Search for packages
| purl | pkg:deb/debian/cgit@1.2.3%2Bgit20221219.50.91f2590%2Bgit2.39.1-1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-4h46-k3sd-3uh8 | security update |
CVE-2016-1899
|
| VCID-brus-h5y6-dffb | security update |
CVE-2016-1901
|
| VCID-chdb-9uwu-67f8 | Git contains multiple vulnerabilities that allow for the remote execution of arbitrary code. |
CVE-2016-2315
|
| VCID-cz1b-nsxp-57hu | Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permissions to add files to execute arbitrary commands via the --plug-in argument to the highlight command. |
CVE-2012-4548
|
| VCID-dwux-f8gv-bbfq | Directory traversal vulnerability in the cgit_parse_readme function in ui-summary.c in cgit before 0.9.2, when a readme file is set to a filesystem path, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. |
CVE-2013-2117
|
| VCID-e67s-whs3-bydn | security update |
CVE-2018-14912
|
| VCID-qh4p-ng26-s7cw | security update |
CVE-2016-1900
|
| VCID-r2s1-ekyx-j3hc | Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via an empty username in the "Author" field in a commit. |
CVE-2012-4465
|
| VCID-vjnp-dnar-p7gy | Git contains multiple vulnerabilities that allow for the remote execution of arbitrary code. |
CVE-2016-2324
|