Vulnerabilities > CVS > CVS > 1.12.2

DATE CVE VULNERABILITY TITLE RISK
2004-12-31 CVE-2004-1471 Multiple vulnerability in CVS
Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.
network
high complexity
cvs openpkg sgi freebsd gentoo openbsd
7.1
7.1
2004-08-06 CVE-2004-0418 serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.
network
low complexity
cvs openpkg sgi gentoo openbsd
critical
 10.0
10
2004-08-06 CVE-2004-0417 Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.
network
low complexity
cvs openpkg sgi gentoo openbsd
5.0
5.0
2004-08-06 CVE-2004-0416 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.
network
low complexity
cvs openpkg sgi gentoo openbsd CWE-119
critical
 10.0
10
2004-08-06 CVE-2004-0414 CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.
network
low complexity
cvs openpkg sgi gentoo openbsd
critical
 10.0
10