CVSS: 9.8EPSS: 53%CPEs: 17EXPL: 1CVE-2014-9390 – Malicious Git and Mercurial HTTP Server For CVE-2014-9390
https://notcve.org/view.php?id=CVE-2014-9390
20 Dec 2014 — Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config ... • https://packetstorm.news/files/id/129784 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 2%CPEs: 1EXPL: 0CVE-2013-0308 – git: Incorrect IMAP server's SSL x509.v3 certificate validation in git-imap-send command
https://notcve.org/view.php?id=CVE-2013-0308
05 Mar 2013 — The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. El comando imap-send en GIT antes de v1.8.1.4 no comprueba si el nombre del servidor coincide con un nombre de dominio en el nombre común del sujeto (CN) o el campo subjectAltName del certificado X.509, lo que permite ataca... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701586 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 14%CPEs: 170EXPL: 3CVE-2010-3906 – gitWeb 1.7.3.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-3906
16 Dec 2010 — Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Gitweb v1.7.3.3 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los parámetros (1) f y (2) fp. A cross-site scripting vulnerability in Gitweb 1.7.3.3 and previous versions allows remote attackers to inject arbit... • https://www.exploit-db.com/exploits/15744 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2010-2542 – Gentoo Linux Security Advisory 201401-06
https://notcve.org/view.php?id=CVE-2010-2542
11 Aug 2010 — Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy. Desbordamiento de búfer basado en pila en la función is_git_directory en setup.c en Git anterior v1.7.2.1 permite a usuarios locales obtener privilegios a través de un gitdir grande: campo en un fichero .git en una acción copia. The Debian stable point release 5.0.6 included updated packages of the Git revision control ... • http://git.kernel.org/?p=git/git.git%3Ba=commit%3Bh=3c9d0414ed2db0167e6c828b547be8fc9f88fccc • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 20%CPEs: 89EXPL: 1CVE-2009-2108 – Git 1.6.3 - Parameter Processing Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-2108
18 Jun 2009 — git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request containing extra unrecognized arguments. git-daemon en git v1.4.4.5 hasta v1.6.3 permite a atacantes remotos provocar una denegación de servicio (bucle infinito y agotamiento de CPU) a través de una una petición que contenga argumentos no reconocidos extra. It was discovered that git-daemon which is part of git-core, a popular distributed revision control system, is ... • https://www.exploit-db.com/exploits/33036 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 85EXPL: 0CVE-2008-5916 – Gentoo Linux Security Advisory 200903-15
https://notcve.org/view.php?id=CVE-2008-5916
21 Jan 2009 — gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a crafted gitweb query. gitweb/gitweb.perl en gitweb en Git 1.6.x anteriores a v1.6.0.6, 1.5.6.x anteriores a v1.5.6.6, 1.5.5.x anteriores a v1.5.5.6, 1.5.4.x anteriores a v1.5.4.7, y otras versiones posteriores a v1.4.3 p... • http://marc.info/?l=git&m=122975564100860&w=2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 1%CPEs: 117EXPL: 1CVE-2008-5516 – Gentoo Linux Security Advisory 200903-15
https://notcve.org/view.php?id=CVE-2008-5516
20 Jan 2009 — The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to git_search. La interfaz web en git (gitweb) versiones 1.5.x anteriores a 1.5.5, permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres de shell relacionados con git_search. It was discovered that Git did not properly handle long file paths. If a user were tricked into performing commands on a specially crafted Git repository, an attacker co... • https://packetstorm.news/files/id/86450 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 6%CPEs: 51EXPL: 2CVE-2008-5517 – gitWeb 1.5.2 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2008-5517
13 Jan 2009 — The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote attackers to execute arbitrary commands via shell metacharacters related to (1) git_snapshot and (2) git_object. La interfaz web en git (gitweb) versiones 1.5.x anteriores a 1.5.6, permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres de shell relacionados a (1) git_snapshot y (2) git_object. It was discovered that Git did not properly handle long file paths. If a user were tricked into performing commands on a sp... • https://packetstorm.news/files/id/86450 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 2%CPEs: 8EXPL: 1CVE-2008-3546 – Debian Linux Security Advisory 1637-1
https://notcve.org/view.php?id=CVE-2008-3546
07 Aug 2008 — Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep. Desbordamiento de búfer basado en pila de las funciones (1) diff_addremove y (2) diff_change en GIT versiones anteriores a la 1.5.6.4, podría permitir a usuarios locales ejecutar código arbitrariamente a través de un PATH de longitud mayo... • http://kerneltrap.org/mailarchive/git/2008/7/16/2529284 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 6%CPEs: 13EXPL: 0CVE-2006-0477
https://notcve.org/view.php?id=CVE-2006-0477
31 Jan 2006 — Buffer overflow in git-checkout-index in GIT before 1.1.5 allows remote attackers to execute arbitrary code via an index file with a long symbolic link. • http://lwn.net/Articles/169623 •