18 results (0.009 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. El plugin Jenkins CVS versiones 2.19 y anteriores, no escapa del nombre y la descripción de los parámetros CVS Symbolic Name en las visualizaciones que muestran parámetros, resultando en una vulnerabilidad de scripting cruzado (XSS) almacenada que puede ser explotada por atacantes con permiso Item/Configure • https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Jenkins CVS Plugin versiones 2.16 y anteriores, no configuran su analizador XML para impedir ataques de tipo XML external entity (XXE) • http://www.openwall.com/lists/oss-security/2020/12/03/2 https://www.jenkins.io/security/advisory/2020-12-03/#SECURITY-2146 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0

CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method. • http://www.debian.org/security/2005/dsa-715 •

CVSS: 7.5EPSS: 84%CPEs: 17EXPL: 0

Buffer overflow in CVS before 1.11.20 allows remote attackers to execute arbitrary code. • http://bugs.gentoo.org/attachment.cgi?id=54352&action=view http://secunia.com/advisories/14976 http://www.debian.org/security/2005/dsa-742 http://www.gentoo.org/security/en/glsa/glsa-200504-16.xml http://www.novell.com/linux/security/advisories/2005_24_cvs.html http://www.redhat.com/support/errata/RHSA-2005-387.html https://exchange.xforce.ibmcloud.com/vulnerabilities/20148 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9688 https://access •

CVSS: 7.1EPSS: 1%CPEs: 111EXPL: 1

Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line. • https://www.exploit-db.com/exploits/24182 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:14.cvs.asc http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html http://security.e-matters.de/advisories/092004.html http://www.securityfocus.com/bid/10499 https://exchange.xforce.ibmcloud.com/vulnerabilities/16365 •