Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cvs vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2012-0804
Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.
Cvs Cvs 1.11
Cvs Cvs 1.12
715
VMScore
CVE-2004-1471
Format string vulnerability in wrapper.c in CVS 1.12.x up to and including 1.12.8, and 1.11.x up to and including 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string spec...
Cvs Cvs 1.11.10
Cvs Cvs 1.11.11
Cvs Cvs 1.11.5
Cvs Cvs 1.11.6
Openpkg Openpkg 2.0
Openpkg Openpkg Current
Cvs Cvs 1.10.7
Cvs Cvs 1.10.8
Cvs Cvs 1.11
Cvs Cvs 1.11.16
Cvs Cvs 1.11.2
Cvs Cvs 1.12.5
Cvs Cvs 1.12.7
Cvs Cvs 1.11.14
Cvs Cvs 1.11.15
Cvs Cvs 1.12.1
Cvs Cvs 1.12.2
Sgi Propack 2.4
Sgi Propack 3.0
Cvs Cvs 1.11.1
Cvs Cvs 1.11.1 P1
Cvs Cvs 1.11.3
1 EDB exploit
231
VMScore
CVE-2004-0180
The client for CVS prior to 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405.
Cvs Cvs
445
VMScore
CVE-2004-0405
CVS prior to 1.11 allows CVS clients to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180.
Cvs Cvs
454
VMScore
CVE-2017-12836
CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote malicious users to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."
Gnu Cvs 1.12.12
Gnu Cvs 1.12.6
Gnu Cvs 1.12.3
Gnu Cvs 1.12.11
Gnu Cvs 1.12.10
Gnu Cvs 1.12.9
Gnu Cvs 1.12.7
Gnu Cvs 1.12.13
Gnu Cvs 1.12.5
Gnu Cvs 1.12.1
Canonical Ubuntu Linux 17.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Debian Debian Linux 9.0
Debian Debian Linux 8.0
215
VMScore
CVE-2000-0679
The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files.
Cvs Cvs 1.10.8
1 EDB exploit
725
VMScore
CVE-2000-0680
The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action.
Cvs Cvs 1.10.8
1 EDB exploit
409
VMScore
CVE-2005-2693
cvsbug in CVS 1.12.12 and previous versions creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack.
Cvs Cvs 1.12.12
605
VMScore
CVE-2006-6386
Cross-site scripting (XSS) vulnerability in the CVS management/tracker 4.7.x-1.0, 4.7.x-2.0, and 4.7.0 (before the 20060807 contribution release system) for Drupal allows remote malicious users to inject arbitrary web script or HTML via the motivation field in the CVS application...
Drupal Cvs Management And Tracker 4.7 1.0
Drupal Cvs Management And Tracker 4.7 2.0
312
VMScore
CVE-2022-29037
Jenkins CVS Plugin 2.19 and previous versions does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Jenkins Cvs
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »