CVSS: 8.8EPSS: 3%CPEs: 1EXPL: 3CVE-2019-14422 – TortoiseSVN 1.12.1 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-14422
15 Aug 2019 — An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI handler allows a customised diff operation on Excel workbooks, which could be used to open remote workbooks without protection from macro security settings to execute arbitrary code. A tsvncmd:command:diff?path:[file1]?path2:[file2] URI will execute a customised diff on [file1] and [file2] based on the file extension. • https://www.exploit-db.com/exploits/47252 •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 0CVE-2007-3846
https://notcve.org/view.php?id=CVE-2007-3846
28 Aug 2007 — Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\ (dot dot backslash) sequence in the filename, as stored in the file repository. Vulnerabilidad de salto de directorio en Subversion anterior a 1.4.5, utilizado en TortoiseSVN anterior a 1.4.5 y posiblemente otros productos, cuando se ejecuta en sistemas basados en W... • http://crisp.cs.du.edu/?q=node/36 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •