Vulnerabilities > GIT > GIT > 1.5.6.3

DATE CVE VULNERABILITY TITLE RISK
2010-12-17 CVE-2010-3906 Cross-Site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters.
network
git git-scm CWE-79
4.3
2009-06-18 CVE-2009-2108 Resource Management Errors vulnerability in GIT
git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request containing extra unrecognized arguments.
network
low complexity
git CWE-399
5.0
2009-01-21 CVE-2008-5916 Permissions, Privileges, and Access Controls vulnerability in GIT
gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a crafted gitweb query.
local
low complexity
git CWE-264
4.6
2008-08-07 CVE-2008-3546 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GIT
Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep.
network
low complexity
linux git CWE-119
7.5