Bug 1158785 for CVE-2019-1354",
"url": "https://bugzilla.suse.com/1158785"
},
{
"category": "external",
"summary": "SUSE Bug 1158792 for CVE-2019-1354",
"url": "https://bugzilla.suse.com/1158792"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-1354"
},
{
"cve": "CVE-2019-1387",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1387"
}
],
"notes": [
{
"category": "general",
"text": "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1387",
"url": "https://www.suse.com/security/cve/CVE-2019-1387"
},
{
"category": "external",
"summary": "SUSE Bug 1158785 for CVE-2019-1387",
"url": "https://bugzilla.suse.com/1158785"
},
{
"category": "external",
"summary": "SUSE Bug 1158793 for CVE-2019-1387",
"url": "https://bugzilla.suse.com/1158793"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-1387"
},
{
"cve": "CVE-2019-19604",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19604"
}
],
"notes": [
{
"category": "general",
"text": "Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a \"git submodule update\" operation can run commands found in the .gitmodules file of a malicious repository.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19604",
"url": "https://www.suse.com/security/cve/CVE-2019-19604"
},
{
"category": "external",
"summary": "SUSE Bug 1158785 for CVE-2019-19604",
"url": "https://bugzilla.suse.com/1158785"
},
{
"category": "external",
"summary": "SUSE Bug 1158795 for CVE-2019-19604",
"url": "https://bugzilla.suse.com/1158795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2019-19604"
},
{
"cve": "CVE-2020-11008",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11008"
}
],
"notes": [
{
"category": "general",
"text": "Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external \"credential helper\" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a \"blank\" pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker\u0027s server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git\u0027s \"store\" helper - Git\u0027s \"cache\" helper - the \"osxkeychain\" helper that ships in Git\u0027s \"contrib\" directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11008",
"url": "https://www.suse.com/security/cve/CVE-2020-11008"
},
{
"category": "external",
"summary": "SUSE Bug 1169936 for CVE-2020-11008",
"url": "https://bugzilla.suse.com/1169936"
},
{
"category": "external",
"summary": "SUSE Bug 1170741 for CVE-2020-11008",
"url": "https://bugzilla.suse.com/1170741"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-11008"
},
{
"cve": "CVE-2020-5260",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-5260"
}
],
"notes": [
{
"category": "general",
"text": "Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external \"credential helper\" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the former being sent to the latter. There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any host to a host of their choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched versions are: 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-5260",
"url": "https://www.suse.com/security/cve/CVE-2020-5260"
},
{
"category": "external",
"summary": "SUSE Bug 1168930 for CVE-2020-5260",
"url": "https://bugzilla.suse.com/1168930"
},
{
"category": "external",
"summary": "SUSE Bug 1169936 for CVE-2020-5260",
"url": "https://bugzilla.suse.com/1169936"
},
{
"category": "external",
"summary": "SUSE Bug 1170741 for CVE-2020-5260",
"url": "https://bugzilla.suse.com/1170741"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-5260"
},
{
"cve": "CVE-2021-21300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21300"
}
],
"notes": [
{
"category": "general",
"text": "Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won\u0027t work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21300",
"url": "https://www.suse.com/security/cve/CVE-2021-21300"
},
{
"category": "external",
"summary": "SUSE Bug 1183026 for CVE-2021-21300",
"url": "https://bugzilla.suse.com/1183026"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x",
"openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-21300"
}
]
}
CERTFR-2022-AVI-650
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | Junos Space Security Director Policy Enforcer versions antérieures à 22.1R1 | ||
| Juniper Networks | N/A | Juniper Networks Contrail Networking versions antérieures à 21.4.0 | ||
| Juniper Networks | N/A | Contrôleur Juniper Networks NorthStar versions antérieures à 5.1.0 Service Pack 6 | ||
| Juniper Networks | N/A | Contrôleur Juniper Networks NorthStar versions 6.x antérieures à 6.2.2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 20.4.x antérieures à 20.4R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 20.1.x antérieures à 20.1R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 20.2.x antérieures à 20.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS versions 20.2.x antérieures à 20.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 20.2.x antérieures à 20.2R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 19.3.x antérieures à 19.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 20.3.x antérieures à 20.3R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 21.2.x antérieures à 21.2R2-S3, 21.2R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 19.3.x antérieures à 19.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 19.2.x antérieures à 19.2R1-S9, 19.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 21.1.x antérieures à 21.1R3-S2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 20.2.x antérieures à 20.2R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 21.1.x antérieures à 21.1R3-S1 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 20.4.x antérieures à 20.4R3-S2, 20.4R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 21.3.x antérieures à 21.3R2 | ||
| Juniper Networks | Junos OS | Junos OS versions 21.3.x antérieures à 21.3R2-S1, 21.3R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 20.4.x antérieures à 20.4R3-S2 | ||
| Juniper Networks | Junos OS | Junos OS versions 19.2.x antérieures à 19.2R1-S9, 19.2R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions antérieures à 19.2R1-S9, 19.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 21.3.x antérieures à 21.3R1-S2, 21.3R2, 21.3R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 21.2.x antérieures à 21.2R2-S2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 20.3.x antérieures à 20.3R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS versions 20.1.x antérieures à 20.1R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 21.4.x antérieures à 21.4R2 | ||
| Juniper Networks | Junos OS | Junos OS versions 20.4.x antérieures à 20.4R2-S2, 20.4R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS versions 19.4.x antérieures à 19.4R2-S6, 19.4R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 19.3.x antérieures à 19.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS versions 18.4.x antérieures à 18.4R2-S10, 18.4R3-S9 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions antérieures à 19.1R3-S9 | ||
| Juniper Networks | Junos OS | Junos OS versions 21.2.x antérieures à 21.2R2-S2, 21.2R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 21.4.x antérieures à 21.4R1-S1, 21.4R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 20.3.x antérieures à 20.3R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions antérieures à 19.2R1-S9, 19.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions supérieures à 20.1R1 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 20.4.x antérieures à 20.4R3-S2, 20.4R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 21.2.x antérieures à 21.2R2-S1, 21.2R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 20.3.x antérieures à 20.3R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 21.1.x antérieures à 21.1R2-S1, 21.1R3-S2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 21.2.x antérieures à 21.2R1-S1, 21.2R2, 21.2R3-S1 | ||
| Juniper Networks | Junos OS | Junos OS versions 19.3.x antérieures à 19.3R2-S7, 19.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS versions 17.3.x antérieures à 17.3R3-S12 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 21.4.x antérieures à 21.4R1-S1, 21.4R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 19.4.x antérieures à 19.4R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS versions 21.4.x antérieures à 21.4R1-S2, 21.4R2 | ||
| Juniper Networks | Junos OS | Junos OS versions 19.1.x antérieures à 19.1R2-S3, 19.1R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1X49, 15.1X49-D100 et suivantes antérieures à 19.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 20.1.x antérieures à 20.1R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 21.3.x antérieures à 21.3R3 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 12.3R12-S21 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 21.3.x antérieures à 21.3R1-S2, 21.3R2, 21.3R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 19.2.x antérieures à 19.2R1-S8, 19.2R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 19.4.x antérieures à 19.4R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 20.1.x antérieures à 20.1R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 20.3.x antérieures à 20.3R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS versions 21.1.x antérieures à 21.1R3-S1 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 20.4.x antérieures à 20.4R3-S2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 21.4.x antérieures à 21.4R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 22.1.x antérieures à 22.1R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 21.3.x antérieures à 21.3R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX toutes versions antérieures à 19.1R3-S9 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 19.4.x antérieures à 19.4R2-S5, 19.4R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 19.4.x antérieures à 19.4R2-S6, 19.4R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 20.2.x antérieures à 20.2R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 21.1.x antérieures à 21.1R2, 21.1R3-S2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 21.1.x antérieures à 21.1R2-S1, 21.1R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 19.3.x antérieures à 19.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 21.2.x antérieures à 21.2R2-S2, 21.2R3 | ||
| Juniper Networks | Junos OS | Junos OS versions 20.3.x antérieures à 20.3R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS versions 18.3.x antérieures à 18.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 20.1.x antérieures à 20.1R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1.x antérieures à 15.1R7-S10 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 20.2.x antérieures à 20.2R3-S5 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 21.3.x antérieures à 21.3R2-S1-EVO, 21.3R3-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 21.2.x antérieures à 21.2R1-S1-EVO, 21.2R3-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 21.4.x antérieures à 21.4R1-S1-EVO, 21.4R2-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 20.4R3-S3-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 21.1.x aantérieures à 21.1R3-S1-EVO | ||
| Juniper Networks | Junos Space | Junos Space versions antérieures à 22.1R1 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos Space Security Director Policy Enforcer versions ant\u00e9rieures \u00e0 22.1R1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Contrail Networking versions ant\u00e9rieures \u00e0 21.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Contr\u00f4leur Juniper Networks NorthStar versions ant\u00e9rieures \u00e0 5.1.0 Service Pack 6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Contr\u00f4leur Juniper Networks NorthStar versions 6.x ant\u00e9rieures \u00e0 6.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 19.3.x ant\u00e9rieures \u00e0 19.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S3, 21.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 19.3.x ant\u00e9rieures \u00e0 19.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 19.2.x ant\u00e9rieures \u00e0 19.2R1-S9, 19.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 21.1.x ant\u00e9rieures \u00e0 21.1R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 21.1.x ant\u00e9rieures \u00e0 21.1R3-S1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S2, 20.4R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 21.3.x ant\u00e9rieures \u00e0 21.3R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.3.x ant\u00e9rieures \u00e0 21.3R2-S1, 21.3R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 19.2.x ant\u00e9rieures \u00e0 19.2R1-S9, 19.2R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions ant\u00e9rieures \u00e0 19.2R1-S9, 19.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 21.3.x ant\u00e9rieures \u00e0 21.3R1-S2, 21.3R2, 21.3R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 21.4.x ant\u00e9rieures \u00e0 21.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 20.4.x ant\u00e9rieures \u00e0 20.4R2-S2, 20.4R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 19.4.x ant\u00e9rieures \u00e0 19.4R2-S6, 19.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 19.3.x ant\u00e9rieures \u00e0 19.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 18.4.x ant\u00e9rieures \u00e0 18.4R2-S10, 18.4R3-S9",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions ant\u00e9rieures \u00e0 19.1R3-S9",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S2, 21.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 21.4.x ant\u00e9rieures \u00e0 21.4R1-S1, 21.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions ant\u00e9rieures \u00e0 19.2R1-S9, 19.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions sup\u00e9rieures \u00e0 20.1R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S2, 20.4R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S1, 21.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 21.1.x ant\u00e9rieures \u00e0 21.1R2-S1, 21.1R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 21.2.x ant\u00e9rieures \u00e0 21.2R1-S1, 21.2R2, 21.2R3-S1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 19.3.x ant\u00e9rieures \u00e0 19.3R2-S7, 19.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 17.3.x ant\u00e9rieures \u00e0 17.3R3-S12",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 21.4.x ant\u00e9rieures \u00e0 21.4R1-S1, 21.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 19.4.x ant\u00e9rieures \u00e0 19.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.4.x ant\u00e9rieures \u00e0 21.4R1-S2, 21.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 19.1.x ant\u00e9rieures \u00e0 19.1R2-S3, 19.1R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1X49, 15.1X49-D100 et suivantes ant\u00e9rieures \u00e0 19.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 21.3.x ant\u00e9rieures \u00e0 21.3R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S21",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 21.3.x ant\u00e9rieures \u00e0 21.3R1-S2, 21.3R2, 21.3R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 19.2.x ant\u00e9rieures \u00e0 19.2R1-S8, 19.2R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 19.4.x ant\u00e9rieures \u00e0 19.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.1.x ant\u00e9rieures \u00e0 21.1R3-S1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 21.4.x ant\u00e9rieures \u00e0 21.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 22.1.x ant\u00e9rieures \u00e0 22.1R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 21.3.x ant\u00e9rieures \u00e0 21.3R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX toutes versions ant\u00e9rieures \u00e0 19.1R3-S9",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 19.4.x ant\u00e9rieures \u00e0 19.4R2-S5, 19.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 19.4.x ant\u00e9rieures \u00e0 19.4R2-S6, 19.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 21.1.x ant\u00e9rieures \u00e0 21.1R2, 21.1R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 21.1.x ant\u00e9rieures \u00e0 21.1R2-S1, 21.1R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 19.3.x ant\u00e9rieures \u00e0 19.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S2, 21.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 18.3.x ant\u00e9rieures \u00e0 18.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1.x ant\u00e9rieures \u00e0 15.1R7-S10",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.3.x ant\u00e9rieures \u00e0 21.3R2-S1-EVO, 21.3R3-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.2.x ant\u00e9rieures \u00e0 21.2R1-S1-EVO, 21.2R3-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.4.x ant\u00e9rieures \u00e0 21.4R1-S1-EVO, 21.4R2-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S3-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.1.x aant\u00e9rieures \u00e0 21.1R3-S1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 22.1R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-0876",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0876"
},
{
"name": "CVE-2003-0001",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0001"
},
{
"name": "CVE-2015-2716",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
},
{
"name": "CVE-2015-1283",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1283"
},
{
"name": "CVE-2013-7422",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7422"
},
{
"name": "CVE-2015-7705",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7705"
},
{
"name": "CVE-2015-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
},
{
"name": "CVE-2016-2516",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2516"
},
{
"name": "CVE-2016-4612",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4612"
},
{
"name": "CVE-2016-4610",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4610"
},
{
"name": "CVE-2016-4608",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4608"
},
{
"name": "CVE-2016-4609",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4609"
},
{
"name": "CVE-2016-4607",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4607"
},
{
"name": "CVE-2016-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2016-4738",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4738"
},
{
"name": "CVE-2016-5300",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5300"
},
{
"name": "CVE-2016-9063",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9063"
},
{
"name": "CVE-2016-8618",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8618"
},
{
"name": "CVE-2016-8622",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8622"
},
{
"name": "CVE-2016-8619",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8619"
},
{
"name": "CVE-2016-5180",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5180"
},
{
"name": "CVE-2016-9538",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9538"
},
{
"name": "CVE-2016-9539",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9539"
},
{
"name": "CVE-2017-0553",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0553"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2017-1000368",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000368"
},
{
"name": "CVE-2017-10989",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10989"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2017-15412",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15412"
},
{
"name": "CVE-2017-8817",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8817"
},
{
"name": "CVE-2015-8385",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8385"
},
{
"name": "CVE-2015-8388",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8388"
},
{
"name": "CVE-2015-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2327"
},
{
"name": "CVE-2017-16931",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
},
{
"name": "CVE-2015-8394",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8394"
},
{
"name": "CVE-2015-8387",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8387"
},
{
"name": "CVE-2015-8391",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
},
{
"name": "CVE-2015-8380",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8380"
},
{
"name": "CVE-2016-3191",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3191"
},
{
"name": "CVE-2015-8390",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8390"
},
{
"name": "CVE-2015-8386",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8386"
},
{
"name": "CVE-2015-2328",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2328"
},
{
"name": "CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"name": "CVE-2018-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9251"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2017-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2019-9518",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9518"
},
{
"name": "CVE-2018-14721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
},
{
"name": "CVE-2019-8457",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8457"
},
{
"name": "CVE-2019-1354",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1354"
},
{
"name": "CVE-2019-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1352"
},
{
"name": "CVE-2019-1387",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1387"
},
{
"name": "CVE-2019-1349",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1349"
},
{
"name": "CVE-2019-1350",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1350"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2020-2754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2754"
},
{
"name": "CVE-2020-2756",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2756"
},
{
"name": "CVE-2020-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2805"
},
{
"name": "CVE-2020-2830",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2830"
},
{
"name": "CVE-2020-2757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2757"
},
{
"name": "CVE-2020-2800",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2800"
},
{
"name": "CVE-2020-2803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2803"
},
{
"name": "CVE-2020-2755",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2755"
},
{
"name": "CVE-2020-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2781"
},
{
"name": "CVE-2020-2773",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2773"
},
{
"name": "CVE-2020-8616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8616"
},
{
"name": "CVE-2020-8617",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8617"
},
{
"name": "CVE-2019-17571",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17571"
},
{
"name": "CVE-2017-14867",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14867"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2020-14579",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14579"
},
{
"name": "CVE-2020-14577",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14577"
},
{
"name": "CVE-2020-14578",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14578"
},
{
"name": "CVE-2020-14621",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14621"
},
{
"name": "CVE-2020-14583",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14583"
},
{
"name": "CVE-2020-14593",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14593"
},
{
"name": "CVE-2020-14556",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14556"
},
{
"name": "CVE-2020-11656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11656"
},
{
"name": "CVE-2020-1968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1968"
},
{
"name": "CVE-2020-15999",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15999"
},
{
"name": "CVE-2020-1747",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1747"
},
{
"name": "CVE-2020-25696",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25696"
},
{
"name": "CVE-2020-13631",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13631"
},
{
"name": "CVE-2020-13435",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13435"
},
{
"name": "CVE-2020-13434",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13434"
},
{
"name": "CVE-2020-15358",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
},
{
"name": "CVE-2020-13630",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13630"
},
{
"name": "CVE-2020-25704",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25704"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2021-23839",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23839"
},
{
"name": "CVE-2021-23841",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23841"
},
{
"name": "CVE-2021-23840",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
},
{
"name": "CVE-2021-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
},
{
"name": "CVE-2019-25013",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25013"
},
{
"name": "CVE-2021-28950",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28950"
},
{
"name": "CVE-2020-36322",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36322"
},
{
"name": "CVE-2021-23017",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23017"
},
{
"name": "CVE-2020-36385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36385"
},
{
"name": "CVE-2020-10878",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10878"
},
{
"name": "CVE-2020-13632",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13632"
},
{
"name": "CVE-2020-11655",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11655"
},
{
"name": "CVE-2020-29573",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29573"
},
{
"name": "CVE-2020-10029",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10029"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2020-12049",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12049"
},
{
"name": "CVE-2020-14363",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14363"
},
{
"name": "CVE-2019-18276",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18276"
},
{
"name": "CVE-2021-3520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3520"
},
{
"name": "CVE-2019-9169",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9169"
},
{
"name": "CVE-2021-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3517"
},
{
"name": "CVE-2021-20271",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20271"
},
{
"name": "CVE-2020-27619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27619"
},
{
"name": "CVE-2020-8492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8492"
},
{
"name": "CVE-2021-20227",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20227"
},
{
"name": "CVE-2021-35603",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2021-35567",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35567"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2021-35550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
},
{
"name": "CVE-2021-35561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35561"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2021-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
},
{
"name": "CVE-2020-13871",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13871"
},
{
"name": "CVE-2020-25717",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25717"
},
{
"name": "CVE-2016-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2124"
},
{
"name": "CVE-2021-42739",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42739"
},
{
"name": "CVE-2019-9924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9924"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"name": "CVE-2022-21304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21304"
},
{
"name": "CVE-2022-21245",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21245"
},
{
"name": "CVE-2022-21344",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21344"
},
{
"name": "CVE-2022-21270",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21270"
},
{
"name": "CVE-2022-21367",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21367"
},
{
"name": "CVE-2022-21303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21303"
},
{
"name": "CVE-2020-9327",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9327"
},
{
"name": "CVE-2021-41617",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41617"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2014-6272",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6272"
},
{
"name": "CVE-2015-6525",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6525"
},
{
"name": "CVE-2018-14404",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14404"
},
{
"name": "CVE-2017-1000158",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000158"
},
{
"name": "CVE-2020-14343",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14343"
},
{
"name": "CVE-2018-1000654",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000654"
},
{
"name": "CVE-2014-9471",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9471"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2019-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
},
{
"name": "CVE-2017-12562",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12562"
},
{
"name": "CVE-2018-14567",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14567"
},
{
"name": "CVE-2022-22217",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22217"
},
{
"name": "CVE-2016-4484",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4484"
},
{
"name": "CVE-2015-4042",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4042"
},
{
"name": "CVE-2016-7943",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7943"
},
{
"name": "CVE-2016-6318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6318"
},
{
"name": "CVE-2017-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
},
{
"name": "CVE-2016-7942",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7942"
},
{
"name": "CVE-2017-9117",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9117"
},
{
"name": "CVE-2022-22203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22203"
},
{
"name": "CVE-2015-5228",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5228"
},
{
"name": "CVE-2021-42574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42574"
},
{
"name": "CVE-2022-22216",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22216"
},
{
"name": "CVE-2015-7805",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7805"
},
{
"name": "CVE-2017-8779",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8779"
},
{
"name": "CVE-2022-22206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22206"
},
{
"name": "CVE-2016-7947",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7947"
},
{
"name": "CVE-2016-7951",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7951"
},
{
"name": "CVE-2018-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8088"
},
{
"name": "CVE-2018-6954",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6954"
},
{
"name": "CVE-2014-9488",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9488"
},
{
"name": "CVE-2018-14720",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14720"
},
{
"name": "CVE-2017-15994",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15994"
},
{
"name": "CVE-2022-22209",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22209"
},
{
"name": "CVE-2015-8540",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8540"
},
{
"name": "CVE-2016-7950",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7950"
},
{
"name": "CVE-2017-14930",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14930"
},
{
"name": "CVE-2017-8105",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8105"
},
{
"name": "CVE-2016-7949",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7949"
},
{
"name": "CVE-2017-5225",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5225"
},
{
"name": "CVE-2016-1951",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1951"
},
{
"name": "CVE-2017-8871",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8871"
},
{
"name": "CVE-2018-19362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19362"
},
{
"name": "CVE-2022-22215",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22215"
},
{
"name": "CVE-2015-7036",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7036"
},
{
"name": "CVE-2016-2779",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2779"
},
{
"name": "CVE-2022-22213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22213"
},
{
"name": "CVE-2016-10195",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10195"
},
{
"name": "CVE-2014-5044",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-5044"
},
{
"name": "CVE-2016-7944",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7944"
},
{
"name": "CVE-2014-9114",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9114"
},
{
"name": "CVE-2014-9474",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9474"
},
{
"name": "CVE-2015-2059",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2059"
},
{
"name": "CVE-2022-22207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22207"
},
{
"name": "CVE-2022-22205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22205"
},
{
"name": "CVE-2022-22204",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22204"
},
{
"name": "CVE-2017-5929",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5929"
},
{
"name": "CVE-2018-19361",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19361"
},
{
"name": "CVE-2017-10685",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10685"
},
{
"name": "CVE-2021-33574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33574"
},
{
"name": "CVE-2015-8947",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8947"
},
{
"name": "CVE-2019-9893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9893"
},
{
"name": "CVE-2016-1238",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1238"
},
{
"name": "CVE-2016-7948",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7948"
},
{
"name": "CVE-2014-9746",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9746"
},
{
"name": "CVE-2018-14719",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
},
{
"name": "CVE-2016-2052",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2052"
},
{
"name": "CVE-2021-3487",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3487"
},
{
"name": "CVE-2022-22214",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22214"
},
{
"name": "CVE-2014-4043",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4043"
},
{
"name": "CVE-2022-22221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22221"
},
{
"name": "CVE-2022-22212",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22212"
},
{
"name": "CVE-2017-16548",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16548"
},
{
"name": "CVE-2021-36690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36690"
},
{
"name": "CVE-2014-9939",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9939"
},
{
"name": "CVE-2017-11164",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11164"
},
{
"name": "CVE-2015-3308",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3308"
},
{
"name": "CVE-2017-7614",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7614"
},
{
"name": "CVE-2022-22202",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22202"
},
{
"name": "CVE-2017-8421",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8421"
},
{
"name": "CVE-2017-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14062"
},
{
"name": "CVE-2018-14718",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
},
{
"name": "CVE-2022-22218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22218"
},
{
"name": "CVE-2017-10684",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10684"
},
{
"name": "CVE-2022-22210",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22210"
},
{
"name": "CVE-2017-13716",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13716"
},
{
"name": "CVE-2021-37750",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37750"
},
{
"name": "CVE-2015-5602",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5602"
},
{
"name": "CVE-2018-11307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
},
{
"name": "CVE-2018-19360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19360"
},
{
"name": "CVE-2017-17434",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17434"
},
{
"name": "CVE-2017-8287",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8287"
},
{
"name": "CVE-2017-8804",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8804"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-650",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69723 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-Space-Security-Director-Policy-Enforcer-upgraded-to-CentOS-7-9"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69722 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-22-2R1-release-CVE-2022-22218"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69713 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-RIB-and-PFEs-can-get-out-of-sync-due-to-a-memory-leak-caused-by-interface-flaps-or-route-churn-CVE-2022-22209"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69710 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-SRX-series-The-PFE-will-crash-when-specific-traffic-is-scanned-by-Enhanced-Web-Filtering-safe-search-CVE-2022-22206"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69717 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Denial-of-Service-DoS-vulnerability-in-RPD-upon-receipt-of-specific-BGP-update-CVE-2022-22213"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69707 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-EX4600-Series-and-QFX5000-Series-Receipt-of-specific-traffic-will-lead-to-an-fxpc-process-crash-followed-by-an-FPC-reboot-CVE-2022-22203"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69714 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-QFX5000-Series-and-MX-Series-An-l2alm-crash-leading-to-an-FPC-crash-can-be-observed-in-VxLAN-scenario-CVE-2022-22210"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69718 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-an-MPLS-scenario-upon-receipt-of-a-specific-IPv6-packet-an-FPC-will-crash-CVE-2022-22214"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69726 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Contrail-Networking-Multiple-vulnerabilities-resolved-in-Contrail-Networking-21-4"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69711 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-MX-Series-with-MPC11-In-a-GNF-node-slicing-scenario-gathering-AF-interface-statistics-can-lead-to-a-kernel-crash-CVE-2022-22207"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69715 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-OpenSSL-security-fixes"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69708 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-MX-Series-and-SRX-Series-When-receiving-a-specific-SIP-packets-stale-call-table-entries-are-created-which-eventually-leads-to-a-DoS-for-all-SIP-traffic-CVE-2022-22204"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69716 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-Evolved-A-high-rate-of-specific-hostbound-traffic-will-cause-unexpected-hostbound-traffic-delays-or-drops-CVE-2022-22212"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69719 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-var-run-pid-env-files-are-potentially-not-deleted-during-termination-of-a-gRPC-connection-causing-inode-exhaustion-CVE-2022-22215"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69703 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Northstar-Controller-nginx-component-allows-remote-attacker-to-cause-worker-process-crash-or-potentially-arbitrary-code-execution-CVE-2021-23017-2"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69721 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-QFX10k-Series-Denial-of-Service-DoS-upon-receipt-of-crafted-MLD-packets-on-multi-homing-ESI-in-VXLAN-CVE-2022-22217"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69720 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-PTX-Series-and-QFX10000-Series-Etherleak-memory-disclosure-in-Ethernet-padding-data-CVE-2022-22216"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69725 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-SRX-and-EX-Series-Local-privilege-escalation-flaw-in-download-functionality-CVE-2022-22221"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69705 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-vulnerabilities-in-SQLite-resolved"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69709 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-SRX-Series-An-FPC-memory-leak-can-occur-in-an-APBR-scenario-CVE-2022-22205"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69706 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-PTX-Series-FPCs-may-restart-unexpectedly-upon-receipt-of-specific-MPLS-packets-with-certain-multi-unit-interface-configurations-CVE-2022-22202"
}
]
}
CERTFR-2020-AVI-420
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Junos Space et Junos Space Security Director versions antérieures à 20.1R1 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 19.1R3-EVO,19.2R2-EVO, 19.3R1-EVO, 19.3R3-EVO, 19.4R2-EVO, 19.4R2-S2-EVO, 20.1R1-EVO, 20.1R2-EVO et 20.2R1-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 12.3R12-S15, 12.3X48-D100, 12.3X48-D95, 14.1X53-D140, 14.1X53-D54, 15.1R7-S6, 15.1R7-S7, 15.1X49-D200, 15.1X49-D210, 15.1X49-D230, 15.1X53-D593, 16.1R7-S7, 16.1R7-S8, 17.1R2-S11, 17.1R2-S12, 17.1R3-S2, 17.2R1-S9, 17.2R2-S8, 17.2R3-S3, 17.2R3-S4, 17.2X75-D105.19, 17.3R2-S5, 17.3R3-S6, 17.3R3-S7, 17.3R3-S8, 17.4R1-S3, 17.4R2, 17.4R2-S10, 17.4R2-S11, 17.4R2-S2, 17.4R2-S4, 17.4R2-S8, 17.4R2-S9, 17.4R3, 17.4R3-S1, 17.4R3-S2, 18.1R2, 18.1R3-S10, 18.1R3-S2, 18.1R3-S5, 18.1R3-S8, 18.1R3-S9, 18.2R1, 18.2R2, 18.2R2-S6, 18.2R2-S7, 18.2R3, 18.2R3-S3, 18.2R3-S4, 18.2R3-S5, 18.2X75-D10, 18.2X75-D13, 18.2X75-D32, 18.2X75-D33, 18.2X75-D34, 18.2X75-D40, 18.2X75-D41, 18.2X75-D411.1, 18.2X75-D420, 18.2X75-D420.18, 18.2X75-D430, 18.2X75-D50, 18.2X75-D52, 18.2X75-D52.3, 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60, 18.2X75-D60.2, 18.2X75-D65, 18.2X75-D65.1, 18.2X75-D70, 18.2X75-D70;(*1), 18.3R1-S2, 18.3R1-S7, 18.3R2, 18.3R2-S3, 18.3R2-S4, 18.3R3, 18.3R3-S1, 18.3R3-S2, 18.4R1, 18.4R1-S5, 18.4R1-S6, 18.4R1-S7, 18.4R2, 18.4R2-S4, 18.4R2-S5, 18.4R3, 18.4R3-S1, 18.4R3-S2, 18.4R3-S3(*2), 19.1R1-S4, 19.1R1-S5, 19.1R2, 19.1R2-S1, 19.1R2-S2, 19.1R3, 19.1R3-S2, 19.2R1, 19.2R1-S2, 19.2R1-S3, 19.2R1-S4, 19.2R1-S5, 19.2R2, 19.2R3, 19.3R2, 19.3R2-S2, 19.3R2-S3, 19.3R3, 19.4R1, 19.4R1-S1, 19.4R1-S2, 19.4R1-S3, 19.4R2, 19.4R3, 20.1R1, 20.1R1-S1, 20.1R1-S2, 20.1R2 et 20.2R1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos Space et Junos Space Security Director versions ant\u00e9rieures \u00e0 20.1R1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 19.1R3-EVO,19.2R2-EVO, 19.3R1-EVO, 19.3R3-EVO, 19.4R2-EVO, 19.4R2-S2-EVO, 20.1R1-EVO, 20.1R2-EVO et 20.2R1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S15, 12.3X48-D100, 12.3X48-D95, 14.1X53-D140, 14.1X53-D54, 15.1R7-S6, 15.1R7-S7, 15.1X49-D200, 15.1X49-D210, 15.1X49-D230, 15.1X53-D593, 16.1R7-S7, 16.1R7-S8, 17.1R2-S11, 17.1R2-S12, 17.1R3-S2, 17.2R1-S9, 17.2R2-S8, 17.2R3-S3, 17.2R3-S4, 17.2X75-D105.19, 17.3R2-S5, 17.3R3-S6, 17.3R3-S7, 17.3R3-S8, 17.4R1-S3, 17.4R2, 17.4R2-S10, 17.4R2-S11, 17.4R2-S2, 17.4R2-S4, 17.4R2-S8, 17.4R2-S9, 17.4R3, 17.4R3-S1, 17.4R3-S2, 18.1R2, 18.1R3-S10, 18.1R3-S2, 18.1R3-S5, 18.1R3-S8, 18.1R3-S9, 18.2R1, 18.2R2, 18.2R2-S6, 18.2R2-S7, 18.2R3, 18.2R3-S3, 18.2R3-S4, 18.2R3-S5, 18.2X75-D10, 18.2X75-D13, 18.2X75-D32, 18.2X75-D33, 18.2X75-D34, 18.2X75-D40, 18.2X75-D41, 18.2X75-D411.1, 18.2X75-D420, 18.2X75-D420.18, 18.2X75-D430, 18.2X75-D50, 18.2X75-D52, 18.2X75-D52.3, 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60, 18.2X75-D60.2, 18.2X75-D65, 18.2X75-D65.1, 18.2X75-D70, 18.2X75-D70;(*1), 18.3R1-S2, 18.3R1-S7, 18.3R2, 18.3R2-S3, 18.3R2-S4, 18.3R3, 18.3R3-S1, 18.3R3-S2, 18.4R1, 18.4R1-S5, 18.4R1-S6, 18.4R1-S7, 18.4R2, 18.4R2-S4, 18.4R2-S5, 18.4R3, 18.4R3-S1, 18.4R3-S2, 18.4R3-S3(*2), 19.1R1-S4, 19.1R1-S5, 19.1R2, 19.1R2-S1, 19.1R2-S2, 19.1R3, 19.1R3-S2, 19.2R1, 19.2R1-S2, 19.2R1-S3, 19.2R1-S4, 19.2R1-S5, 19.2R2, 19.2R3, 19.3R2, 19.3R2-S2, 19.3R2-S3, 19.3R3, 19.4R1, 19.4R1-S1, 19.4R1-S2, 19.4R1-S3, 19.4R2, 19.4R3, 20.1R1, 20.1R1-S1, 20.1R1-S2, 20.1R2 et 20.2R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-1167",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1167"
},
{
"name": "CVE-2016-2324",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2324"
},
{
"name": "CVE-2013-1960",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1960"
},
{
"name": "CVE-2012-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4447"
},
{
"name": "CVE-2016-3991",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3991"
},
{
"name": "CVE-2016-1838",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1838"
},
{
"name": "CVE-2014-7826",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7826"
},
{
"name": "CVE-2020-1648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1648"
},
{
"name": "CVE-2016-3621",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3621"
},
{
"name": "CVE-2011-0192",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0192"
},
{
"name": "CVE-2016-1000341",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000341"
},
{
"name": "CVE-2016-6662",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6662"
},
{
"name": "CVE-2019-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0169"
},
{
"name": "CVE-2019-11097",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11097"
},
{
"name": "CVE-2009-2347",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2347"
},
{
"name": "CVE-2014-3634",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3634"
},
{
"name": "CVE-2016-1000343",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000343"
},
{
"name": "CVE-2015-1782",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1782"
},
{
"name": "CVE-2017-13098",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13098"
},
{
"name": "CVE-2019-11132",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11132"
},
{
"name": "CVE-2014-7825",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7825"
},
{
"name": "CVE-2016-6136",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6136"
},
{
"name": "CVE-2020-1646",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1646"
},
{
"name": "CVE-2019-11086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11086"
},
{
"name": "CVE-2017-7895",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7895"
},
{
"name": "CVE-2012-1173",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1173"
},
{
"name": "CVE-2012-2088",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2088"
},
{
"name": "CVE-2014-9938",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9938"
},
{
"name": "CVE-2015-1158",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1158"
},
{
"name": "CVE-2020-1651",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1651"
},
{
"name": "CVE-2010-2067",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2067"
},
{
"name": "CVE-2019-11106",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11106"
},
{
"name": "CVE-2016-1000346",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000346"
},
{
"name": "CVE-2016-3945",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3945"
},
{
"name": "CVE-2016-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
},
{
"name": "CVE-2016-4448",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
},
{
"name": "CVE-2020-1645",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1645"
},
{
"name": "CVE-2016-1000345",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000345"
},
{
"name": "CVE-2020-1640",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1640"
},
{
"name": "CVE-2013-4244",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4244"
},
{
"name": "CVE-2016-3705",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3705"
},
{
"name": "CVE-2020-1643",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1643"
},
{
"name": "CVE-2018-16881",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16881"
},
{
"name": "CVE-2015-7940",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7940"
},
{
"name": "CVE-2017-1000117",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000117"
},
{
"name": "CVE-2012-5581",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5581"
},
{
"name": "CVE-2016-1000338",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000338"
},
{
"name": "CVE-2014-3690",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3690"
},
{
"name": "CVE-2018-1000613",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000613"
},
{
"name": "CVE-2017-12588",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12588"
},
{
"name": "CVE-2016-0787",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0787"
},
{
"name": "CVE-2016-1834",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1834"
},
{
"name": "CVE-2016-9555",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9555"
},
{
"name": "CVE-2013-1624",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1624"
},
{
"name": "CVE-2016-3990",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3990"
},
{
"name": "CVE-2019-0168",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0168"
},
{
"name": "CVE-2018-1000021",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000021"
},
{
"name": "CVE-2019-11103",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11103"
},
{
"name": "CVE-2014-9679",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9679"
},
{
"name": "CVE-2020-1647",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1647"
},
{
"name": "CVE-2019-11107",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11107"
},
{
"name": "CVE-2020-1652",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1652"
},
{
"name": "CVE-2017-14867",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14867"
},
{
"name": "CVE-2009-5022",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5022"
},
{
"name": "CVE-2016-1835",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1835"
},
{
"name": "CVE-2019-3856",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3856"
},
{
"name": "CVE-2020-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1650"
},
{
"name": "CVE-2016-1000342",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000342"
},
{
"name": "CVE-2019-3863",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3863"
},
{
"name": "CVE-2016-1836",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
},
{
"name": "CVE-2019-11110",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11110"
},
{
"name": "CVE-2013-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0169"
},
{
"name": "CVE-2016-1000339",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000339"
},
{
"name": "CVE-2008-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2327"
},
{
"name": "CVE-2017-9935",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9935"
},
{
"name": "CVE-2018-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
},
{
"name": "CVE-2018-5382",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5382"
},
{
"name": "CVE-2014-9584",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9584"
},
{
"name": "CVE-2019-11102",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11102"
},
{
"name": "CVE-2019-3862",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3862"
},
{
"name": "CVE-2019-11088",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11088"
},
{
"name": "CVE-2019-11105",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11105"
},
{
"name": "CVE-2016-5616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5616"
},
{
"name": "CVE-2015-1421",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1421"
},
{
"name": "CVE-2014-9529",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9529"
},
{
"name": "CVE-2020-1654",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1654"
},
{
"name": "CVE-2013-1961",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1961"
},
{
"name": "CVE-2015-7082",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7082"
},
{
"name": "CVE-2006-2193",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-2193"
},
{
"name": "CVE-2014-8171",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8171"
},
{
"name": "CVE-2006-2656",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-2656"
},
{
"name": "CVE-2019-11101",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11101"
},
{
"name": "CVE-2016-1833",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1833"
},
{
"name": "CVE-2018-11233",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11233"
},
{
"name": "CVE-2013-4232",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4232"
},
{
"name": "CVE-2013-4243",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4243"
},
{
"name": "CVE-2016-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
},
{
"name": "CVE-2011-3200",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3200"
},
{
"name": "CVE-2016-1840",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1840"
},
{
"name": "CVE-2017-15298",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15298"
},
{
"name": "CVE-2014-8884",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8884"
},
{
"name": "CVE-2015-1159",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1159"
},
{
"name": "CVE-2016-1762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
},
{
"name": "CVE-2019-11131",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11131"
},
{
"name": "CVE-2020-1641",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1641"
},
{
"name": "CVE-2019-11090",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11090"
},
{
"name": "CVE-2013-4758",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4758"
},
{
"name": "CVE-2016-1837",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1837"
},
{
"name": "CVE-2019-0131",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0131"
},
{
"name": "CVE-2019-11109",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11109"
},
{
"name": "CVE-2016-5314",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5314"
},
{
"name": "CVE-2016-1839",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1839"
},
{
"name": "CVE-2016-1000352",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000352"
},
{
"name": "CVE-2010-2065",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2065"
},
{
"name": "CVE-2019-0166",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0166"
},
{
"name": "CVE-2010-1411",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1411"
},
{
"name": "CVE-2016-3632",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3632"
},
{
"name": "CVE-2019-3855",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3855"
},
{
"name": "CVE-2015-7547",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7547"
},
{
"name": "CVE-2020-1649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1649"
},
{
"name": "CVE-2019-3857",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3857"
},
{
"name": "CVE-2012-4564",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4564"
},
{
"name": "CVE-2012-2113",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2113"
},
{
"name": "CVE-2019-11104",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11104"
},
{
"name": "CVE-2019-11087",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11087"
},
{
"name": "CVE-2016-1000344",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000344"
},
{
"name": "CVE-2019-11108",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11108"
},
{
"name": "CVE-2014-3215",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3215"
},
{
"name": "CVE-2018-11235",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11235"
},
{
"name": "CVE-2016-6663",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6663"
},
{
"name": "CVE-2018-19486",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19486"
},
{
"name": "CVE-2015-7545",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7545"
},
{
"name": "CVE-2016-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
},
{
"name": "CVE-2019-1551",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1551"
},
{
"name": "CVE-2019-11100",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11100"
},
{
"name": "CVE-2018-5360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5360"
},
{
"name": "CVE-2018-1000180",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000180"
},
{
"name": "CVE-2019-0165",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0165"
},
{
"name": "CVE-2020-1644",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1644"
},
{
"name": "CVE-2019-11147",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11147"
},
{
"name": "CVE-2012-3401",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3401"
},
{
"name": "CVE-2019-0211",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0211"
},
{
"name": "CVE-2014-3683",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3683"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-420",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-07-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11038 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11038\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11024 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11024\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11026 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11026\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11027 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11027\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11035 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11035\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11023 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11023\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11025 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11025\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11034 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11034\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11033 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11033\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11032 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11032\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11036 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11036\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11031 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11031\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11030 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11030\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11037 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11037\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11028 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11028\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CERTFR-2022-AVI-650
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | Junos Space Security Director Policy Enforcer versions antérieures à 22.1R1 | ||
| Juniper Networks | N/A | Juniper Networks Contrail Networking versions antérieures à 21.4.0 | ||
| Juniper Networks | N/A | Contrôleur Juniper Networks NorthStar versions antérieures à 5.1.0 Service Pack 6 | ||
| Juniper Networks | N/A | Contrôleur Juniper Networks NorthStar versions 6.x antérieures à 6.2.2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 20.4.x antérieures à 20.4R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 20.1.x antérieures à 20.1R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 20.2.x antérieures à 20.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS versions 20.2.x antérieures à 20.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 20.2.x antérieures à 20.2R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 19.3.x antérieures à 19.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 20.3.x antérieures à 20.3R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 21.2.x antérieures à 21.2R2-S3, 21.2R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 19.3.x antérieures à 19.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 19.2.x antérieures à 19.2R1-S9, 19.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 21.1.x antérieures à 21.1R3-S2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 20.2.x antérieures à 20.2R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 21.1.x antérieures à 21.1R3-S1 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 20.4.x antérieures à 20.4R3-S2, 20.4R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 21.3.x antérieures à 21.3R2 | ||
| Juniper Networks | Junos OS | Junos OS versions 21.3.x antérieures à 21.3R2-S1, 21.3R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 20.4.x antérieures à 20.4R3-S2 | ||
| Juniper Networks | Junos OS | Junos OS versions 19.2.x antérieures à 19.2R1-S9, 19.2R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions antérieures à 19.2R1-S9, 19.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 21.3.x antérieures à 21.3R1-S2, 21.3R2, 21.3R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 21.2.x antérieures à 21.2R2-S2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 20.3.x antérieures à 20.3R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS versions 20.1.x antérieures à 20.1R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 21.4.x antérieures à 21.4R2 | ||
| Juniper Networks | Junos OS | Junos OS versions 20.4.x antérieures à 20.4R2-S2, 20.4R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS versions 19.4.x antérieures à 19.4R2-S6, 19.4R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 19.3.x antérieures à 19.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS versions 18.4.x antérieures à 18.4R2-S10, 18.4R3-S9 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions antérieures à 19.1R3-S9 | ||
| Juniper Networks | Junos OS | Junos OS versions 21.2.x antérieures à 21.2R2-S2, 21.2R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 21.4.x antérieures à 21.4R1-S1, 21.4R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 20.3.x antérieures à 20.3R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions antérieures à 19.2R1-S9, 19.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions supérieures à 20.1R1 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 20.4.x antérieures à 20.4R3-S2, 20.4R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 21.2.x antérieures à 21.2R2-S1, 21.2R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 20.3.x antérieures à 20.3R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 21.1.x antérieures à 21.1R2-S1, 21.1R3-S2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 21.2.x antérieures à 21.2R1-S1, 21.2R2, 21.2R3-S1 | ||
| Juniper Networks | Junos OS | Junos OS versions 19.3.x antérieures à 19.3R2-S7, 19.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS versions 17.3.x antérieures à 17.3R3-S12 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 21.4.x antérieures à 21.4R1-S1, 21.4R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 19.4.x antérieures à 19.4R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS versions 21.4.x antérieures à 21.4R1-S2, 21.4R2 | ||
| Juniper Networks | Junos OS | Junos OS versions 19.1.x antérieures à 19.1R2-S3, 19.1R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1X49, 15.1X49-D100 et suivantes antérieures à 19.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 20.1.x antérieures à 20.1R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 21.3.x antérieures à 21.3R3 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 12.3R12-S21 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 21.3.x antérieures à 21.3R1-S2, 21.3R2, 21.3R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 19.2.x antérieures à 19.2R1-S8, 19.2R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 19.4.x antérieures à 19.4R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 20.1.x antérieures à 20.1R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 20.3.x antérieures à 20.3R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS versions 21.1.x antérieures à 21.1R3-S1 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 20.4.x antérieures à 20.4R3-S2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 21.4.x antérieures à 21.4R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 22.1.x antérieures à 22.1R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 21.3.x antérieures à 21.3R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX toutes versions antérieures à 19.1R3-S9 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 19.4.x antérieures à 19.4R2-S5, 19.4R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 19.4.x antérieures à 19.4R2-S6, 19.4R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 20.2.x antérieures à 20.2R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 21.1.x antérieures à 21.1R2, 21.1R3-S2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 21.1.x antérieures à 21.1R2-S1, 21.1R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 19.3.x antérieures à 19.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 21.2.x antérieures à 21.2R2-S2, 21.2R3 | ||
| Juniper Networks | Junos OS | Junos OS versions 20.3.x antérieures à 20.3R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS versions 18.3.x antérieures à 18.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 20.1.x antérieures à 20.1R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1.x antérieures à 15.1R7-S10 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 20.2.x antérieures à 20.2R3-S5 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 21.3.x antérieures à 21.3R2-S1-EVO, 21.3R3-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 21.2.x antérieures à 21.2R1-S1-EVO, 21.2R3-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 21.4.x antérieures à 21.4R1-S1-EVO, 21.4R2-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 20.4R3-S3-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 21.1.x aantérieures à 21.1R3-S1-EVO | ||
| Juniper Networks | Junos Space | Junos Space versions antérieures à 22.1R1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos Space Security Director Policy Enforcer versions ant\u00e9rieures \u00e0 22.1R1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Contrail Networking versions ant\u00e9rieures \u00e0 21.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Contr\u00f4leur Juniper Networks NorthStar versions ant\u00e9rieures \u00e0 5.1.0 Service Pack 6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Contr\u00f4leur Juniper Networks NorthStar versions 6.x ant\u00e9rieures \u00e0 6.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 19.3.x ant\u00e9rieures \u00e0 19.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S3, 21.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 19.3.x ant\u00e9rieures \u00e0 19.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 19.2.x ant\u00e9rieures \u00e0 19.2R1-S9, 19.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 21.1.x ant\u00e9rieures \u00e0 21.1R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 21.1.x ant\u00e9rieures \u00e0 21.1R3-S1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S2, 20.4R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 21.3.x ant\u00e9rieures \u00e0 21.3R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.3.x ant\u00e9rieures \u00e0 21.3R2-S1, 21.3R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 19.2.x ant\u00e9rieures \u00e0 19.2R1-S9, 19.2R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions ant\u00e9rieures \u00e0 19.2R1-S9, 19.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 21.3.x ant\u00e9rieures \u00e0 21.3R1-S2, 21.3R2, 21.3R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 21.4.x ant\u00e9rieures \u00e0 21.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 20.4.x ant\u00e9rieures \u00e0 20.4R2-S2, 20.4R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 19.4.x ant\u00e9rieures \u00e0 19.4R2-S6, 19.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 19.3.x ant\u00e9rieures \u00e0 19.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 18.4.x ant\u00e9rieures \u00e0 18.4R2-S10, 18.4R3-S9",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions ant\u00e9rieures \u00e0 19.1R3-S9",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S2, 21.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 21.4.x ant\u00e9rieures \u00e0 21.4R1-S1, 21.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions ant\u00e9rieures \u00e0 19.2R1-S9, 19.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions sup\u00e9rieures \u00e0 20.1R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S2, 20.4R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S1, 21.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 21.1.x ant\u00e9rieures \u00e0 21.1R2-S1, 21.1R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 21.2.x ant\u00e9rieures \u00e0 21.2R1-S1, 21.2R2, 21.2R3-S1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 19.3.x ant\u00e9rieures \u00e0 19.3R2-S7, 19.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 17.3.x ant\u00e9rieures \u00e0 17.3R3-S12",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 21.4.x ant\u00e9rieures \u00e0 21.4R1-S1, 21.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 19.4.x ant\u00e9rieures \u00e0 19.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.4.x ant\u00e9rieures \u00e0 21.4R1-S2, 21.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 19.1.x ant\u00e9rieures \u00e0 19.1R2-S3, 19.1R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1X49, 15.1X49-D100 et suivantes ant\u00e9rieures \u00e0 19.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 21.3.x ant\u00e9rieures \u00e0 21.3R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S21",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 21.3.x ant\u00e9rieures \u00e0 21.3R1-S2, 21.3R2, 21.3R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 19.2.x ant\u00e9rieures \u00e0 19.2R1-S8, 19.2R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 19.4.x ant\u00e9rieures \u00e0 19.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.1.x ant\u00e9rieures \u00e0 21.1R3-S1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 21.4.x ant\u00e9rieures \u00e0 21.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 22.1.x ant\u00e9rieures \u00e0 22.1R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 21.3.x ant\u00e9rieures \u00e0 21.3R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX toutes versions ant\u00e9rieures \u00e0 19.1R3-S9",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 19.4.x ant\u00e9rieures \u00e0 19.4R2-S5, 19.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 19.4.x ant\u00e9rieures \u00e0 19.4R2-S6, 19.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 21.1.x ant\u00e9rieures \u00e0 21.1R2, 21.1R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 21.1.x ant\u00e9rieures \u00e0 21.1R2-S1, 21.1R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 19.3.x ant\u00e9rieures \u00e0 19.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S2, 21.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 18.3.x ant\u00e9rieures \u00e0 18.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1.x ant\u00e9rieures \u00e0 15.1R7-S10",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.3.x ant\u00e9rieures \u00e0 21.3R2-S1-EVO, 21.3R3-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.2.x ant\u00e9rieures \u00e0 21.2R1-S1-EVO, 21.2R3-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.4.x ant\u00e9rieures \u00e0 21.4R1-S1-EVO, 21.4R2-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S3-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.1.x aant\u00e9rieures \u00e0 21.1R3-S1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 22.1R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-0876",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0876"
},
{
"name": "CVE-2003-0001",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0001"
},
{
"name": "CVE-2015-2716",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
},
{
"name": "CVE-2015-1283",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1283"
},
{
"name": "CVE-2013-7422",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7422"
},
{
"name": "CVE-2015-7705",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7705"
},
{
"name": "CVE-2015-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
},
{
"name": "CVE-2016-2516",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2516"
},
{
"name": "CVE-2016-4612",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4612"
},
{
"name": "CVE-2016-4610",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4610"
},
{
"name": "CVE-2016-4608",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4608"
},
{
"name": "CVE-2016-4609",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4609"
},
{
"name": "CVE-2016-4607",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4607"
},
{
"name": "CVE-2016-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2016-4738",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4738"
},
{
"name": "CVE-2016-5300",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5300"
},
{
"name": "CVE-2016-9063",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9063"
},
{
"name": "CVE-2016-8618",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8618"
},
{
"name": "CVE-2016-8622",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8622"
},
{
"name": "CVE-2016-8619",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8619"
},
{
"name": "CVE-2016-5180",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5180"
},
{
"name": "CVE-2016-9538",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9538"
},
{
"name": "CVE-2016-9539",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9539"
},
{
"name": "CVE-2017-0553",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0553"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2017-1000368",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000368"
},
{
"name": "CVE-2017-10989",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10989"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2017-15412",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15412"
},
{
"name": "CVE-2017-8817",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8817"
},
{
"name": "CVE-2015-8385",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8385"
},
{
"name": "CVE-2015-8388",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8388"
},
{
"name": "CVE-2015-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2327"
},
{
"name": "CVE-2017-16931",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
},
{
"name": "CVE-2015-8394",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8394"
},
{
"name": "CVE-2015-8387",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8387"
},
{
"name": "CVE-2015-8391",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
},
{
"name": "CVE-2015-8380",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8380"
},
{
"name": "CVE-2016-3191",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3191"
},
{
"name": "CVE-2015-8390",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8390"
},
{
"name": "CVE-2015-8386",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8386"
},
{
"name": "CVE-2015-2328",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2328"
},
{
"name": "CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"name": "CVE-2018-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9251"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2017-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2019-9518",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9518"
},
{
"name": "CVE-2018-14721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
},
{
"name": "CVE-2019-8457",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8457"
},
{
"name": "CVE-2019-1354",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1354"
},
{
"name": "CVE-2019-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1352"
},
{
"name": "CVE-2019-1387",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1387"
},
{
"name": "CVE-2019-1349",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1349"
},
{
"name": "CVE-2019-1350",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1350"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2020-2754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2754"
},
{
"name": "CVE-2020-2756",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2756"
},
{
"name": "CVE-2020-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2805"
},
{
"name": "CVE-2020-2830",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2830"
},
{
"name": "CVE-2020-2757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2757"
},
{
"name": "CVE-2020-2800",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2800"
},
{
"name": "CVE-2020-2803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2803"
},
{
"name": "CVE-2020-2755",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2755"
},
{
"name": "CVE-2020-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2781"
},
{
"name": "CVE-2020-2773",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2773"
},
{
"name": "CVE-2020-8616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8616"
},
{
"name": "CVE-2020-8617",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8617"
},
{
"name": "CVE-2019-17571",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17571"
},
{
"name": "CVE-2017-14867",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14867"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2020-14579",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14579"
},
{
"name": "CVE-2020-14577",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14577"
},
{
"name": "CVE-2020-14578",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14578"
},
{
"name": "CVE-2020-14621",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14621"
},
{
"name": "CVE-2020-14583",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14583"
},
{
"name": "CVE-2020-14593",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14593"
},
{
"name": "CVE-2020-14556",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14556"
},
{
"name": "CVE-2020-11656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11656"
},
{
"name": "CVE-2020-1968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1968"
},
{
"name": "CVE-2020-15999",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15999"
},
{
"name": "CVE-2020-1747",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1747"
},
{
"name": "CVE-2020-25696",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25696"
},
{
"name": "CVE-2020-13631",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13631"
},
{
"name": "CVE-2020-13435",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13435"
},
{
"name": "CVE-2020-13434",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13434"
},
{
"name": "CVE-2020-15358",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
},
{
"name": "CVE-2020-13630",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13630"
},
{
"name": "CVE-2020-25704",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25704"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2021-23839",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23839"
},
{
"name": "CVE-2021-23841",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23841"
},
{
"name": "CVE-2021-23840",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
},
{
"name": "CVE-2021-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
},
{
"name": "CVE-2019-25013",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25013"
},
{
"name": "CVE-2021-28950",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28950"
},
{
"name": "CVE-2020-36322",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36322"
},
{
"name": "CVE-2021-23017",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23017"
},
{
"name": "CVE-2020-36385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36385"
},
{
"name": "CVE-2020-10878",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10878"
},
{
"name": "CVE-2020-13632",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13632"
},
{
"name": "CVE-2020-11655",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11655"
},
{
"name": "CVE-2020-29573",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29573"
},
{
"name": "CVE-2020-10029",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10029"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2020-12049",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12049"
},
{
"name": "CVE-2020-14363",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14363"
},
{
"name": "CVE-2019-18276",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18276"
},
{
"name": "CVE-2021-3520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3520"
},
{
"name": "CVE-2019-9169",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9169"
},
{
"name": "CVE-2021-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3517"
},
{
"name": "CVE-2021-20271",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20271"
},
{
"name": "CVE-2020-27619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27619"
},
{
"name": "CVE-2020-8492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8492"
},
{
"name": "CVE-2021-20227",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20227"
},
{
"name": "CVE-2021-35603",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2021-35567",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35567"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2021-35550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
},
{
"name": "CVE-2021-35561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35561"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2021-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
},
{
"name": "CVE-2020-13871",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13871"
},
{
"name": "CVE-2020-25717",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25717"
},
{
"name": "CVE-2016-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2124"
},
{
"name": "CVE-2021-42739",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42739"
},
{
"name": "CVE-2019-9924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9924"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"name": "CVE-2022-21304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21304"
},
{
"name": "CVE-2022-21245",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21245"
},
{
"name": "CVE-2022-21344",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21344"
},
{
"name": "CVE-2022-21270",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21270"
},
{
"name": "CVE-2022-21367",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21367"
},
{
"name": "CVE-2022-21303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21303"
},
{
"name": "CVE-2020-9327",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9327"
},
{
"name": "CVE-2021-41617",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41617"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2014-6272",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6272"
},
{
"name": "CVE-2015-6525",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6525"
},
{
"name": "CVE-2018-14404",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14404"
},
{
"name": "CVE-2017-1000158",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000158"
},
{
"name": "CVE-2020-14343",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14343"
},
{
"name": "CVE-2018-1000654",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000654"
},
{
"name": "CVE-2014-9471",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9471"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2019-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
},
{
"name": "CVE-2017-12562",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12562"
},
{
"name": "CVE-2018-14567",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14567"
},
{
"name": "CVE-2022-22217",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22217"
},
{
"name": "CVE-2016-4484",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4484"
},
{
"name": "CVE-2015-4042",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4042"
},
{
"name": "CVE-2016-7943",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7943"
},
{
"name": "CVE-2016-6318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6318"
},
{
"name": "CVE-2017-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
},
{
"name": "CVE-2016-7942",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7942"
},
{
"name": "CVE-2017-9117",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9117"
},
{
"name": "CVE-2022-22203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22203"
},
{
"name": "CVE-2015-5228",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5228"
},
{
"name": "CVE-2021-42574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42574"
},
{
"name": "CVE-2022-22216",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22216"
},
{
"name": "CVE-2015-7805",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7805"
},
{
"name": "CVE-2017-8779",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8779"
},
{
"name": "CVE-2022-22206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22206"
},
{
"name": "CVE-2016-7947",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7947"
},
{
"name": "CVE-2016-7951",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7951"
},
{
"name": "CVE-2018-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8088"
},
{
"name": "CVE-2018-6954",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6954"
},
{
"name": "CVE-2014-9488",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9488"
},
{
"name": "CVE-2018-14720",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14720"
},
{
"name": "CVE-2017-15994",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15994"
},
{
"name": "CVE-2022-22209",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22209"
},
{
"name": "CVE-2015-8540",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8540"
},
{
"name": "CVE-2016-7950",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7950"
},
{
"name": "CVE-2017-14930",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14930"
},
{
"name": "CVE-2017-8105",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8105"
},
{
"name": "CVE-2016-7949",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7949"
},
{
"name": "CVE-2017-5225",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5225"
},
{
"name": "CVE-2016-1951",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1951"
},
{
"name": "CVE-2017-8871",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8871"
},
{
"name": "CVE-2018-19362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19362"
},
{
"name": "CVE-2022-22215",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22215"
},
{
"name": "CVE-2015-7036",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7036"
},
{
"name": "CVE-2016-2779",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2779"
},
{
"name": "CVE-2022-22213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22213"
},
{
"name": "CVE-2016-10195",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10195"
},
{
"name": "CVE-2014-5044",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-5044"
},
{
"name": "CVE-2016-7944",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7944"
},
{
"name": "CVE-2014-9114",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9114"
},
{
"name": "CVE-2014-9474",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9474"
},
{
"name": "CVE-2015-2059",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2059"
},
{
"name": "CVE-2022-22207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22207"
},
{
"name": "CVE-2022-22205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22205"
},
{
"name": "CVE-2022-22204",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22204"
},
{
"name": "CVE-2017-5929",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5929"
},
{
"name": "CVE-2018-19361",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19361"
},
{
"name": "CVE-2017-10685",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10685"
},
{
"name": "CVE-2021-33574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33574"
},
{
"name": "CVE-2015-8947",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8947"
},
{
"name": "CVE-2019-9893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9893"
},
{
"name": "CVE-2016-1238",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1238"
},
{
"name": "CVE-2016-7948",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7948"
},
{
"name": "CVE-2014-9746",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9746"
},
{
"name": "CVE-2018-14719",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
},
{
"name": "CVE-2016-2052",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2052"
},
{
"name": "CVE-2021-3487",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3487"
},
{
"name": "CVE-2022-22214",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22214"
},
{
"name": "CVE-2014-4043",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4043"
},
{
"name": "CVE-2022-22221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22221"
},
{
"name": "CVE-2022-22212",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22212"
},
{
"name": "CVE-2017-16548",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16548"
},
{
"name": "CVE-2021-36690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36690"
},
{
"name": "CVE-2014-9939",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9939"
},
{
"name": "CVE-2017-11164",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11164"
},
{
"name": "CVE-2015-3308",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3308"
},
{
"name": "CVE-2017-7614",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7614"
},
{
"name": "CVE-2022-22202",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22202"
},
{
"name": "CVE-2017-8421",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8421"
},
{
"name": "CVE-2017-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14062"
},
{
"name": "CVE-2018-14718",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
},
{
"name": "CVE-2022-22218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22218"
},
{
"name": "CVE-2017-10684",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10684"
},
{
"name": "CVE-2022-22210",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22210"
},
{
"name": "CVE-2017-13716",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13716"
},
{
"name": "CVE-2021-37750",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37750"
},
{
"name": "CVE-2015-5602",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5602"
},
{
"name": "CVE-2018-11307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
},
{
"name": "CVE-2018-19360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19360"
},
{
"name": "CVE-2017-17434",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17434"
},
{
"name": "CVE-2017-8287",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8287"
},
{
"name": "CVE-2017-8804",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8804"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-650",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69723 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-Space-Security-Director-Policy-Enforcer-upgraded-to-CentOS-7-9"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69722 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-22-2R1-release-CVE-2022-22218"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69713 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-RIB-and-PFEs-can-get-out-of-sync-due-to-a-memory-leak-caused-by-interface-flaps-or-route-churn-CVE-2022-22209"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69710 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-SRX-series-The-PFE-will-crash-when-specific-traffic-is-scanned-by-Enhanced-Web-Filtering-safe-search-CVE-2022-22206"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69717 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Denial-of-Service-DoS-vulnerability-in-RPD-upon-receipt-of-specific-BGP-update-CVE-2022-22213"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69707 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-EX4600-Series-and-QFX5000-Series-Receipt-of-specific-traffic-will-lead-to-an-fxpc-process-crash-followed-by-an-FPC-reboot-CVE-2022-22203"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69714 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-QFX5000-Series-and-MX-Series-An-l2alm-crash-leading-to-an-FPC-crash-can-be-observed-in-VxLAN-scenario-CVE-2022-22210"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69718 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-an-MPLS-scenario-upon-receipt-of-a-specific-IPv6-packet-an-FPC-will-crash-CVE-2022-22214"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69726 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Contrail-Networking-Multiple-vulnerabilities-resolved-in-Contrail-Networking-21-4"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69711 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-MX-Series-with-MPC11-In-a-GNF-node-slicing-scenario-gathering-AF-interface-statistics-can-lead-to-a-kernel-crash-CVE-2022-22207"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69715 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-OpenSSL-security-fixes"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69708 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-MX-Series-and-SRX-Series-When-receiving-a-specific-SIP-packets-stale-call-table-entries-are-created-which-eventually-leads-to-a-DoS-for-all-SIP-traffic-CVE-2022-22204"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69716 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-Evolved-A-high-rate-of-specific-hostbound-traffic-will-cause-unexpected-hostbound-traffic-delays-or-drops-CVE-2022-22212"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69719 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-var-run-pid-env-files-are-potentially-not-deleted-during-termination-of-a-gRPC-connection-causing-inode-exhaustion-CVE-2022-22215"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69703 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Northstar-Controller-nginx-component-allows-remote-attacker-to-cause-worker-process-crash-or-potentially-arbitrary-code-execution-CVE-2021-23017-2"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69721 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-QFX10k-Series-Denial-of-Service-DoS-upon-receipt-of-crafted-MLD-packets-on-multi-homing-ESI-in-VXLAN-CVE-2022-22217"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69720 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-PTX-Series-and-QFX10000-Series-Etherleak-memory-disclosure-in-Ethernet-padding-data-CVE-2022-22216"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69725 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-SRX-and-EX-Series-Local-privilege-escalation-flaw-in-download-functionality-CVE-2022-22221"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69705 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-vulnerabilities-in-SQLite-resolved"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69709 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-SRX-Series-An-FPC-memory-leak-can-occur-in-an-APBR-scenario-CVE-2022-22205"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69706 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-PTX-Series-FPCs-may-restart-unexpectedly-upon-receipt-of-specific-MPLS-packets-with-certain-multi-unit-interface-configurations-CVE-2022-22202"
}
]
}
CERTFR-2020-AVI-420
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Junos Space et Junos Space Security Director versions antérieures à 20.1R1 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 19.1R3-EVO,19.2R2-EVO, 19.3R1-EVO, 19.3R3-EVO, 19.4R2-EVO, 19.4R2-S2-EVO, 20.1R1-EVO, 20.1R2-EVO et 20.2R1-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 12.3R12-S15, 12.3X48-D100, 12.3X48-D95, 14.1X53-D140, 14.1X53-D54, 15.1R7-S6, 15.1R7-S7, 15.1X49-D200, 15.1X49-D210, 15.1X49-D230, 15.1X53-D593, 16.1R7-S7, 16.1R7-S8, 17.1R2-S11, 17.1R2-S12, 17.1R3-S2, 17.2R1-S9, 17.2R2-S8, 17.2R3-S3, 17.2R3-S4, 17.2X75-D105.19, 17.3R2-S5, 17.3R3-S6, 17.3R3-S7, 17.3R3-S8, 17.4R1-S3, 17.4R2, 17.4R2-S10, 17.4R2-S11, 17.4R2-S2, 17.4R2-S4, 17.4R2-S8, 17.4R2-S9, 17.4R3, 17.4R3-S1, 17.4R3-S2, 18.1R2, 18.1R3-S10, 18.1R3-S2, 18.1R3-S5, 18.1R3-S8, 18.1R3-S9, 18.2R1, 18.2R2, 18.2R2-S6, 18.2R2-S7, 18.2R3, 18.2R3-S3, 18.2R3-S4, 18.2R3-S5, 18.2X75-D10, 18.2X75-D13, 18.2X75-D32, 18.2X75-D33, 18.2X75-D34, 18.2X75-D40, 18.2X75-D41, 18.2X75-D411.1, 18.2X75-D420, 18.2X75-D420.18, 18.2X75-D430, 18.2X75-D50, 18.2X75-D52, 18.2X75-D52.3, 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60, 18.2X75-D60.2, 18.2X75-D65, 18.2X75-D65.1, 18.2X75-D70, 18.2X75-D70;(*1), 18.3R1-S2, 18.3R1-S7, 18.3R2, 18.3R2-S3, 18.3R2-S4, 18.3R3, 18.3R3-S1, 18.3R3-S2, 18.4R1, 18.4R1-S5, 18.4R1-S6, 18.4R1-S7, 18.4R2, 18.4R2-S4, 18.4R2-S5, 18.4R3, 18.4R3-S1, 18.4R3-S2, 18.4R3-S3(*2), 19.1R1-S4, 19.1R1-S5, 19.1R2, 19.1R2-S1, 19.1R2-S2, 19.1R3, 19.1R3-S2, 19.2R1, 19.2R1-S2, 19.2R1-S3, 19.2R1-S4, 19.2R1-S5, 19.2R2, 19.2R3, 19.3R2, 19.3R2-S2, 19.3R2-S3, 19.3R3, 19.4R1, 19.4R1-S1, 19.4R1-S2, 19.4R1-S3, 19.4R2, 19.4R3, 20.1R1, 20.1R1-S1, 20.1R1-S2, 20.1R2 et 20.2R1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos Space et Junos Space Security Director versions ant\u00e9rieures \u00e0 20.1R1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 19.1R3-EVO,19.2R2-EVO, 19.3R1-EVO, 19.3R3-EVO, 19.4R2-EVO, 19.4R2-S2-EVO, 20.1R1-EVO, 20.1R2-EVO et 20.2R1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S15, 12.3X48-D100, 12.3X48-D95, 14.1X53-D140, 14.1X53-D54, 15.1R7-S6, 15.1R7-S7, 15.1X49-D200, 15.1X49-D210, 15.1X49-D230, 15.1X53-D593, 16.1R7-S7, 16.1R7-S8, 17.1R2-S11, 17.1R2-S12, 17.1R3-S2, 17.2R1-S9, 17.2R2-S8, 17.2R3-S3, 17.2R3-S4, 17.2X75-D105.19, 17.3R2-S5, 17.3R3-S6, 17.3R3-S7, 17.3R3-S8, 17.4R1-S3, 17.4R2, 17.4R2-S10, 17.4R2-S11, 17.4R2-S2, 17.4R2-S4, 17.4R2-S8, 17.4R2-S9, 17.4R3, 17.4R3-S1, 17.4R3-S2, 18.1R2, 18.1R3-S10, 18.1R3-S2, 18.1R3-S5, 18.1R3-S8, 18.1R3-S9, 18.2R1, 18.2R2, 18.2R2-S6, 18.2R2-S7, 18.2R3, 18.2R3-S3, 18.2R3-S4, 18.2R3-S5, 18.2X75-D10, 18.2X75-D13, 18.2X75-D32, 18.2X75-D33, 18.2X75-D34, 18.2X75-D40, 18.2X75-D41, 18.2X75-D411.1, 18.2X75-D420, 18.2X75-D420.18, 18.2X75-D430, 18.2X75-D50, 18.2X75-D52, 18.2X75-D52.3, 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60, 18.2X75-D60.2, 18.2X75-D65, 18.2X75-D65.1, 18.2X75-D70, 18.2X75-D70;(*1), 18.3R1-S2, 18.3R1-S7, 18.3R2, 18.3R2-S3, 18.3R2-S4, 18.3R3, 18.3R3-S1, 18.3R3-S2, 18.4R1, 18.4R1-S5, 18.4R1-S6, 18.4R1-S7, 18.4R2, 18.4R2-S4, 18.4R2-S5, 18.4R3, 18.4R3-S1, 18.4R3-S2, 18.4R3-S3(*2), 19.1R1-S4, 19.1R1-S5, 19.1R2, 19.1R2-S1, 19.1R2-S2, 19.1R3, 19.1R3-S2, 19.2R1, 19.2R1-S2, 19.2R1-S3, 19.2R1-S4, 19.2R1-S5, 19.2R2, 19.2R3, 19.3R2, 19.3R2-S2, 19.3R2-S3, 19.3R3, 19.4R1, 19.4R1-S1, 19.4R1-S2, 19.4R1-S3, 19.4R2, 19.4R3, 20.1R1, 20.1R1-S1, 20.1R1-S2, 20.1R2 et 20.2R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-1167",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1167"
},
{
"name": "CVE-2016-2324",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2324"
},
{
"name": "CVE-2013-1960",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1960"
},
{
"name": "CVE-2012-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4447"
},
{
"name": "CVE-2016-3991",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3991"
},
{
"name": "CVE-2016-1838",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1838"
},
{
"name": "CVE-2014-7826",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7826"
},
{
"name": "CVE-2020-1648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1648"
},
{
"name": "CVE-2016-3621",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3621"
},
{
"name": "CVE-2011-0192",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0192"
},
{
"name": "CVE-2016-1000341",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000341"
},
{
"name": "CVE-2016-6662",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6662"
},
{
"name": "CVE-2019-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0169"
},
{
"name": "CVE-2019-11097",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11097"
},
{
"name": "CVE-2009-2347",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2347"
},
{
"name": "CVE-2014-3634",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3634"
},
{
"name": "CVE-2016-1000343",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000343"
},
{
"name": "CVE-2015-1782",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1782"
},
{
"name": "CVE-2017-13098",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13098"
},
{
"name": "CVE-2019-11132",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11132"
},
{
"name": "CVE-2014-7825",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7825"
},
{
"name": "CVE-2016-6136",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6136"
},
{
"name": "CVE-2020-1646",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1646"
},
{
"name": "CVE-2019-11086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11086"
},
{
"name": "CVE-2017-7895",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7895"
},
{
"name": "CVE-2012-1173",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1173"
},
{
"name": "CVE-2012-2088",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2088"
},
{
"name": "CVE-2014-9938",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9938"
},
{
"name": "CVE-2015-1158",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1158"
},
{
"name": "CVE-2020-1651",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1651"
},
{
"name": "CVE-2010-2067",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2067"
},
{
"name": "CVE-2019-11106",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11106"
},
{
"name": "CVE-2016-1000346",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000346"
},
{
"name": "CVE-2016-3945",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3945"
},
{
"name": "CVE-2016-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
},
{
"name": "CVE-2016-4448",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
},
{
"name": "CVE-2020-1645",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1645"
},
{
"name": "CVE-2016-1000345",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000345"
},
{
"name": "CVE-2020-1640",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1640"
},
{
"name": "CVE-2013-4244",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4244"
},
{
"name": "CVE-2016-3705",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3705"
},
{
"name": "CVE-2020-1643",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1643"
},
{
"name": "CVE-2018-16881",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16881"
},
{
"name": "CVE-2015-7940",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7940"
},
{
"name": "CVE-2017-1000117",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000117"
},
{
"name": "CVE-2012-5581",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5581"
},
{
"name": "CVE-2016-1000338",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000338"
},
{
"name": "CVE-2014-3690",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3690"
},
{
"name": "CVE-2018-1000613",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000613"
},
{
"name": "CVE-2017-12588",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12588"
},
{
"name": "CVE-2016-0787",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0787"
},
{
"name": "CVE-2016-1834",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1834"
},
{
"name": "CVE-2016-9555",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9555"
},
{
"name": "CVE-2013-1624",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1624"
},
{
"name": "CVE-2016-3990",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3990"
},
{
"name": "CVE-2019-0168",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0168"
},
{
"name": "CVE-2018-1000021",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000021"
},
{
"name": "CVE-2019-11103",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11103"
},
{
"name": "CVE-2014-9679",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9679"
},
{
"name": "CVE-2020-1647",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1647"
},
{
"name": "CVE-2019-11107",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11107"
},
{
"name": "CVE-2020-1652",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1652"
},
{
"name": "CVE-2017-14867",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14867"
},
{
"name": "CVE-2009-5022",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5022"
},
{
"name": "CVE-2016-1835",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1835"
},
{
"name": "CVE-2019-3856",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3856"
},
{
"name": "CVE-2020-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1650"
},
{
"name": "CVE-2016-1000342",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000342"
},
{
"name": "CVE-2019-3863",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3863"
},
{
"name": "CVE-2016-1836",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
},
{
"name": "CVE-2019-11110",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11110"
},
{
"name": "CVE-2013-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0169"
},
{
"name": "CVE-2016-1000339",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000339"
},
{
"name": "CVE-2008-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2327"
},
{
"name": "CVE-2017-9935",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9935"
},
{
"name": "CVE-2018-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
},
{
"name": "CVE-2018-5382",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5382"
},
{
"name": "CVE-2014-9584",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9584"
},
{
"name": "CVE-2019-11102",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11102"
},
{
"name": "CVE-2019-3862",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3862"
},
{
"name": "CVE-2019-11088",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11088"
},
{
"name": "CVE-2019-11105",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11105"
},
{
"name": "CVE-2016-5616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5616"
},
{
"name": "CVE-2015-1421",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1421"
},
{
"name": "CVE-2014-9529",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9529"
},
{
"name": "CVE-2020-1654",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1654"
},
{
"name": "CVE-2013-1961",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1961"
},
{
"name": "CVE-2015-7082",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7082"
},
{
"name": "CVE-2006-2193",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-2193"
},
{
"name": "CVE-2014-8171",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8171"
},
{
"name": "CVE-2006-2656",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-2656"
},
{
"name": "CVE-2019-11101",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11101"
},
{
"name": "CVE-2016-1833",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1833"
},
{
"name": "CVE-2018-11233",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11233"
},
{
"name": "CVE-2013-4232",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4232"
},
{
"name": "CVE-2013-4243",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4243"
},
{
"name": "CVE-2016-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
},
{
"name": "CVE-2011-3200",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3200"
},
{
"name": "CVE-2016-1840",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1840"
},
{
"name": "CVE-2017-15298",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15298"
},
{
"name": "CVE-2014-8884",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8884"
},
{
"name": "CVE-2015-1159",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1159"
},
{
"name": "CVE-2016-1762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
},
{
"name": "CVE-2019-11131",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11131"
},
{
"name": "CVE-2020-1641",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1641"
},
{
"name": "CVE-2019-11090",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11090"
},
{
"name": "CVE-2013-4758",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4758"
},
{
"name": "CVE-2016-1837",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1837"
},
{
"name": "CVE-2019-0131",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0131"
},
{
"name": "CVE-2019-11109",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11109"
},
{
"name": "CVE-2016-5314",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5314"
},
{
"name": "CVE-2016-1839",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1839"
},
{
"name": "CVE-2016-1000352",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000352"
},
{
"name": "CVE-2010-2065",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2065"
},
{
"name": "CVE-2019-0166",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0166"
},
{
"name": "CVE-2010-1411",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1411"
},
{
"name": "CVE-2016-3632",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3632"
},
{
"name": "CVE-2019-3855",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3855"
},
{
"name": "CVE-2015-7547",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7547"
},
{
"name": "CVE-2020-1649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1649"
},
{
"name": "CVE-2019-3857",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3857"
},
{
"name": "CVE-2012-4564",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4564"
},
{
"name": "CVE-2012-2113",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2113"
},
{
"name": "CVE-2019-11104",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11104"
},
{
"name": "CVE-2019-11087",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11087"
},
{
"name": "CVE-2016-1000344",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000344"
},
{
"name": "CVE-2019-11108",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11108"
},
{
"name": "CVE-2014-3215",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3215"
},
{
"name": "CVE-2018-11235",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11235"
},
{
"name": "CVE-2016-6663",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6663"
},
{
"name": "CVE-2018-19486",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19486"
},
{
"name": "CVE-2015-7545",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7545"
},
{
"name": "CVE-2016-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
},
{
"name": "CVE-2019-1551",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1551"
},
{
"name": "CVE-2019-11100",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11100"
},
{
"name": "CVE-2018-5360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5360"
},
{
"name": "CVE-2018-1000180",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000180"
},
{
"name": "CVE-2019-0165",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0165"
},
{
"name": "CVE-2020-1644",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1644"
},
{
"name": "CVE-2019-11147",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11147"
},
{
"name": "CVE-2012-3401",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3401"
},
{
"name": "CVE-2019-0211",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0211"
},
{
"name": "CVE-2014-3683",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3683"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-420",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-07-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11038 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11038\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11024 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11024\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11026 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11026\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11027 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11027\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11035 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11035\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11023 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11023\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11025 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11025\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11034 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11034\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11033 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11033\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11032 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11032\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11036 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11036\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11031 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11031\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11030 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11030\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11037 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11037\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11028 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11028\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
GSD-2017-14867
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-14867",
"description": "Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.",
"id": "GSD-2017-14867",
"references": [
"https://www.suse.com/security/cve/CVE-2017-14867.html",
"https://www.debian.org/security/2017/dsa-3984",
"https://ubuntu.com/security/CVE-2017-14867",
"https://advisories.mageia.org/CVE-2017-14867.html",
"https://alas.aws.amazon.com/cve/html/CVE-2017-14867.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-14867"
],
"details": "Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.",
"id": "GSD-2017-14867",
"modified": "2023-12-13T01:21:12.425438Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14867",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2017/09/26/9",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2017/09/26/9"
},
{
"name": "https://bugs.debian.org/876854",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/876854"
},
{
"name": "https://lists.debian.org/debian-security-announce/2017/msg00246.html",
"refsource": "CONFIRM",
"url": "https://lists.debian.org/debian-security-announce/2017/msg00246.html"
},
{
"name": "https://public-inbox.org/git/xmqqy3p29ekj.fsf@gitster.mtv.corp.google.com/T/#u",
"refsource": "CONFIRM",
"url": "https://public-inbox.org/git/xmqqy3p29ekj.fsf@gitster.mtv.corp.google.com/T/#u"
},
{
"name": "1039431",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039431"
},
{
"name": "101060",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101060"
},
{
"name": "DSA-3984",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3984"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:git-scm:git:2.13.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:git-scm:git:2.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:git-scm:git:2.12.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:git-scm:git:2.12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:git-scm:git:2.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:git-scm:git:2.14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:git-scm:git:2.11.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:git-scm:git:2.11.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.10.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:git-scm:git:2.13.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:git-scm:git:2.13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:git-scm:git:2.13.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:git-scm:git:2.12.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:git-scm:git:2.11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:git-scm:git:2.13.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:git-scm:git:2.13.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:git-scm:git:2.12.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:git-scm:git:2.11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14867"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3984",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3984"
},
{
"name": "https://public-inbox.org/git/xmqqy3p29ekj.fsf@gitster.mtv.corp.google.com/T/#u",
"refsource": "CONFIRM",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://public-inbox.org/git/xmqqy3p29ekj.fsf@gitster.mtv.corp.google.com/T/#u"
},
{
"name": "https://lists.debian.org/debian-security-announce/2017/msg00246.html",
"refsource": "CONFIRM",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-security-announce/2017/msg00246.html"
},
{
"name": "https://bugs.debian.org/876854",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/876854"
},
{
"name": "http://www.openwall.com/lists/oss-security/2017/09/26/9",
"refsource": "CONFIRM",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/09/26/9"
},
{
"name": "1039431",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039431"
},
{
"name": "101060",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101060"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2021-01-26T14:55Z",
"publishedDate": "2017-09-29T01:34Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…