CVSS: 5.9EPSS: 2%CPEs: 1EXPL: 0CVE-2013-0308 – git: Incorrect IMAP server's SSL x509.v3 certificate validation in git-imap-send command
https://notcve.org/view.php?id=CVE-2013-0308
05 Mar 2013 — The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. El comando imap-send en GIT antes de v1.8.1.4 no comprueba si el nombre del servidor coincide con un nombre de dominio en el nombre común del sujeto (CN) o el campo subjectAltName del certificado X.509, lo que permite ataca... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701586 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 14%CPEs: 170EXPL: 3CVE-2010-3906 – gitWeb 1.7.3.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-3906
16 Dec 2010 — Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Gitweb v1.7.3.3 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los parámetros (1) f y (2) fp. A cross-site scripting vulnerability in Gitweb 1.7.3.3 and previous versions allows remote attackers to inject arbit... • https://www.exploit-db.com/exploits/15744 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2010-2542 – Gentoo Linux Security Advisory 201401-06
https://notcve.org/view.php?id=CVE-2010-2542
11 Aug 2010 — Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy. Desbordamiento de búfer basado en pila en la función is_git_directory en setup.c en Git anterior v1.7.2.1 permite a usuarios locales obtener privilegios a través de un gitdir grande: campo en un fichero .git en una acción copia. The Debian stable point release 5.0.6 included updated packages of the Git revision control ... • http://git.kernel.org/?p=git/git.git%3Ba=commit%3Bh=3c9d0414ed2db0167e6c828b547be8fc9f88fccc • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 117EXPL: 1CVE-2008-5516 – Gentoo Linux Security Advisory 200903-15
https://notcve.org/view.php?id=CVE-2008-5516
20 Jan 2009 — The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to git_search. La interfaz web en git (gitweb) versiones 1.5.x anteriores a 1.5.5, permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres de shell relacionados con git_search. It was discovered that Git did not properly handle long file paths. If a user were tricked into performing commands on a specially crafted Git repository, an attacker co... • https://packetstorm.news/files/id/86450 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 6%CPEs: 13EXPL: 0CVE-2006-0477
https://notcve.org/view.php?id=CVE-2006-0477
31 Jan 2006 — Buffer overflow in git-checkout-index in GIT before 1.1.5 allows remote attackers to execute arbitrary code via an index file with a long symbolic link. • http://lwn.net/Articles/169623 •