CVSS: 5.4EPSS: 3%CPEs: 1EXPL: 0CVE-2022-29037
https://notcve.org/view.php?id=CVE-2022-29037
12 Apr 2022 — Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. El plugin Jenkins CVS versiones 2.19 y anteriores, no escapa del nombre y la descripción de los parámetros CVS Symbolic Name en las visualizaciones que muestran parámetros, resultando en una vulnerabilidad de scripting cruzado (XSS) almacenada que pue... • https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2324
https://notcve.org/view.php?id=CVE-2020-2324
03 Dec 2020 — Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Jenkins CVS Plugin versiones 2.16 y anteriores, no configuran su analizador XML para impedir ataques de tipo XML external entity (XXE) • http://www.openwall.com/lists/oss-security/2020/12/03/2 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2004-1342
https://notcve.org/view.php?id=CVE-2004-1342
27 Apr 2005 — CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method. • http://www.debian.org/security/2005/dsa-715 •
CVSS: 9.8EPSS: 4%CPEs: 17EXPL: 0CVE-2005-0753
https://notcve.org/view.php?id=CVE-2005-0753
18 Apr 2005 — Buffer overflow in CVS before 1.11.20 allows remote attackers to execute arbitrary code. • http://bugs.gentoo.org/attachment.cgi?id=54352&action=view •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2004-1343
https://notcve.org/view.php?id=CVE-2004-1343
31 Dec 2004 — CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash). • http://www.debian.org/security/2005/dsa-715 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2004-0405
https://notcve.org/view.php?id=CVE-2004-0405
17 Apr 2004 — CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0CVE-2004-0180
https://notcve.org/view.php?id=CVE-2004-0180
16 Apr 2004 — The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2002-0844
https://notcve.org/view.php?id=CVE-2002-0844
12 Aug 2002 — Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code. • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-035.0.txt • CWE-193: Off-by-one Error •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2002-0092
https://notcve.org/view.php?id=CVE-2002-0092
15 Mar 2002 — CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (server crash) via the diff capability. CVS anteriores a 1.10.8 no inicializa adecudamente una variable global, lo que permite a atacantes remotos causar una denegación de servicio (caída del servidor) mediante la capacidad diff. • http://marc.info/?l=vuln-dev&m=101422243817321&w=2 •