CVE-2017-12836
https://notcve.org/view.php?id=CVE-2017-12836
CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar." CVS 1.12.x, cuando se configura para que use SSH para repositorios remotos, podría permitir que atacantes remotos ejecuten código arbitrario mediante una URL de repositorio con un nombre de host manipulado, tal y como demuestra "-oProxyCommand=id;localhost:/bar. • http://lists.nongnu.org/archive/html/bug-cvs/2017-08/msg00000.html http://www.debian.org/security/2017/dsa-3940 http://www.openwall.com/lists/oss-security/2017/08/11/1 http://www.openwall.com/lists/oss-security/2017/08/11/4 http://www.securityfocus.com/bid/100279 http://www.ubuntu.com/usn/USN-3399-1 https://bugzilla.redhat.com/show_bug.cgi?id=1480800 https://security.gentoo.org/glsa/201709-17 •
CVE-2004-0778
https://notcve.org/view.php?id=CVE-2004-0778
CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned. CVS 1.11.x anteriores a 1.11.17 y 1.12.x anteriores a 1.12.9 permite a atacantes remotos determinar la existencia de ficheros y directorios de su elección mediante el comando -X de un fichero de historia alternativo, lo que hace que devuelve diferentes mensajes de error. • http://www.idefense.com/application/poi/display?id=130&type=vulnerabilities http://www.kb.cert.org/vuls/id/579225 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:108 http://www.securityfocus.com/bid/10955 https://exchange.xforce.ibmcloud.com/vulnerabilities/17001 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10688 https://access.redhat.com/security/cve/CVE-2004-0778 https://bugzilla.redhat.com/show_bug.cgi?id=1617282 • CWE-203: Observable Discrepancy •