213 matches found
CVE-2016-1900
CRLF injection vulnerability in the cgitprinthttpheaders function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting XSS attacks via newline...
CVE-2016-1899
CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting XSS attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit....
cgit -- multiple vulnerabilities
Jason A. Donenfeld reports: Reflected Cross Site Scripting and Header Injection in Mimetype Query String. Stored Cross Site Scripting and Header Injection in Filename Parameter. Integer Overflow resulting in Buffer Overflow...
Mageia: Security Advisory (MGASA-2015-0325)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2015-0325 Updated cgit package fixes security vulnerability
cgit in Mageia 4/5 bundles an old git that is being subject to a minor security issue CVE-2014-9390. The cgit package was updated to its latest upstream release, and updates the bundled git to the non-vulnerable version 2.5.0, which contains various bug fixes...
Updated cgit package fixes security vulnerability
cgit in Mageia 4/5 bundles an old git that is being subject to a minor security issue CVE-2014-9390. The cgit package was updated to its latest upstream release, and updates the bundled git to the non-vulnerable version 2.5.0, which contains various bug fixes...
openSUSE Security Update : cgit (openSUSE-2015-436)
The git web frontend cgit was updated to 0.11.2 to fix security issues and bugs. The following vulnerabilities were fixed : - CVE-2014-9390: arbitrary command execution vulnerability on case-insensitive file systems in git. Malicious commits could affect client users on all platforms using...
The vulnerability of the OpenSUSE operating system allows malicious actors to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the cgit-debugsource package in the OpenSUSE operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely by a malicious individual who has completed the authentication process...
The vulnerability of the OpenSUSE operating system allows malicious actors to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the cgit package in the OpenSUSE operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. Exploitation of this vulnerability can be carried out remotely by a malicious individual who has completed the authentication...
The vulnerability of the OpenSUSE operating system allows malicious actors to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the cgit-debuginfo package in the OpenSUSE operating system can be exploited by a malicious individual to compromise the confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely by a malicious person who has complete...
openSUSE Security Update : cgit (openSUSE-SU-2012:1461-1)
Specially crafted commits can cause code to be executed on the clients due to improperly quoted arguments. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-765. The text descripti...
openSUSE Security Update : cgit (openSUSE-SU-2012:1421-1)
Specially crafted commits could trigger a heap-based buffer overflow %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-753. The text description of this plugin is C SUSE LLC...
openSUSE Security Update : cgit (openSUSE-SU-2011:0891-1)
This update of cgit fixes a XSS vulnerability. CVE-2011-2711: CVSS v2 Base Score: 3.3 AV:N/AC:L/Au:M/C:N/I:P/A:N: Cross-Site Scripting XSS CWE-79 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Updat...
openSUSE Security Update : cgit (openSUSE-SU-2012:1460-1)
Specially crafted commits can cause code to be executed on the clients due to improperly quoted arguments. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-764. The text descripti...
openSUSE Security Update : cgit (openSUSE-SU-2013:1207-1)
A directory traversal in cgit could be used by remote attackers to read files on the local filesystem. CVE-2013-2117 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2013-591. The text...
openSUSE Security Update : cgit (openSUSE-SU-2012:1422-1)
Specially crafted commits could trigger a heap-based buffer overflow %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-752. The text description of this plugin is C SUSE LLC...
CVE-2013-2117
Directory traversal vulnerability in the cgitparsereadme function in ui-summary.c in cgit before 0.9.2, when a readme file is set to a filesystem path, allows remote attackers to read arbitrary files via a .. dot dot in the url parameter...
Directory traversal
Directory traversal vulnerability in the cgitparsereadme function in ui-summary.c in cgit before 0.9.2, when a readme file is set to a filesystem path, allows remote attackers to read arbitrary files via a .. dot dot in the url parameter...
CVE-2013-2117
Directory traversal vulnerability in the cgitparsereadme function in ui-summary.c in cgit before 0.9.2, when a readme file is set to a filesystem path, allows remote attackers to read arbitrary files via a .. dot dot in the url parameter...
CVE-2013-2117
Directory traversal in cgit_parse_readme (ui-summary.c) of cgit before 0.9.2 allows remote attackers to read arbitrary files via a .. in the url parameter. Affected: cgit up to version