rpm package
opensuse/cgit&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/cgit&distro=openSUSE%20Tumbleweed
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-14912 | Hig | 7.5 | < 1.2.3-1.10 | 1.2.3-1.10 | Aug 3, 2018 | cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request. | |
| CVE-2016-2324 | Cri | 9.8 | < 1.0-1.3 | 1.0-1.3 | Apr 8, 2016 | Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. | |
| CVE-2016-2315 | Cri | 9.8 | < 1.0-1.3 | 1.0-1.3 | Apr 8, 2016 | revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow. | |
| CVE-2016-1901 | Cri | 9.8 | < 1.0-1.3 | 1.0-1.3 | Jan 20, 2016 | Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow. | |
| CVE-2016-1900 | Low | 3.7 | < 1.0-1.3 | 1.0-1.3 | Jan 20, 2016 | CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) atta | |
| CVE-2016-1899 | Low | 3.7 | < 1.0-1.3 | 1.0-1.3 | Jan 20, 2016 | CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a re | |
| CVE-2013-2117 | — | < 1.0-1.3 | 1.0-1.3 | Aug 9, 2013 | Directory traversal vulnerability in the cgit_parse_readme function in ui-summary.c in cgit before 0.9.2, when a readme file is set to a filesystem path, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. | ||
| CVE-2012-4548 | — | < 1.0-1.3 | 1.0-1.3 | Nov 11, 2012 | Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permissions to add files to execute arbitrary commands via the --plug-in argument to the highlight command. | ||
| CVE-2012-4465 | — | < 1.0-1.3 | 1.0-1.3 | Oct 10, 2012 | Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via an empty username in the "Author" field in a commit. | ||
| CVE-2011-2711 | — | < 1.0-1.3 | 1.0-1.3 | Aug 3, 2011 | Cross-site scripting (XSS) vulnerability in the print_fileinfo function in ui-diff.c in cgit 0.9.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the filename associated with the rename hint. |
- affected < 1.2.3-1.10fixed 1.2.3-1.10
cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.
- affected < 1.0-1.3fixed 1.0-1.3
Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
- affected < 1.0-1.3fixed 1.0-1.3
revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
- affected < 1.0-1.3fixed 1.0-1.3
Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow.
- affected < 1.0-1.3fixed 1.0-1.3
CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) atta
- affected < 1.0-1.3fixed 1.0-1.3
CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a re
- CVE-2013-2117Aug 9, 2013affected < 1.0-1.3fixed 1.0-1.3
Directory traversal vulnerability in the cgit_parse_readme function in ui-summary.c in cgit before 0.9.2, when a readme file is set to a filesystem path, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter.
- CVE-2012-4548Nov 11, 2012affected < 1.0-1.3fixed 1.0-1.3
Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permissions to add files to execute arbitrary commands via the --plug-in argument to the highlight command.
- CVE-2012-4465Oct 10, 2012affected < 1.0-1.3fixed 1.0-1.3
Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via an empty username in the "Author" field in a commit.
- CVE-2011-2711Aug 3, 2011affected < 1.0-1.3fixed 1.0-1.3
Cross-site scripting (XSS) vulnerability in the print_fileinfo function in ui-diff.c in cgit 0.9.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the filename associated with the rename hint.