CVSS: 7.8EPSS: 0%CPEs: 85EXPL: 0CVE-2008-5916 – Gentoo Linux Security Advisory 200903-15
https://notcve.org/view.php?id=CVE-2008-5916
21 Jan 2009 — gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a crafted gitweb query. gitweb/gitweb.perl en gitweb en Git 1.6.x anteriores a v1.6.0.6, 1.5.6.x anteriores a v1.5.6.6, 1.5.5.x anteriores a v1.5.5.6, 1.5.4.x anteriores a v1.5.4.7, y otras versiones posteriores a v1.4.3 p... • http://marc.info/?l=git&m=122975564100860&w=2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 1%CPEs: 117EXPL: 1CVE-2008-5516 – Gentoo Linux Security Advisory 200903-15
https://notcve.org/view.php?id=CVE-2008-5516
20 Jan 2009 — The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to git_search. La interfaz web en git (gitweb) versiones 1.5.x anteriores a 1.5.5, permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres de shell relacionados con git_search. It was discovered that Git did not properly handle long file paths. If a user were tricked into performing commands on a specially crafted Git repository, an attacker co... • https://packetstorm.news/files/id/86450 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 6%CPEs: 51EXPL: 2CVE-2008-5517 – gitWeb 1.5.2 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2008-5517
13 Jan 2009 — The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote attackers to execute arbitrary commands via shell metacharacters related to (1) git_snapshot and (2) git_object. La interfaz web en git (gitweb) versiones 1.5.x anteriores a 1.5.6, permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres de shell relacionados a (1) git_snapshot y (2) git_object. It was discovered that Git did not properly handle long file paths. If a user were tricked into performing commands on a sp... • https://packetstorm.news/files/id/86450 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 2%CPEs: 8EXPL: 1CVE-2008-3546 – Debian Linux Security Advisory 1637-1
https://notcve.org/view.php?id=CVE-2008-3546
07 Aug 2008 — Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep. Desbordamiento de búfer basado en pila de las funciones (1) diff_addremove y (2) diff_change en GIT versiones anteriores a la 1.5.6.4, podría permitir a usuarios locales ejecutar código arbitrariamente a través de un PATH de longitud mayo... • http://kerneltrap.org/mailarchive/git/2008/7/16/2529284 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 6%CPEs: 13EXPL: 0CVE-2006-0477
https://notcve.org/view.php?id=CVE-2006-0477
31 Jan 2006 — Buffer overflow in git-checkout-index in GIT before 1.1.5 allows remote attackers to execute arbitrary code via an index file with a long symbolic link. • http://lwn.net/Articles/169623 •