Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities by lars_hjemli
CVE-2013-2117 (GCVE-0-2013-2117)
Vulnerability from nvd – Published: 2013-08-09 18:00 – Updated: 2024-08-06 15:27
VLAI
Summary
Directory traversal vulnerability in the cgit_parse_readme function in ui-summary.c in cgit before 0.9.2, when a readme file is set to a filesystem path, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/54186 | third-party-advisoryx_refsource_SECUNIA |
| http://git.zx2c4.com/cgit/commit/?h=wip&id=babf94… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-updates/2013-0… | vendor-advisoryx_refsource_SUSE |
| http://www.openwall.com/lists/oss-security/2013/05/27/3 | mailing-listx_refsource_MLIST |
| http://lists.zx2c4.com/pipermail/cgit/2013-May/00… | mailing-listx_refsource_MLIST |
| http://lists.opensuse.org/opensuse-updates/2013-0… | vendor-advisoryx_refsource_SUSE |
Date Public
2013-05-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:40.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "54186",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54186"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.zx2c4.com/cgit/commit/?h=wip\u0026id=babf94e04e74123eb658a823213c062663cdadd6"
},
{
"name": "openSUSE-SU-2013:1303",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00012.html"
},
{
"name": "[oss-security] 20130527 Re: CVE Request: cgit directory traversal",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/27/3"
},
{
"name": "[CGit] 20130527 [ANNOUNCE] CGIT v0.9.2 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2013-May/001394.html"
},
{
"name": "openSUSE-SU-2013:1207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00061.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the cgit_parse_readme function in ui-summary.c in cgit before 0.9.2, when a readme file is set to a filesystem path, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-22T09:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "54186",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54186"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.zx2c4.com/cgit/commit/?h=wip\u0026id=babf94e04e74123eb658a823213c062663cdadd6"
},
{
"name": "openSUSE-SU-2013:1303",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00012.html"
},
{
"name": "[oss-security] 20130527 Re: CVE Request: cgit directory traversal",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/27/3"
},
{
"name": "[CGit] 20130527 [ANNOUNCE] CGIT v0.9.2 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2013-May/001394.html"
},
{
"name": "openSUSE-SU-2013:1207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00061.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2117",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the cgit_parse_readme function in ui-summary.c in cgit before 0.9.2, when a readme file is set to a filesystem path, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54186",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54186"
},
{
"name": "http://git.zx2c4.com/cgit/commit/?h=wip\u0026id=babf94e04e74123eb658a823213c062663cdadd6",
"refsource": "CONFIRM",
"url": "http://git.zx2c4.com/cgit/commit/?h=wip\u0026id=babf94e04e74123eb658a823213c062663cdadd6"
},
{
"name": "openSUSE-SU-2013:1303",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00012.html"
},
{
"name": "[oss-security] 20130527 Re: CVE Request: cgit directory traversal",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/05/27/3"
},
{
"name": "[CGit] 20130527 [ANNOUNCE] CGIT v0.9.2 Released",
"refsource": "MLIST",
"url": "http://lists.zx2c4.com/pipermail/cgit/2013-May/001394.html"
},
{
"name": "openSUSE-SU-2013:1207",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00061.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2117",
"datePublished": "2013-08-09T18:00:00.000Z",
"dateReserved": "2013-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:27:40.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4548 (GCVE-0-2012-4548)
Vulnerability from nvd – Published: 2012-11-11 11:00 – Updated: 2024-08-06 20:42
VLAI
Summary
Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permissions to add files to execute arbitrary commands via the --plug-in argument to the highlight command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
Date Public
2012-10-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:54.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=870713"
},
{
"name": "51167",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51167"
},
{
"name": "56315",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56315"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.zx2c4.com/cgit/commit/?id=7ea35f9f8ecf61ab42be9947aae1176ab6e089bd"
},
{
"name": "openSUSE-SU-2012:1461",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00004.html"
},
{
"name": "50734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50734"
},
{
"name": "openSUSE-SU-2012:1421",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00021.html"
},
{
"name": "[oss-security] 20121027 CVE Request: cgit command injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/28/1"
},
{
"name": "[oss-security] 20121028 Re: CVE Request: cgit command injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/28/2"
},
{
"name": "cgit-syntaxhighlighting-command-exec(79665)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79665"
},
{
"name": "51222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51222"
},
{
"name": "openSUSE-SU-2012:1460",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00003.html"
},
{
"name": "openSUSE-SU-2012:1422",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permissions to add files to execute arbitrary commands via the --plug-in argument to the highlight command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=870713"
},
{
"name": "51167",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51167"
},
{
"name": "56315",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56315"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.zx2c4.com/cgit/commit/?id=7ea35f9f8ecf61ab42be9947aae1176ab6e089bd"
},
{
"name": "openSUSE-SU-2012:1461",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00004.html"
},
{
"name": "50734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50734"
},
{
"name": "openSUSE-SU-2012:1421",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00021.html"
},
{
"name": "[oss-security] 20121027 CVE Request: cgit command injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/28/1"
},
{
"name": "[oss-security] 20121028 Re: CVE Request: cgit command injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/28/2"
},
{
"name": "cgit-syntaxhighlighting-command-exec(79665)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79665"
},
{
"name": "51222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51222"
},
{
"name": "openSUSE-SU-2012:1460",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00003.html"
},
{
"name": "openSUSE-SU-2012:1422",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00022.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4548",
"datePublished": "2012-11-11T11:00:00.000Z",
"dateReserved": "2012-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:42:54.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4465 (GCVE-0-2012-4465)
Vulnerability from nvd – Published: 2012-10-10 18:00 – Updated: 2024-08-06 20:35
VLAI
Summary
Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via an empty username in the "Author" field in a commit.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2012/09/30/1 | mailing-listx_refsource_MLIST |
| http://git.zx2c4.com/cgit/commit/?id=7757d1b046ec… | x_refsource_CONFIRM |
| http://hjemli.net/pipermail/cgit/2012-July/000652.html | mailing-listx_refsource_MLIST |
| https://bugzilla.redhat.com/show_bug.cgi?id=820733 | x_refsource_MISC |
| http://secunia.com/advisories/50734 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/55724 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2012/10/03/7 | mailing-listx_refsource_MLIST |
Date Public
2012-04-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120930 cgit: heap buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/30/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.zx2c4.com/cgit/commit/?id=7757d1b046ecb67b830151d20715c658867df1ec"
},
{
"name": "[cgit] 20120703 avoid stack-smash when processing unusual commit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://hjemli.net/pipermail/cgit/2012-July/000652.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=820733"
},
{
"name": "50734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50734"
},
{
"name": "55724",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55724"
},
{
"name": "[oss-security] 20121003 Re: cgit: heap buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/03/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via an empty username in the \"Author\" field in a commit."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-29T10:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120930 cgit: heap buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/30/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.zx2c4.com/cgit/commit/?id=7757d1b046ecb67b830151d20715c658867df1ec"
},
{
"name": "[cgit] 20120703 avoid stack-smash when processing unusual commit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://hjemli.net/pipermail/cgit/2012-July/000652.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=820733"
},
{
"name": "50734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50734"
},
{
"name": "55724",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55724"
},
{
"name": "[oss-security] 20121003 Re: cgit: heap buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/03/7"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4465",
"datePublished": "2012-10-10T18:00:00.000Z",
"dateReserved": "2012-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:35:09.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2711 (GCVE-0-2011-2711)
Vulnerability from nvd – Published: 2011-08-03 00:00 – Updated: 2024-08-06 23:08
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the print_fileinfo function in ui-diff.c in cgit 0.9.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the filename associated with the rename hint.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
Date Public
2011-07-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.782Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110724 Re: Re: CVE Request -- cGit -- XSS flaw in rename hint",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/24/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=725042"
},
{
"name": "48866",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48866"
},
{
"name": "[oss-security] 20110724 Re: Re: CVE Request -- cGit -- XSS flaw in rename hint",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/24/3"
},
{
"name": "[oss-security] 20110722 Re: CVE Request -- cGit -- XSS flaw in rename hint",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/22/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hjemli.net/git/cgit/commit/?h=stable\u0026id=bebe89d7c11a92bf206bf6e528c51ffa8ecbc0d5"
},
{
"name": "openSUSE-SU-2011:0891",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/10998459"
},
{
"name": "74050",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/74050"
},
{
"name": "[oss-security] 20110722 CVE Request -- cGit -- XSS flaw in rename hint",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/22/2"
},
{
"name": "45358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45358"
},
{
"name": "[oss-security] 20110722 Re: CVE Request -- cGit -- XSS flaw in rename hint",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/22/7"
},
{
"name": "45541",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45541"
},
{
"name": "cgit-renamehint-xss(68754)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68754"
},
{
"name": "[cgit] 20110722 [PATCH] Fix potential XSS vulnerability in rename hint",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://hjemli.net/pipermail/cgit/2011-July/000276.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-07-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the print_fileinfo function in ui-diff.c in cgit 0.9.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the filename associated with the rename hint."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110724 Re: Re: CVE Request -- cGit -- XSS flaw in rename hint",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/24/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=725042"
},
{
"name": "48866",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48866"
},
{
"name": "[oss-security] 20110724 Re: Re: CVE Request -- cGit -- XSS flaw in rename hint",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/24/3"
},
{
"name": "[oss-security] 20110722 Re: CVE Request -- cGit -- XSS flaw in rename hint",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/22/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hjemli.net/git/cgit/commit/?h=stable\u0026id=bebe89d7c11a92bf206bf6e528c51ffa8ecbc0d5"
},
{
"name": "openSUSE-SU-2011:0891",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/10998459"
},
{
"name": "74050",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/74050"
},
{
"name": "[oss-security] 20110722 CVE Request -- cGit -- XSS flaw in rename hint",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/22/2"
},
{
"name": "45358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45358"
},
{
"name": "[oss-security] 20110722 Re: CVE Request -- cGit -- XSS flaw in rename hint",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/22/7"
},
{
"name": "45541",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45541"
},
{
"name": "cgit-renamehint-xss(68754)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68754"
},
{
"name": "[cgit] 20110722 [PATCH] Fix potential XSS vulnerability in rename hint",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://hjemli.net/pipermail/cgit/2011-July/000276.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2711",
"datePublished": "2011-08-03T00:00:00.000Z",
"dateReserved": "2011-07-11T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:08:23.782Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1027 (GCVE-0-2011-1027)
Vulnerability from nvd – Published: 2011-03-20 01:00 – Updated: 2024-08-06 22:14
VLAI
Summary
Off-by-one error in the convert_query_hexchar function in html.c in cgit.cgi in cgit before 0.8.3.5 allows remote attackers to cause a denial of service (infinite loop) via a string composed of a % (percent) character followed by invalid hex characters, as demonstrated by a %gg sequence.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
| URL | Tags |
|---|---|
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.osvdb.org/71005 | vdb-entryx_refsource_OSVDB |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.securityfocus.com/bid/46756 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2011/0667 | vdb-entryx_refsource_VUPEN |
| http://openwall.com/lists/oss-security/2011/03/07/3 | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/43788 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://bugzilla.redhat.com/show_bug.cgi?id=680905 | x_refsource_CONFIRM |
| http://secunia.com/advisories/43633 | third-party-advisoryx_refsource_SECUNIA |
| http://article.gmane.org/gmane.comp.version-contr… | mailing-listx_refsource_MLIST |
| http://hjemli.net/git/cgit/commit/?h=stable&id=fc… | x_refsource_CONFIRM |
Date Public
2011-03-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2011-2803",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055896.html"
},
{
"name": "71005",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/71005"
},
{
"name": "FEDORA-2011-2790",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055966.html"
},
{
"name": "46756",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46756"
},
{
"name": "ADV-2011-0667",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0667"
},
{
"name": "[oss-security] 20110307 cgit convert_query_hexchar infinite loop (CVE-2011-1027)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/3"
},
{
"name": "43788",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43788"
},
{
"name": "FEDORA-2011-2815",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055898.html"
},
{
"name": "cgit-convertqueryhexchar-dos(65919)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65919"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680905"
},
{
"name": "43633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43633"
},
{
"name": "[git] 20110305 [ANNOUNCE] CGIT 0.8.3.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.comp.version-control.git/168493"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hjemli.net/git/cgit/commit/?h=stable\u0026id=fc384b16fb9787380746000d3cea2d53fccc548e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the convert_query_hexchar function in html.c in cgit.cgi in cgit before 0.8.3.5 allows remote attackers to cause a denial of service (infinite loop) via a string composed of a % (percent) character followed by invalid hex characters, as demonstrated by a %gg sequence."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2011-2803",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055896.html"
},
{
"name": "71005",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/71005"
},
{
"name": "FEDORA-2011-2790",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055966.html"
},
{
"name": "46756",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46756"
},
{
"name": "ADV-2011-0667",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0667"
},
{
"name": "[oss-security] 20110307 cgit convert_query_hexchar infinite loop (CVE-2011-1027)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/3"
},
{
"name": "43788",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43788"
},
{
"name": "FEDORA-2011-2815",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055898.html"
},
{
"name": "cgit-convertqueryhexchar-dos(65919)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65919"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680905"
},
{
"name": "43633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43633"
},
{
"name": "[git] 20110305 [ANNOUNCE] CGIT 0.8.3.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://article.gmane.org/gmane.comp.version-control.git/168493"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hjemli.net/git/cgit/commit/?h=stable\u0026id=fc384b16fb9787380746000d3cea2d53fccc548e"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1027",
"datePublished": "2011-03-20T01:00:00.000Z",
"dateReserved": "2011-02-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:14:27.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2117 (GCVE-0-2013-2117)
Vulnerability from cvelistv5 – Published: 2013-08-09 18:00 – Updated: 2024-08-06 15:27
VLAI
Summary
Directory traversal vulnerability in the cgit_parse_readme function in ui-summary.c in cgit before 0.9.2, when a readme file is set to a filesystem path, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/54186 | third-party-advisoryx_refsource_SECUNIA |
| http://git.zx2c4.com/cgit/commit/?h=wip&id=babf94… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-updates/2013-0… | vendor-advisoryx_refsource_SUSE |
| http://www.openwall.com/lists/oss-security/2013/05/27/3 | mailing-listx_refsource_MLIST |
| http://lists.zx2c4.com/pipermail/cgit/2013-May/00… | mailing-listx_refsource_MLIST |
| http://lists.opensuse.org/opensuse-updates/2013-0… | vendor-advisoryx_refsource_SUSE |
Date Public
2013-05-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:40.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "54186",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54186"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.zx2c4.com/cgit/commit/?h=wip\u0026id=babf94e04e74123eb658a823213c062663cdadd6"
},
{
"name": "openSUSE-SU-2013:1303",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00012.html"
},
{
"name": "[oss-security] 20130527 Re: CVE Request: cgit directory traversal",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/27/3"
},
{
"name": "[CGit] 20130527 [ANNOUNCE] CGIT v0.9.2 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2013-May/001394.html"
},
{
"name": "openSUSE-SU-2013:1207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00061.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the cgit_parse_readme function in ui-summary.c in cgit before 0.9.2, when a readme file is set to a filesystem path, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-22T09:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "54186",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54186"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.zx2c4.com/cgit/commit/?h=wip\u0026id=babf94e04e74123eb658a823213c062663cdadd6"
},
{
"name": "openSUSE-SU-2013:1303",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00012.html"
},
{
"name": "[oss-security] 20130527 Re: CVE Request: cgit directory traversal",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/27/3"
},
{
"name": "[CGit] 20130527 [ANNOUNCE] CGIT v0.9.2 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2013-May/001394.html"
},
{
"name": "openSUSE-SU-2013:1207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00061.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2117",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the cgit_parse_readme function in ui-summary.c in cgit before 0.9.2, when a readme file is set to a filesystem path, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54186",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54186"
},
{
"name": "http://git.zx2c4.com/cgit/commit/?h=wip\u0026id=babf94e04e74123eb658a823213c062663cdadd6",
"refsource": "CONFIRM",
"url": "http://git.zx2c4.com/cgit/commit/?h=wip\u0026id=babf94e04e74123eb658a823213c062663cdadd6"
},
{
"name": "openSUSE-SU-2013:1303",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00012.html"
},
{
"name": "[oss-security] 20130527 Re: CVE Request: cgit directory traversal",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/05/27/3"
},
{
"name": "[CGit] 20130527 [ANNOUNCE] CGIT v0.9.2 Released",
"refsource": "MLIST",
"url": "http://lists.zx2c4.com/pipermail/cgit/2013-May/001394.html"
},
{
"name": "openSUSE-SU-2013:1207",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00061.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2117",
"datePublished": "2013-08-09T18:00:00.000Z",
"dateReserved": "2013-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:27:40.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4548 (GCVE-0-2012-4548)
Vulnerability from cvelistv5 – Published: 2012-11-11 11:00 – Updated: 2024-08-06 20:42
VLAI
Summary
Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permissions to add files to execute arbitrary commands via the --plug-in argument to the highlight command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
Date Public
2012-10-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:54.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=870713"
},
{
"name": "51167",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51167"
},
{
"name": "56315",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56315"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.zx2c4.com/cgit/commit/?id=7ea35f9f8ecf61ab42be9947aae1176ab6e089bd"
},
{
"name": "openSUSE-SU-2012:1461",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00004.html"
},
{
"name": "50734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50734"
},
{
"name": "openSUSE-SU-2012:1421",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00021.html"
},
{
"name": "[oss-security] 20121027 CVE Request: cgit command injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/28/1"
},
{
"name": "[oss-security] 20121028 Re: CVE Request: cgit command injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/28/2"
},
{
"name": "cgit-syntaxhighlighting-command-exec(79665)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79665"
},
{
"name": "51222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51222"
},
{
"name": "openSUSE-SU-2012:1460",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00003.html"
},
{
"name": "openSUSE-SU-2012:1422",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permissions to add files to execute arbitrary commands via the --plug-in argument to the highlight command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=870713"
},
{
"name": "51167",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51167"
},
{
"name": "56315",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56315"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.zx2c4.com/cgit/commit/?id=7ea35f9f8ecf61ab42be9947aae1176ab6e089bd"
},
{
"name": "openSUSE-SU-2012:1461",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00004.html"
},
{
"name": "50734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50734"
},
{
"name": "openSUSE-SU-2012:1421",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00021.html"
},
{
"name": "[oss-security] 20121027 CVE Request: cgit command injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/28/1"
},
{
"name": "[oss-security] 20121028 Re: CVE Request: cgit command injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/28/2"
},
{
"name": "cgit-syntaxhighlighting-command-exec(79665)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79665"
},
{
"name": "51222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51222"
},
{
"name": "openSUSE-SU-2012:1460",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00003.html"
},
{
"name": "openSUSE-SU-2012:1422",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00022.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4548",
"datePublished": "2012-11-11T11:00:00.000Z",
"dateReserved": "2012-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:42:54.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4465 (GCVE-0-2012-4465)
Vulnerability from cvelistv5 – Published: 2012-10-10 18:00 – Updated: 2024-08-06 20:35
VLAI
Summary
Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via an empty username in the "Author" field in a commit.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2012/09/30/1 | mailing-listx_refsource_MLIST |
| http://git.zx2c4.com/cgit/commit/?id=7757d1b046ec… | x_refsource_CONFIRM |
| http://hjemli.net/pipermail/cgit/2012-July/000652.html | mailing-listx_refsource_MLIST |
| https://bugzilla.redhat.com/show_bug.cgi?id=820733 | x_refsource_MISC |
| http://secunia.com/advisories/50734 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/55724 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2012/10/03/7 | mailing-listx_refsource_MLIST |
Date Public
2012-04-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120930 cgit: heap buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/30/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.zx2c4.com/cgit/commit/?id=7757d1b046ecb67b830151d20715c658867df1ec"
},
{
"name": "[cgit] 20120703 avoid stack-smash when processing unusual commit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://hjemli.net/pipermail/cgit/2012-July/000652.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=820733"
},
{
"name": "50734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50734"
},
{
"name": "55724",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55724"
},
{
"name": "[oss-security] 20121003 Re: cgit: heap buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/03/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via an empty username in the \"Author\" field in a commit."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-29T10:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120930 cgit: heap buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/30/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.zx2c4.com/cgit/commit/?id=7757d1b046ecb67b830151d20715c658867df1ec"
},
{
"name": "[cgit] 20120703 avoid stack-smash when processing unusual commit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://hjemli.net/pipermail/cgit/2012-July/000652.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=820733"
},
{
"name": "50734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50734"
},
{
"name": "55724",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55724"
},
{
"name": "[oss-security] 20121003 Re: cgit: heap buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/03/7"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4465",
"datePublished": "2012-10-10T18:00:00.000Z",
"dateReserved": "2012-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:35:09.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2711 (GCVE-0-2011-2711)
Vulnerability from cvelistv5 – Published: 2011-08-03 00:00 – Updated: 2024-08-06 23:08
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the print_fileinfo function in ui-diff.c in cgit 0.9.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the filename associated with the rename hint.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
Date Public
2011-07-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.782Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110724 Re: Re: CVE Request -- cGit -- XSS flaw in rename hint",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/24/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=725042"
},
{
"name": "48866",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48866"
},
{
"name": "[oss-security] 20110724 Re: Re: CVE Request -- cGit -- XSS flaw in rename hint",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/24/3"
},
{
"name": "[oss-security] 20110722 Re: CVE Request -- cGit -- XSS flaw in rename hint",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/22/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hjemli.net/git/cgit/commit/?h=stable\u0026id=bebe89d7c11a92bf206bf6e528c51ffa8ecbc0d5"
},
{
"name": "openSUSE-SU-2011:0891",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/10998459"
},
{
"name": "74050",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/74050"
},
{
"name": "[oss-security] 20110722 CVE Request -- cGit -- XSS flaw in rename hint",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/22/2"
},
{
"name": "45358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45358"
},
{
"name": "[oss-security] 20110722 Re: CVE Request -- cGit -- XSS flaw in rename hint",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/22/7"
},
{
"name": "45541",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45541"
},
{
"name": "cgit-renamehint-xss(68754)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68754"
},
{
"name": "[cgit] 20110722 [PATCH] Fix potential XSS vulnerability in rename hint",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://hjemli.net/pipermail/cgit/2011-July/000276.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-07-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the print_fileinfo function in ui-diff.c in cgit 0.9.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the filename associated with the rename hint."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110724 Re: Re: CVE Request -- cGit -- XSS flaw in rename hint",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/24/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=725042"
},
{
"name": "48866",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48866"
},
{
"name": "[oss-security] 20110724 Re: Re: CVE Request -- cGit -- XSS flaw in rename hint",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/24/3"
},
{
"name": "[oss-security] 20110722 Re: CVE Request -- cGit -- XSS flaw in rename hint",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/22/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hjemli.net/git/cgit/commit/?h=stable\u0026id=bebe89d7c11a92bf206bf6e528c51ffa8ecbc0d5"
},
{
"name": "openSUSE-SU-2011:0891",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/10998459"
},
{
"name": "74050",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/74050"
},
{
"name": "[oss-security] 20110722 CVE Request -- cGit -- XSS flaw in rename hint",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/22/2"
},
{
"name": "45358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45358"
},
{
"name": "[oss-security] 20110722 Re: CVE Request -- cGit -- XSS flaw in rename hint",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/22/7"
},
{
"name": "45541",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45541"
},
{
"name": "cgit-renamehint-xss(68754)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68754"
},
{
"name": "[cgit] 20110722 [PATCH] Fix potential XSS vulnerability in rename hint",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://hjemli.net/pipermail/cgit/2011-July/000276.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2711",
"datePublished": "2011-08-03T00:00:00.000Z",
"dateReserved": "2011-07-11T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:08:23.782Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1027 (GCVE-0-2011-1027)
Vulnerability from cvelistv5 – Published: 2011-03-20 01:00 – Updated: 2024-08-06 22:14
VLAI
Summary
Off-by-one error in the convert_query_hexchar function in html.c in cgit.cgi in cgit before 0.8.3.5 allows remote attackers to cause a denial of service (infinite loop) via a string composed of a % (percent) character followed by invalid hex characters, as demonstrated by a %gg sequence.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
| URL | Tags |
|---|---|
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.osvdb.org/71005 | vdb-entryx_refsource_OSVDB |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.securityfocus.com/bid/46756 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2011/0667 | vdb-entryx_refsource_VUPEN |
| http://openwall.com/lists/oss-security/2011/03/07/3 | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/43788 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://bugzilla.redhat.com/show_bug.cgi?id=680905 | x_refsource_CONFIRM |
| http://secunia.com/advisories/43633 | third-party-advisoryx_refsource_SECUNIA |
| http://article.gmane.org/gmane.comp.version-contr… | mailing-listx_refsource_MLIST |
| http://hjemli.net/git/cgit/commit/?h=stable&id=fc… | x_refsource_CONFIRM |
Date Public
2011-03-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2011-2803",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055896.html"
},
{
"name": "71005",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/71005"
},
{
"name": "FEDORA-2011-2790",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055966.html"
},
{
"name": "46756",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46756"
},
{
"name": "ADV-2011-0667",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0667"
},
{
"name": "[oss-security] 20110307 cgit convert_query_hexchar infinite loop (CVE-2011-1027)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/3"
},
{
"name": "43788",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43788"
},
{
"name": "FEDORA-2011-2815",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055898.html"
},
{
"name": "cgit-convertqueryhexchar-dos(65919)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65919"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680905"
},
{
"name": "43633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43633"
},
{
"name": "[git] 20110305 [ANNOUNCE] CGIT 0.8.3.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.comp.version-control.git/168493"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hjemli.net/git/cgit/commit/?h=stable\u0026id=fc384b16fb9787380746000d3cea2d53fccc548e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the convert_query_hexchar function in html.c in cgit.cgi in cgit before 0.8.3.5 allows remote attackers to cause a denial of service (infinite loop) via a string composed of a % (percent) character followed by invalid hex characters, as demonstrated by a %gg sequence."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2011-2803",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055896.html"
},
{
"name": "71005",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/71005"
},
{
"name": "FEDORA-2011-2790",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055966.html"
},
{
"name": "46756",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46756"
},
{
"name": "ADV-2011-0667",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0667"
},
{
"name": "[oss-security] 20110307 cgit convert_query_hexchar infinite loop (CVE-2011-1027)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/07/3"
},
{
"name": "43788",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43788"
},
{
"name": "FEDORA-2011-2815",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055898.html"
},
{
"name": "cgit-convertqueryhexchar-dos(65919)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65919"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680905"
},
{
"name": "43633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43633"
},
{
"name": "[git] 20110305 [ANNOUNCE] CGIT 0.8.3.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://article.gmane.org/gmane.comp.version-control.git/168493"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hjemli.net/git/cgit/commit/?h=stable\u0026id=fc384b16fb9787380746000d3cea2d53fccc548e"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1027",
"datePublished": "2011-03-20T01:00:00.000Z",
"dateReserved": "2011-02-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:14:27.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}