VYPR

rpm package

opensuse/viewvc&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/viewvc&distro=openSUSE%20Tumbleweed

Vulnerabilities (5)

  • CVE-2025-54141Jul 22, 2025
    affected < 1.3.0~dev20250722-1.1fixed 1.3.0~dev20250722-1.1

    ViewVC is a browser interface for CVS and Subversion version control repositories. In versions 1.1.0 through 1.1.31 and 1.2.0 through 1.2.3, the standalone.py script provided in the ViewVC distribution can expose the contents of the host server's filesystem though a directory tra

  • CVE-2020-5283Apr 3, 2020
    affected < 1.3.0~dev20230104-1.1fixed 1.3.0~dev20230104-1.1

    ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a CVS repository exposed by an otherwise trusted ViewVC instance that also ha

  • CVE-2017-5938MedMar 15, 2017
    affected < 1.3.0~dev20230104-1.1fixed 1.3.0~dev20230104-1.1

    Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name.

  • CVE-2012-3357Jul 22, 2012
    affected < 1.1.24-2.1fixed 1.1.24-2.1

    The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a "log msg leak."

  • CVE-2012-3356Jul 22, 2012
    affected < 1.1.24-2.1fixed 1.1.24-2.1

    The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors.