Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 26 results


CVE-2023-22464

Medium priority
Needs evaluation

ViewVC is a browser interface for CVS and Subversion version control repositories. Versions prior to 1.2.3 and 1.1.30 are vulnerable to cross-site scripting. The impact of this vulnerability is mitigated by the need for an...

1 affected packages

viewvc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
viewvc Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2023-22456

Medium priority
Needs evaluation

ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scripting vulnerability that affects versions prior to 1.2.2 and 1.1.29. The impact of this vulnerability is mitigated by the need...

1 affected packages

viewvc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
viewvc Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2020-5283

Medium priority
Vulnerable

ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a CVS repository exposed by...

1 affected packages

viewvc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
viewvc Not in release Not in release Not in release Vulnerable Vulnerable
Show less packages

CVE-2007-5743

Low priority
Not affected

viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option.

1 affected packages

viewvc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
viewvc
Show less packages

CVE-2017-5938

Medium priority

Some fixes available 3 of 4

Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name.

1 affected packages

viewvc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
viewvc Fixed
Show less packages

CVE-2012-4533

Medium priority

Some fixes available 1 of 6

Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit...

1 affected packages

viewvc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
viewvc Not affected
Show less packages

CVE-2012-3455

Medium priority

Some fixes available 2 of 9

Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash)...

2 affected packages

koffice, wv2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
koffice Not in release
wv2 Not in release
Show less packages

CVE-2012-3357

Low priority

Some fixes available 1 of 11

The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain...

1 affected packages

viewvc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
viewvc Not affected
Show less packages

CVE-2012-3356

Low priority

Some fixes available 1 of 11

The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors.

1 affected packages

viewvc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
viewvc Not affected
Show less packages

CVE-2009-5024

Low priority

Some fixes available 1 of 12

ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb row_limit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a "query revision history" request.

1 affected packages

viewvc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
viewvc Not affected
Show less packages