MiracleLinux 3 : cvs-1.11.22-11.AXS3.1 (AXSA:2012-268:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-268:01 advisory. CVS Concurrent Versions System is a version control system that can record the history of your files usually, but not always, source code. CVS only stores the...

MiracleLinux 4 : cvs-1.11.23-11.1.0.1.AXS4 (AXSA:2012-238:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-238:01 advisory. CVS Concurrent Versions System is a version control system that can record the history of your files usually, but not always, source code. CVS only stores the...

SUSE CVE-2017-12836

CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."...

DEBIAN-CVE-2017-12836

CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."...

ALPINE-CVE-2017-12836

CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."...

PT-2017-3344

Name of the Vulnerable Software and Affected Versions CVS versions 1.12.x git-annex versions prior to 6.20170818 Description The issue is related to the improper handling of data when interacting with a remote repository over SSH. This could allow a remote attacker to execute arbitrary code by...

USN-1371-1: cvs vulnerability

It was discovered that cvs incorrectly handled certain responses from proxy servers. If a user were tricked into connecting to a malicious proxy server, a remote attacker could cause cvs to crash, or possibly execute arbitrary code...

cvs: client proxy_connect heap-based buffer overflow

Heap-based buffer overflow in the proxyconnect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service crash and possibly execute arbitrary code via a crafted HTTP response...

Fedora Update for cvs FEDORA-2012-1400

Check for the Version of cvs OpenVAS Vulnerability Test Fedora Update for cvs FEDORA-2012-1400 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of t...

PT-2010-5116 · Concurrent Versions System +1 · Cvs +1

Name of the Vulnerable Software and Affected Versions: CVS version 1.11.23 Description: The issue is related to an array index error in the apply rcs change function, located in the rcs.c file. This error can be exploited by local users to gain privileges through a specially crafted RCS file that...

Fedora Update for cvs FEDORA-2010-16600

Check for the Version of cvs OpenVAS Vulnerability Test Fedora Update for cvs FEDORA-2010-16600 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

CVS Annotate Command Revision String Buffer Overflow (CVE-2005-0753)

Concurrent Versions System CVS is an open-source version control system. CVS allows access to source repository from local clients or from the remote clients over a network. There exists a buffer overflow vulnerability in the Concurrent Versions System CVS. This issue is caused by improper bounds...

FreeBSD Security Advisory (FreeBSD-SA-04:10.cvs.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-04:10.cvs.asc ADV FreeBSD-SA-04:10.cvs.asc OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

FreeBSD Security Advisory (FreeBSD-SA-04:14.cvs.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-04:14.cvs.asc ADV FreeBSD-SA-04:14.cvs.asc OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Debian Security Advisory DSA 519-1 (cvs)

The remote host is missing an update to cvs announced via advisory DSA 519-1. OpenVAS Vulnerability Test $Id: deb5191.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 519-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian: Security Advisory (DSA-519)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 233-1 (cvs)

The remote host is missing an update to cvs announced via advisory DSA 233-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

A CVS pserver is running

A CVS Concurrent Versions System server is installed, and it is configured to have its own password file, or use that of the system. This service starts as a daemon, listening on port TCP:port. Knowing that a CVS server is present on the system gives attackers additional information about the...

DSA-802-1 cvs - insecure temporary files

Bulletin has no description...

DEBIAN-CVE-2004-1342

CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method...