CVE-2022-29037

<= 2.19

Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying p

5.4MEDIUM

CVE-2020-2324

<= 2.16

Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

7.5HIGH

CVE-2017-12836

all versions

CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repos

7.5HIGH

CVE-2012-0804

all versions

Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to

CVE-2010-3846

all versions

Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file c

CVE-2005-2693

all versions

cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and ex

CVE-2004-1342

all versions

CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the p

CVE-2005-0753

all versions

Buffer overflow in CVS before 1.11.20 allows remote attackers to execute arbitrary code.

CVE-2004-1471

all versions

Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVS

CVE-2004-1343

all versions

CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the

CVE-2004-0778

>= 1.11.0 and < 1.11.17

CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and dir

CVE-2004-0418

all versions

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow

CVE-2004-0417

all versions

Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.1

CVE-2004-0416

all versions

Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remot

CVE-2004-0414

all versions

CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL ter

CVE-2004-0396

all versions

Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote at

CVE-2004-0405

<= 1.10

CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests, a diff

CVE-2004-0180

<= 1.10

The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that us

CVE-2003-0977

all versions

CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root dire

CVE-2003-0015

all versions

Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbi

CVE-2002-0844

< 1.11.2

Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code.

7.8HIGH

CVE-2002-0092

<= 1.10.8

CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (serv

CVE-2000-0680

all versions

The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows

CVE-2000-0679

all versions

The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create