CVSS: 5.0EPSS: 0%CPEs: 33EXPL: 0CVE-2012-3356
https://notcve.org/view.php?id=CVE-2012-3356
The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors. La vista SVN de funcionalidad remota (lib/vclib/svn/svn_ra.py) en ViewVC anterior a v1.1.15 no realiza correctamente la autorización, permite a atacantes remotos eludir restricciones de acceso a través destinados vectores no especificados. • http://osvdb.org/83225 http://viewvc.tigris.org/issues/show_bug.cgi?id=353 http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.1.15/CHANGES http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2755 http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2756 http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2757 http://viewvc.tigris.org/source/browse/viewvc? • CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 0%CPEs: 33EXPL: 0CVE-2012-3357
https://notcve.org/view.php?id=CVE-2012-3357
The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a "log msg leak." La revisión de la vista SVN (lib/vclib/svn/svn_repos.py) en ViewVC anterior a 1.1.15 no controla correctamente los mensajes de registro cuando se copia un camino legible de una ruta ilegible, lo que permite a atacantes remotos obtener información sensible, relacionada con un "log msg leak". • http://osvdb.org/83227 http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2758 http://www.debian.org/security/2012/dsa-2563 http://www.mandriva.com/security/advisories?name=MDVSA-2013:134 http://www.openwall.com/lists/oss-security/2012/06/25/8 http://www.securityfocus.com/bid/54199 https://exchange.xforce.ibmcloud.com/vulnerabilities/76615 https://lwn.net/Articles/505096 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0175 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 1%CPEs: 29EXPL: 0CVE-2009-5024
https://notcve.org/view.php?id=CVE-2009-5024
ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb row_limit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a "query revision history" request. ViewVC antes de v1.1.11 permite a atacantes remotos saltar la opción de configuración de cvsdb que limita el número de columnas, y por lo tanto realizar ataques de consumo de recursos, a través del parámetro límite,como se demuestra con una petición de "consulta al historial de revisiones" • http://openwall.com/lists/oss-security/2011/05/19/1 http://openwall.com/lists/oss-security/2011/05/19/9 http://viewvc.tigris.org/issues/show_bug.cgi?id=433 http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.1.11/CHANGES http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/cvsdb.py?diff_format=u&view=log#rev2547 http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/viewvc.py?diff_format=u&r1=2547&r2=2546&pathrev=2547 http://www.debian&# • CWE-399: Resource Management Errors •