Page 10 of 55 results (0.011 seconds)

CVSS: 9.8EPSS: 94%CPEs: 17EXPL: 0

Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem. Git versiones anteriores a 1.8.5.6, versiones 1.9.x anteriores a 1.9.5, versiones 2.0.x anteriores a 2.0.5, versiones 2.1.x anteriores a 2.1.4 y versiones 2.2.x anteriores a 2.2.1 en Windows y OS X; Mercurial versiones anteriores a 3.2.3 en Windows y OS X; Apple Xcode versiones anteriores a 6.2 beta 3; mine todas las versiones antes del 08-12-2014; libgit2 todas las versiones hasta 0.21. 2; Egit todas las versiones anteriores al 08-12-2014; y JGit todas las versiones anteriores al 08-12-2014 permiten a los servidores Git remotos ejecutar comandos arbitrarios por medio de un árbol que contiene un archivo .git/config diseñado con (1) un punto de código Unicode ignorable, (2) una representación git~1/config, o (3) mayúsculas y minúsculas que no son manejadas apropiadamente en un sistema de archivos insensible a mayúsculas y minúsculas • http://article.gmane.org/gmane.linux.kernel/1853266 http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html http://mercurial.selenic.com/wiki/WhatsNew http://securitytracker.com/id?1031404 http://support.apple.com/kb/HT204147 https://github.com/blog/1938-git-client-vulnerability-announced https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915 https://libgit2.org/security https://news.ycombinator.com/item?id=8769667 https://www.rapid7.com/blo • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. El comando imap-send en GIT antes de v1.8.1.4 no comprueba si el nombre del servidor coincide con un nombre de dominio en el nombre común del sujeto (CN) o el campo subjectAltName del certificado X.509, lo que permite atacantes MITM (Man-In-The-Middle) suplantar servidores SSL de su elección a través de un certificado válido. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701586 http://lists.apple.com/archives/security-announce/2013/Sep/msg00007.html http://lists.opensuse.org/opensuse-updates/2013-03/msg00005.html http://lists.opensuse.org/opensuse-updates/2013-03/msg00007.html http://marc.info/?l=git&m=136134619013145&w=2 http://rhn.redhat.com/errata/RHSA-2013-0589.html http://secunia.com/advisories/52361 http://secunia.com/advisories/52443 http://secunia.com/advisories/52467 http://suppo • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 3%CPEs: 170EXPL: 3

Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Gitweb v1.7.3.3 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los parámetros (1) f y (2) fp. • https://www.exploit-db.com/exploits/15744 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052518.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052782.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html http://secunia.com/advisories/42645 http://secunia.com/advisories/42731 http://secunia.com/advisories/42743 http://secunia.com/advisories/43457 http://www.exploit-db.com/exploits/15744 http://www.mandriva.com/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy. Desbordamiento de búfer basado en pila en la función is_git_directory en setup.c en Git anterior v1.7.2.1 permite a usuarios locales obtener privilegios a través de un gitdir grande: campo en un fichero .git en una acción copia. • http://git.kernel.org/?p=git/git.git%3Ba=commit%3Bh=3c9d0414ed2db0167e6c828b547be8fc9f88fccc http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html http://secunia.com/advisories/43457 http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.7.2.1.txt http://www.openwall.com/lists/oss-security/2010/07/22/1 http://www.openwall.com/lists/oss-security/2010/07/22/4 http://www.securityfocus.com/bid/41891 http://www.vupen.com/english/advisories/2011/0464 • CWE-787: Out-of-bounds Write •

CVSS: 5.0EPSS: 7%CPEs: 89EXPL: 1

git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request containing extra unrecognized arguments. git-daemon en git v1.4.4.5 hasta v1.6.3 permite a atacantes remotos provocar una denegación de servicio (bucle infinito y agotamiento de CPU) a través de una una petición que contenga argumentos no reconocidos extra. • https://www.exploit-db.com/exploits/33036 http://article.gmane.org/gmane.comp.version-control.git/120733 http://osvdb.org/55034 http://secunia.com/advisories/35437 http://secunia.com/advisories/35730 http://security.gentoo.org/glsa/glsa-200907-05.xml http://thread.gmane.org/gmane.comp.version-control.git/120724 http://www.mandriva.com/security/advisories?name=MDVSA-2009:155 http://www.openwall.com/lists/oss-security/2009/06/12/1 http://www.securityfocus.com/bid/35338&# • CWE-399: Resource Management Errors •