rpm package
opensuse/cvs&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/cvs&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-12836 | Hig | 7.5 | < 1.12.13-1.14 | 1.12.13-1.14 | Aug 24, 2017 | CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar." | |
| CVE-2012-0804 | — | < 1.12.12-183.10 | 1.12.12-183.10 | May 29, 2012 | Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response. |
- affected < 1.12.13-1.14fixed 1.12.13-1.14
CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."
- CVE-2012-0804May 29, 2012affected < 1.12.12-183.10fixed 1.12.12-183.10
Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.