Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
Lars HjemliCgit*

4 matches found

CVE
CVEadded 2011/03/20 2:0 a.m.46 views

CVE-2011-1027

Off-by-one error in the convert_query_hexchar function in html.c in cgit.cgi in cgit before 0.8.3.5 allows remote attackers to cause a denial of service (infinite loop) via a string composed of a % (percent) character followed by invalid hex characters, as demonstrated by a %gg sequence.

5CVSS6.3AI score0.05194EPSS
CVE
CVEadded 2011/08/03 12:55 a.m.44 views

CVE-2011-2711

Cross-site scripting (XSS) vulnerability in the print_fileinfo function in ui-diff.c in cgit 0.9.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the filename associated with the rename hint.

3.5CVSS5.2AI score0.00371EPSS
CVE
CVEadded 2012/10/10 6:55 p.m.41 views

CVE-2012-4465

Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via an empty username in the "Author" field in a commit.

6.5CVSS7.7AI score0.03459EPSS
CVE
CVEadded 2012/11/11 1:0 p.m.37 views

CVE-2012-4548

Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permissions to add files to execute arbitrary commands via the --plug-in argument to the highlight command.

6CVSS7.3AI score0.00676EPSS