VYPR

Cvs

by GNU

CVEs (2)

  • CVE-2017-12836HigAug 24, 2017
    risk 0.49cvss 7.5epss 0.06

    CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."

  • CVE-2004-0778Oct 20, 2004
    risk 0.00cvss epss 0.02

    CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.