Known Vulnerabilities for products from Cvs
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Cvs".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2012-0804 | Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy server... | 10 - HIGH | 2012-05-29 | 2023-02-13 |
| CVE-2005-2693 | cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files a... | 4.6 - MEDIUM | 2005-08-26 | 2017-10-11 |
| CVE-2005-0753 | Buffer overflow in CVS before 1.11.20 allows remote attackers to execute arbitrary code. | 7.5 - HIGH | 2005-04-18 | 2017-10-11 |
| CVE-2004-1471 | Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers wit... | 7.1 - HIGH | 2004-12-31 | 2017-07-11 |
| CVE-2004-1343 | CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in... | 5 - MEDIUM | 2004-12-31 | 2008-09-05 |
| CVE-2004-1342 | CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via ... | 7.5 - HIGH | 2005-04-27 | 2008-09-05 |
| CVE-2004-0778 | CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files an... | 5 - MEDIUM | 2004-10-20 | 2017-10-11 |
| CVE-2004-0418 | serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may a... | 10 - HIGH | 2004-08-06 | 2018-05-03 |
| CVE-2004-0417 | Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x throug... | 5 - MEDIUM | 2004-08-06 | 2018-05-03 |
| CVE-2004-0416 | Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow ... | 10 - HIGH | 2004-08-06 | 2018-05-03 |
| CVE-2004-0414 | CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NUL... | 10 - HIGH | 2004-08-06 | 2018-05-03 |
| CVE-2004-0405 | CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests, a... | 5 - MEDIUM | 2004-06-01 | 2017-10-11 |
| CVE-2004-0396 | Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remo... | 7.5 - HIGH | 2004-06-14 | 2017-10-11 |
| CVE-2004-0180 | The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files th... | 2.6 - LOW | 2004-06-01 | 2018-05-03 |
| CVE-2003-0977 | CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root... | 7.5 - HIGH | 2004-01-05 | 2017-10-11 |
| CVE-2003-0015 | Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute... | 7.5 - HIGH | 2003-02-07 | 2018-05-03 |
| CVE-2002-0092 | CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service ... | 5 - MEDIUM | 2002-03-15 | 2016-10-18 |
| CVE-2000-0680 | The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which al... | 7.2 - HIGH | 2000-10-20 | 2008-09-05 |
| CVE-2000-0679 | The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to cr... | 2.1 - LOW | 2000-10-20 | 2008-09-05 |
| CVE-2000-0338 | Concurrent Versions Software (CVS) uses predictable temporary file names for locking, which allows local users to cause a den... | 5 - MEDIUM | 2000-04-23 | 2008-09-10 |