Skip to main content

Cvs

4 CVEs product

Monthly

CVE-2022-29037 Maven MEDIUM PATCH This Month

Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Cvs
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-2324 Maven HIGH PATCH This Week

Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Cvs
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2017-12836 HIGH POC PATCH This Week

CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Cvs Ubuntu Linux Debian Linux
NVD
CVSS 3.0
7.5
EPSS
3.7%
CVE-2012-0804 CRITICAL Act Now

Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Cvs
NVD
CVSS 2.0
10.0
EPSS
2.5%
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Cvs
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Cvs
NVD
EPSS 4% CVSS 7.5
HIGH POC PATCH This Week

CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Cvs Ubuntu Linux +1
NVD
EPSS 3% CVSS 10.0
CRITICAL Act Now

Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy