Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cvs vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-2324
Jenkins CVS Plugin 2.16 and previous versions does not configure its XML parser to prevent XML external entity (XXE) attacks.
Jenkins Cvs
7.5
CVSSv3
CVE-2017-12836
CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote malicious users to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."
Gnu Cvs 1.12.12
Gnu Cvs 1.12.6
Gnu Cvs 1.12.3
Gnu Cvs 1.12.11
Gnu Cvs 1.12.10
Gnu Cvs 1.12.9
Gnu Cvs 1.12.7
Gnu Cvs 1.12.13
Gnu Cvs 1.12.5
Gnu Cvs 1.12.1
Canonical Ubuntu Linux 17.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Debian Debian Linux 9.0
Debian Debian Linux 8.0
6.8
CVSSv3
CVE-2020-4689
IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-ForceID: 186696.
Ibm Security Guardium 11.2
6.5
CVSSv3
CVE-2020-26256
Fast-csv is an npm package for parsing and formatting CSVs or any other delimited value file in node. In fast-cvs before version 4.3.6 there is a possible ReDoS vulnerability (Regular Expression Denial of Service) when using ignoreEmpty option when parsing. This has been patched ...
C2fo Fast-csv
6.1
CVSSv3
CVE-2023-22456
ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scripting vulnerability that affects versions before 1.2.2 and 1.1.29. The impact of this vulnerability is mitigated by the need for an malicious user to have commit privileges to a S...
Viewvc Viewvc
6.1
CVSSv3
CVE-2017-5938
Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC prior to 1.0.14 and 1.1.x prior to 1.1.26 allows remote malicious users to inject arbitrary web script or HTML via the nav_data name.
Debian Debian Linux 8.0
Opensuse Leap 42.2
Opensuse Project Leap 42.1
Viewvc Viewvc
5.5
CVSSv3
CVE-2000-0338
Concurrent Versions Software (CVS) uses predictable temporary file names for locking, which allows local users to cause a denial of service by creating the lock directory before it is created for use by a legitimate CVS user.
Concurrent Versions Software Project Concurrent Versions Software -
1 EDB exploit
5.4
CVSSv3
CVE-2023-43071
Dell SmartFabric Storage Software v1.4 (and previous versions) contains possible vulnerabilities for HTML injection or CVS formula injection which might escalate to cross-site scripting attacks in HTML pages in the GUI. A remote authenticated attacker could potentially exploit t...
Dell Smartfabric Storage Software
5.4
CVSSv3
CVE-2023-22464
ViewVC is a browser interface for CVS and Subversion version control repositories. Versions before 1.2.3 and 1.1.30 are vulnerable to cross-site scripting. The impact of this vulnerability is mitigated by the need for an malicious user to have commit privileges to a Subversion re...
Viewvc Viewvc
5.4
CVSSv3
CVE-2022-29037
Jenkins CVS Plugin 2.19 and previous versions does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Jenkins Cvs
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »