Page 10 of 48 results (0.005 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. El comando imap-send en GIT antes de v1.8.1.4 no comprueba si el nombre del servidor coincide con un nombre de dominio en el nombre común del sujeto (CN) o el campo subjectAltName del certificado X.509, lo que permite atacantes MITM (Man-In-The-Middle) suplantar servidores SSL de su elección a través de un certificado válido. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701586 http://lists.apple.com/archives/security-announce/2013/Sep/msg00007.html http://lists.opensuse.org/opensuse-updates/2013-03/msg00005.html http://lists.opensuse.org/opensuse-updates/2013-03/msg00007.html http://marc.info/?l=git&m=136134619013145&w=2 http://rhn.redhat.com/errata/RHSA-2013-0589.html http://secunia.com/advisories/52361 http://secunia.com/advisories/52443 http://secunia.com/advisories/52467 http://suppo • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 3%CPEs: 170EXPL: 3

Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Gitweb v1.7.3.3 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los parámetros (1) f y (2) fp. • https://www.exploit-db.com/exploits/15744 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052518.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052782.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html http://secunia.com/advisories/42645 http://secunia.com/advisories/42731 http://secunia.com/advisories/42743 http://secunia.com/advisories/43457 http://www.exploit-db.com/exploits/15744 http://www.mandriva.com/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy. Desbordamiento de búfer basado en pila en la función is_git_directory en setup.c en Git anterior v1.7.2.1 permite a usuarios locales obtener privilegios a través de un gitdir grande: campo en un fichero .git en una acción copia. • http://git.kernel.org/?p=git/git.git%3Ba=commit%3Bh=3c9d0414ed2db0167e6c828b547be8fc9f88fccc http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html http://secunia.com/advisories/43457 http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.7.2.1.txt http://www.openwall.com/lists/oss-security/2010/07/22/1 http://www.openwall.com/lists/oss-security/2010/07/22/4 http://www.securityfocus.com/bid/41891 http://www.vupen.com/english/advisories/2011/0464 • CWE-787: Out-of-bounds Write •