Cvs

Cvs

18 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
10

CVE-2012-0804

  • EPSS 2.51%
  • Published 29.05.2012 20:55:06
  • Last modified 11.04.2025 00:51:21

Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.

4.6

CVE-2005-2693

  • EPSS 0.07%
  • Published 26.08.2005 15:50:00
  • Last modified 03.04.2025 01:03:51

cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack.

7.5

CVE-2004-1342

  • EPSS 0.34%
  • Published 27.04.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method.

7.5

CVE-2005-0753

  • EPSS 5.35%
  • Published 18.04.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

Buffer overflow in CVS before 1.11.20 allows remote attackers to execute arbitrary code.

7.1

CVE-2004-1471

  • EPSS 5.95%
  • Published 31.12.2004 05:00:00
  • Last modified 03.04.2025 01:03:51

Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format strin...

5

CVE-2004-1343

  • EPSS 0.66%
  • Published 31.12.2004 05:00:00
  • Last modified 03.04.2025 01:03:51

CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash).

10

CVE-2004-0416

  • EPSS 43.03%
  • Published 06.08.2004 04:00:00
  • Last modified 03.04.2025 01:03:51

Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.

10

CVE-2004-0418

  • EPSS 14.28%
  • Published 06.08.2004 04:00:00
  • Last modified 03.04.2025 01:03:51

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical prog...

5

CVE-2004-0417

  • EPSS 4.49%
  • Published 06.08.2004 04:00:00
  • Last modified 03.04.2025 01:03:51

Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consu...

10

CVE-2004-0414

  • EPSS 5.25%
  • Published 06.08.2004 04:00:00
  • Last modified 03.04.2025 01:03:51

CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary...