5 results (0.012 seconds)

CVSS: 4.3EPSS: 0%CPEs: 29EXPL: 0

Directory traversal vulnerability in the cgit_parse_readme function in ui-summary.c in cgit before 0.9.2, when a readme file is set to a filesystem path, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. Vulnerabilidad de salto de directorio en la función cgit_parse_readme en ui-summary.c en cgit anterior a v0.9.2, cuando un archivo readme se establece en una ruta del sistema de archivos, permite a atacantes remotos leer ficheros a través de .. (punto punto) en el parámetro URL. • http://git.zx2c4.com/cgit/commit/?h=wip&id=babf94e04e74123eb658a823213c062663cdadd6 http://lists.opensuse.org/opensuse-updates/2013-07/msg00061.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00012.html http://lists.zx2c4.com/pipermail/cgit/2013-May/001394.html http://secunia.com/advisories/54186 http://www.openwall.com/lists/oss-security/2013/05/27/3 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.0EPSS: 0%CPEs: 28EXPL: 0

Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permissions to add files to execute arbitrary commands via the --plug-in argument to the highlight command. Vulnerabilidad de inyección de argumentos en sintax-highlighting.sh en cgit v9.0.3 y anteriores permite a usuarios remotos autenticados con los permisos para añadir ficheros ejecutar código arbitrario a través del argumento --plug-in del comando resaltado. • http://git.zx2c4.com/cgit/commit/?id=7ea35f9f8ecf61ab42be9947aae1176ab6e089bd http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00004.html http://secunia.com/advisories/50734 http://secunia.com/advisories/51167 http://secunia.com/advisories/51222 http://www.openwall. •

CVSS: 6.5EPSS: 4%CPEs: 28EXPL: 0

Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via an empty username in the "Author" field in a commit. Desbordamiento de búfer basado en memoria dinámica en la función substr en parsing.c en cgit v0.9.0.3, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código a través de un nombre vacío en el campo "Author" en una solicitud. • http://git.zx2c4.com/cgit/commit/?id=7757d1b046ecb67b830151d20715c658867df1ec http://hjemli.net/pipermail/cgit/2012-July/000652.html http://secunia.com/advisories/50734 http://www.openwall.com/lists/oss-security/2012/09/30/1 http://www.openwall.com/lists/oss-security/2012/10/03/7 http://www.securityfocus.com/bid/55724 https://bugzilla.redhat.com/show_bug.cgi?id=820733 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 3.5EPSS: 0%CPEs: 27EXPL: 0

Cross-site scripting (XSS) vulnerability in the print_fileinfo function in ui-diff.c in cgit 0.9.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the filename associated with the rename hint. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la función print_fileinfo de ui-diff.c de cgit v0.9.0.2 y anteriores, permite a usuarios autenticados en remoto inyectar secuencias de comandos web o HTML de su elección a través del nombre de fichero asociado con el campo de renombrar. • http://hjemli.net/git/cgit/commit/?h=stable&id=bebe89d7c11a92bf206bf6e528c51ffa8ecbc0d5 http://hjemli.net/pipermail/cgit/2011-July/000276.html http://secunia.com/advisories/45358 http://secunia.com/advisories/45541 http://www.openwall.com/lists/oss-security/2011/07/22/2 http://www.openwall.com/lists/oss-security/2011/07/22/6 http://www.openwall.com/lists/oss-security/2011/07/22/7 http://www.openwall.com/lists/oss-security/2011/07/24/3 http://www.openwall.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 4%CPEs: 26EXPL: 2

Off-by-one error in the convert_query_hexchar function in html.c in cgit.cgi in cgit before 0.8.3.5 allows remote attackers to cause a denial of service (infinite loop) via a string composed of a % (percent) character followed by invalid hex characters, as demonstrated by a %gg sequence. Error de superación de límite (off-by-one) en la función convert_query_hexchar en html.c en cgit.cgi en cgit anteriores a v0.8.3.5, permite a atacantes remotos provocar una denegación de servicio (buble infinito) a través de una cadena compuesta por un caracter "%" (por ciento) seguido de caracteres hexadecimales no válidos, como se demostró con la secuencia %gg. • http://article.gmane.org/gmane.comp.version-control.git/168493 http://hjemli.net/git/cgit/commit/?h=stable&id=fc384b16fb9787380746000d3cea2d53fccc548e http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055896.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055898.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055966.html http://openwall.com/lists/oss-security/2011/03/07/3 http://secunia.com/advisories/43633 http://secunia.com/advi • CWE-193: Off-by-one Error •