Search CVE reports
1 – 10 of 29 results
CVE-2018-1000998
Medium priorityFreeBSD CVSweb version 2.x contains a Cross Site Scripting (XSS) vulnerability in all pages that can result in limited impact--CVSweb is anonymous & read-only. It might impact other sites on same domain. This attack appears to be...
1 affected package
cvsweb
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cvsweb | — | Not affected | Not affected | Not affected | Not affected |
CVE-2017-12836
Medium priorityCVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."
1 affected package
cvs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cvs | — | — | — | — | Fixed |
CVE-2012-0804
Medium prioritySome fixes available 4 of 5
Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.
1 affected package
cvs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cvs | — | — | — | — | — |
CVE-2010-3846
Medium priorityArray index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow.
1 affected package
cvs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cvs | — | — | — | — | — |
CVE-2010-1326
Medium priorityperms.cpp in March Hare Software CVSNT 2.0.58, 2.5.01, 2.5.02, 2.5.03 before build 3736, 2.5.04 before build 2862; CVS Suite 2.5.03, 2008 before build 3736, and 2009 before 3729 allows remote attackers to bypass the permissions...
1 affected package
cvsnt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cvsnt | — | — | — | — | — |
CVE-2010-1625
Medium priorityCross-site scripting (XSS) vulnerability in LXR Cross Referencer before 0.9.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the search body and the results page for a search, a different...
1 affected package
lxr-cvs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
lxr-cvs | — | — | — | — | — |
CVE-2010-1448
Medium priorityCross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in LXR Cross Referencer before 0.9.8 allows remote attackers to inject arbitrary web script or HTML via vectors related to a string in the search page's TITLE element,...
1 affected package
lxr-cvs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
lxr-cvs | — | — | — | — | — |
CVE-2009-4497
Medium priorityCross-site scripting (XSS) vulnerability in LXR Cross Referencer 0.9.5 and 0.9.6 allows remote attackers to inject arbitrary web script or HTML via the i parameter to the ident program.
1 affected package
lxr-cvs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
lxr-cvs | — | — | — | — | — |
CVE-2008-4796
Medium prioritySome fixes available 2 of 23
The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote...
10 affected packages
ampache, gforge-plugin-scmcvs, libphp-snoopy, magpierss, mahara...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ampache | — | — | — | — | — |
gforge-plugin-scmcvs | — | — | — | — | — |
libphp-snoopy | — | — | — | — | — |
magpierss | — | — | — | — | — |
mahara | — | — | — | — | — |
mediamate | — | — | — | — | — |
moodle | — | — | — | — | — |
opendb | — | — | — | — | — |
pixelpost | — | — | — | — | — |
wordpress | — | — | — | — | — |
CVE-2008-1292
Low priorityViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log...
2 affected packages
viewcvs, viewvc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
viewcvs | — | — | — | — | — |
viewvc | — | — | — | — | — |