CVSS: 5.4EPSS: 3%CPEs: 1EXPL: 0CVE-2022-29037
https://notcve.org/view.php?id=CVE-2022-29037
12 Apr 2022 — Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. El plugin Jenkins CVS versiones 2.19 y anteriores, no escapa del nombre y la descripción de los parámetros CVS Symbolic Name en las visualizaciones que muestran parámetros, resultando en una vulnerabilidad de scripting cruzado (XSS) almacenada que pue... • https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2324
https://notcve.org/view.php?id=CVE-2020-2324
03 Dec 2020 — Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Jenkins CVS Plugin versiones 2.16 y anteriores, no configuran su analizador XML para impedir ataques de tipo XML external entity (XXE) • http://www.openwall.com/lists/oss-security/2020/12/03/2 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 0CVE-2012-0804 – cvs: client proxy_connect heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2012-0804
29 May 2012 — Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response. Desbordamiento de búfer basado en memoria dinámica en la funcion proxy_connect en src/client.c en CVS v1.11 y v1.12 permite a los servidores proxy HTTP remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de una respuesta HTTP manipu... • http://lists.opensuse.org/opensuse-updates/2012-02/msg00064.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2004-1342
https://notcve.org/view.php?id=CVE-2004-1342
27 Apr 2005 — CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method. • http://www.debian.org/security/2005/dsa-715 •
CVSS: 9.8EPSS: 4%CPEs: 17EXPL: 0CVE-2005-0753
https://notcve.org/view.php?id=CVE-2005-0753
18 Apr 2005 — Buffer overflow in CVS before 1.11.20 allows remote attackers to execute arbitrary code. • http://bugs.gentoo.org/attachment.cgi?id=54352&action=view •
CVSS: 9.8EPSS: 5%CPEs: 111EXPL: 1CVE-2004-1471 – CVS 1.11.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-1471
31 Dec 2004 — Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line. • https://www.exploit-db.com/exploits/24182 •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2004-1343
https://notcve.org/view.php?id=CVE-2004-1343
31 Dec 2004 — CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash). • http://www.debian.org/security/2005/dsa-715 •
CVSS: 5.3EPSS: 4%CPEs: 2EXPL: 0CVE-2004-0778
https://notcve.org/view.php?id=CVE-2004-0778
18 Aug 2004 — CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned. CVS 1.11.x anteriores a 1.11.17 y 1.12.x anteriores a 1.12.9 permite a atacantes remotos determinar la existencia de ficheros y directorios de su elección mediante el comando -X de un fichero de historia alternativo, lo que hace que devuelve diferentes mensajes de erro... • http://www.idefense.com/application/poi/display?id=130&type=vulnerabilities • CWE-203: Observable Discrepancy •
CVSS: 10.0EPSS: 7%CPEs: 29EXPL: 0CVE-2004-0414
https://notcve.org/view.php?id=CVE-2004-0414
11 Jun 2004 — CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution. CVS 1.12.z a 1.12.8, y 1.11.x a 1.11.16, no maneja adecuadamente líneas "Entry" malformadas, lo que impide que un terminador NULL sea usado y puede conducir a una denegación de servicio (caída), modificación de datos de programa críticos, o ejec... • ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc •
CVSS: 10.0EPSS: 44%CPEs: 29EXPL: 1CVE-2004-0416 – Remote CVS 1.11.15 - 'error_prog_name' Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2004-0416
11 Jun 2004 — Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code. Vulnerabilidad de doble liberación en la cadena error_prog_name en CVS 1.12.x a 1.12.8, y 1.11.x a 1.11.16, puede permitir a atacantes remotos ejecutar código arbitrario. • https://www.exploit-db.com/exploits/392 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •