CVSS: 6.1EPSS: 14%CPEs: 170EXPL: 3CVE-2010-3906 – gitWeb 1.7.3.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-3906
16 Dec 2010 — Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Gitweb v1.7.3.3 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los parámetros (1) f y (2) fp. A cross-site scripting vulnerability in Gitweb 1.7.3.3 and previous versions allows remote attackers to inject arbit... • https://www.exploit-db.com/exploits/15744 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2010-2542 – Gentoo Linux Security Advisory 201401-06
https://notcve.org/view.php?id=CVE-2010-2542
11 Aug 2010 — Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy. Desbordamiento de búfer basado en pila en la función is_git_directory en setup.c en Git anterior v1.7.2.1 permite a usuarios locales obtener privilegios a través de un gitdir grande: campo en un fichero .git en una acción copia. The Debian stable point release 5.0.6 included updated packages of the Git revision control ... • http://git.kernel.org/?p=git/git.git%3Ba=commit%3Bh=3c9d0414ed2db0167e6c828b547be8fc9f88fccc • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 20%CPEs: 89EXPL: 1CVE-2009-2108 – Git 1.6.3 - Parameter Processing Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-2108
18 Jun 2009 — git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request containing extra unrecognized arguments. git-daemon en git v1.4.4.5 hasta v1.6.3 permite a atacantes remotos provocar una denegación de servicio (bucle infinito y agotamiento de CPU) a través de una una petición que contenga argumentos no reconocidos extra. It was discovered that git-daemon which is part of git-core, a popular distributed revision control system, is ... • https://www.exploit-db.com/exploits/33036 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 85EXPL: 0CVE-2008-5916 – Gentoo Linux Security Advisory 200903-15
https://notcve.org/view.php?id=CVE-2008-5916
21 Jan 2009 — gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a crafted gitweb query. gitweb/gitweb.perl en gitweb en Git 1.6.x anteriores a v1.6.0.6, 1.5.6.x anteriores a v1.5.6.6, 1.5.5.x anteriores a v1.5.5.6, 1.5.4.x anteriores a v1.5.4.7, y otras versiones posteriores a v1.4.3 p... • http://marc.info/?l=git&m=122975564100860&w=2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 1%CPEs: 117EXPL: 1CVE-2008-5516 – Gentoo Linux Security Advisory 200903-15
https://notcve.org/view.php?id=CVE-2008-5516
20 Jan 2009 — The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to git_search. La interfaz web en git (gitweb) versiones 1.5.x anteriores a 1.5.5, permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres de shell relacionados con git_search. It was discovered that Git did not properly handle long file paths. If a user were tricked into performing commands on a specially crafted Git repository, an attacker co... • https://packetstorm.news/files/id/86450 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 6%CPEs: 51EXPL: 2CVE-2008-5517 – gitWeb 1.5.2 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2008-5517
13 Jan 2009 — The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote attackers to execute arbitrary commands via shell metacharacters related to (1) git_snapshot and (2) git_object. La interfaz web en git (gitweb) versiones 1.5.x anteriores a 1.5.6, permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres de shell relacionados a (1) git_snapshot y (2) git_object. It was discovered that Git did not properly handle long file paths. If a user were tricked into performing commands on a sp... • https://packetstorm.news/files/id/86450 • CWE-94: Improper Control of Generation of Code ('Code Injection') •