Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cvs
(Cvs)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 18 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2012-05-29 | CVE-2012-0804 | Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response. | Cvs | N/A | ||
2005-08-26 | CVE-2005-2693 | cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack. | Cvs | N/A | ||
2005-04-18 | CVE-2005-0753 | Buffer overflow in CVS before 1.11.20 allows remote attackers to execute arbitrary code. | Cvs | N/A | ||
2004-12-31 | CVE-2004-1471 | Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line. | Cvs, Freebsd, Linux, Openbsd, Openpkg, Propack | N/A | ||
2004-12-31 | CVE-2004-1343 | CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash). | Cvs | N/A | ||
2005-04-27 | CVE-2004-1342 | CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method. | Cvs | N/A | ||
2004-08-06 | CVE-2004-0418 | serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data. | Cvs, Linux, Openbsd, Openpkg, Propack | N/A | ||
2004-08-06 | CVE-2004-0417 | Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space. | Cvs, Linux, Openbsd, Openpkg, Propack | N/A | ||
2004-08-06 | CVE-2004-0416 | Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code. | Cvs, Linux, Openbsd, Openpkg, Propack | N/A | ||
2004-08-06 | CVE-2004-0414 | CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution. | Cvs, Linux, Openbsd, Openpkg, Propack | N/A |