rpm package
opensuse/viewvc&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/viewvc&distro=openSUSE%20Tumbleweed
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-54141 | — | < 1.3.0~dev20250722-1.1 | 1.3.0~dev20250722-1.1 | Jul 22, 2025 | ViewVC is a browser interface for CVS and Subversion version control repositories. In versions 1.1.0 through 1.1.31 and 1.2.0 through 1.2.3, the standalone.py script provided in the ViewVC distribution can expose the contents of the host server's filesystem though a directory tra | ||
| CVE-2020-5283 | — | < 1.3.0~dev20230104-1.1 | 1.3.0~dev20230104-1.1 | Apr 3, 2020 | ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a CVS repository exposed by an otherwise trusted ViewVC instance that also ha | ||
| CVE-2017-5938 | Med | 6.1 | < 1.3.0~dev20230104-1.1 | 1.3.0~dev20230104-1.1 | Mar 15, 2017 | Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name. | |
| CVE-2012-3357 | — | < 1.1.24-2.1 | 1.1.24-2.1 | Jul 22, 2012 | The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a "log msg leak." | ||
| CVE-2012-3356 | — | < 1.1.24-2.1 | 1.1.24-2.1 | Jul 22, 2012 | The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors. |
- CVE-2025-54141Jul 22, 2025affected < 1.3.0~dev20250722-1.1fixed 1.3.0~dev20250722-1.1
ViewVC is a browser interface for CVS and Subversion version control repositories. In versions 1.1.0 through 1.1.31 and 1.2.0 through 1.2.3, the standalone.py script provided in the ViewVC distribution can expose the contents of the host server's filesystem though a directory tra
- CVE-2020-5283Apr 3, 2020affected < 1.3.0~dev20230104-1.1fixed 1.3.0~dev20230104-1.1
ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a CVS repository exposed by an otherwise trusted ViewVC instance that also ha
- affected < 1.3.0~dev20230104-1.1fixed 1.3.0~dev20230104-1.1
Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name.
- CVE-2012-3357Jul 22, 2012affected < 1.1.24-2.1fixed 1.1.24-2.1
The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a "log msg leak."
- CVE-2012-3356Jul 22, 2012affected < 1.1.24-2.1fixed 1.1.24-2.1
The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors.