Search criteria

6 vulnerabilities found for bsd_mailx by bsd_mailx_project

FKIE_CVE-2014-7844

Vulnerability from fkie_nvd - Published: 2020-01-14 17:15 - Updated: 2024-11-21 02:18
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.
References
secalert@redhat.comhttp://linux.oracle.com/errata/ELSA-2014-1999.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-1999.htmlThird Party Advisory
secalert@redhat.comhttp://seclists.org/oss-sec/2014/q4/1066Mailing List, Patch, Third Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2014/dsa-3104Third Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2014/dsa-3105Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://linux.oracle.com/errata/ELSA-2014-1999.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-1999.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/oss-sec/2014/q4/1066Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-3104Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-3105Third Party Advisory
Impacted products
Vendor Product Version
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 6.6
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_eus 6.6
redhat enterprise_linux_server_eus 7.2
redhat enterprise_linux_server_eus 7.3
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_eus 7.7
redhat enterprise_linux_server_tus 6.6
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 7.0
bsd_mailx_project bsd_mailx 8.1.2
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "16E6D998-B41D-4B49-9E00-8336D2E40A4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C18E3368-8980-45D2-AD3F-5BF385ABA693",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "44B067C7-735E-43C9-9188-7E1522A02491",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "21690BAC-2129-4A33-9B48-1F3BF30072A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "13E02156-E748-4820-B76F-7074793837E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:bsd_mailx_project:bsd_mailx:8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D9B055A-CBCF-4478-AFE9-5A744759A6D9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address."
    },
    {
      "lang": "es",
      "value": "BSD mailx versi\u00f3n 8.1.2 y anteriores, permiten a atacantes remotos ejecutar comandos arbitrarios por medio de una direcci\u00f3n de correo electr\u00f3nico dise\u00f1ada."
    }
  ],
  "id": "CVE-2014-7844",
  "lastModified": "2024-11-21T02:18:07.667",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-14T17:15:11.940",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://linux.oracle.com/errata/ELSA-2014-1999.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1999.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/oss-sec/2014/q4/1066"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2014/dsa-3104"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2014/dsa-3105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://linux.oracle.com/errata/ELSA-2014-1999.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1999.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/oss-sec/2014/q4/1066"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2014/dsa-3104"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2014/dsa-3105"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2004-2771

Vulnerability from fkie_nvd - Published: 2014-12-24 18:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.
References
secalert@redhat.comhttp://linux.oracle.com/errata/ELSA-2014-1999.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-1999.html
secalert@redhat.comhttp://seclists.org/oss-sec/2014/q4/1066
secalert@redhat.comhttp://secunia.com/advisories/60940
secalert@redhat.comhttp://secunia.com/advisories/61585
secalert@redhat.comhttp://secunia.com/advisories/61693
secalert@redhat.comhttp://www.debian.org/security/2014/dsa-3105
secalert@redhat.comhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748Exploit
af854a3a-2127-422b-91ae-364da2661108http://linux.oracle.com/errata/ELSA-2014-1999.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-1999.html
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/oss-sec/2014/q4/1066
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60940
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/61585
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/61693
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-3105
af854a3a-2127-422b-91ae-364da2661108https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748Exploit
Impacted products
Vendor Product Version
oracle linux 6
oracle linux 7
redhat enterprise_linux 6.0
redhat enterprise_linux 7.0
bsd_mailx_project bsd_mailx *
heirloom mailx *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC7A498A-A669-4C42-8134-86103C799D13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
              "matchCriteriaId": "104DA87B-DEE4-4262-AE50-8E6BC43B228B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:bsd_mailx_project:bsd_mailx:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05584BFD-1732-4D2C-82A2-7DA30DC93FEA",
              "versionEndIncluding": "8.1.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:heirloom:mailx:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08806745-B648-4E1D-93B3-715FF017D06C",
              "versionEndIncluding": "12.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n extendida en fio.c en Heirloom mailx 12.5 y anteriores y BSD mailx 8.1.2 y anteriores permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s metacaracteres de shell en una direcci\u00f3n de correo electr\u00f3nico."
    }
  ],
  "id": "CVE-2004-2771",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-12-24T18:59:00.103",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://linux.oracle.com/errata/ELSA-2014-1999.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1999.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://seclists.org/oss-sec/2014/q4/1066"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/60940"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/61585"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/61693"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2014/dsa-3105"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://linux.oracle.com/errata/ELSA-2014-1999.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1999.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/oss-sec/2014/q4/1066"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60940"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/61585"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/61693"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-3105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2014-7844 (GCVE-0-2014-7844)

Vulnerability from cvelistv5 – Published: 2020-01-14 16:13 – Updated: 2024-08-06 13:03
VLAI?
Summary
BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.
Severity ?
No CVSS data available.
CWE
  • Metacharacters
Assigner
References
Impacted products
Vendor Product Version
BSD mailx Affected: 8.1.2 and earlier
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:03:27.517Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2014/q4/1066"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://linux.oracle.com/errata/ELSA-2014-1999.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3104"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3105"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1999.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mailx",
          "vendor": "BSD",
          "versions": [
            {
              "status": "affected",
              "version": "8.1.2 and earlier"
            }
          ]
        }
      ],
      "datePublic": "2004-10-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Metacharacters",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-14T16:13:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://seclists.org/oss-sec/2014/q4/1066"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://linux.oracle.com/errata/ELSA-2014-1999.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3104"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3105"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1999.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-7844",
    "datePublished": "2020-01-14T16:13:01",
    "dateReserved": "2014-10-03T00:00:00",
    "dateUpdated": "2024-08-06T13:03:27.517Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2004-2771 (GCVE-0-2004-2771)

Vulnerability from cvelistv5 – Published: 2014-12-24 18:00 – Updated: 2024-08-08 01:36
VLAI?
Summary
The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://linux.oracle.com/errata/ELSA-2014-1999.html x_refsource_CONFIRM
http://www.debian.org/security/2014/dsa-3105 vendor-advisoryx_refsource_DEBIAN
http://secunia.com/advisories/61693 third-party-advisoryx_refsource_SECUNIA
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… x_refsource_CONFIRM
http://seclists.org/oss-sec/2014/q4/1066 mailing-listx_refsource_MLIST
http://secunia.com/advisories/60940 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61585 third-party-advisoryx_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2014-1999.html vendor-advisoryx_refsource_REDHAT
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:36:25.354Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://linux.oracle.com/errata/ELSA-2014-1999.html"
          },
          {
            "name": "DSA-3105",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3105"
          },
          {
            "name": "61693",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61693"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748"
          },
          {
            "name": "[oss-security] 20141216 mailx issues (CVE-2004-2771, CVE-2014-7844)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2014/q4/1066"
          },
          {
            "name": "60940",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60940"
          },
          {
            "name": "61585",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61585"
          },
          {
            "name": "RHSA-2014:1999",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1999.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-10-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-12-24T17:57:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://linux.oracle.com/errata/ELSA-2014-1999.html"
        },
        {
          "name": "DSA-3105",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3105"
        },
        {
          "name": "61693",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61693"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748"
        },
        {
          "name": "[oss-security] 20141216 mailx issues (CVE-2004-2771, CVE-2014-7844)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2014/q4/1066"
        },
        {
          "name": "60940",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60940"
        },
        {
          "name": "61585",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61585"
        },
        {
          "name": "RHSA-2014:1999",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1999.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2004-2771",
    "datePublished": "2014-12-24T18:00:00",
    "dateReserved": "2012-01-04T00:00:00",
    "dateUpdated": "2024-08-08T01:36:25.354Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-7844 (GCVE-0-2014-7844)

Vulnerability from nvd – Published: 2020-01-14 16:13 – Updated: 2024-08-06 13:03
VLAI?
Summary
BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.
Severity ?
No CVSS data available.
CWE
  • Metacharacters
Assigner
References
Impacted products
Vendor Product Version
BSD mailx Affected: 8.1.2 and earlier
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:03:27.517Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2014/q4/1066"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://linux.oracle.com/errata/ELSA-2014-1999.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3104"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3105"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1999.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mailx",
          "vendor": "BSD",
          "versions": [
            {
              "status": "affected",
              "version": "8.1.2 and earlier"
            }
          ]
        }
      ],
      "datePublic": "2004-10-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Metacharacters",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-14T16:13:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://seclists.org/oss-sec/2014/q4/1066"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://linux.oracle.com/errata/ELSA-2014-1999.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3104"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3105"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1999.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-7844",
    "datePublished": "2020-01-14T16:13:01",
    "dateReserved": "2014-10-03T00:00:00",
    "dateUpdated": "2024-08-06T13:03:27.517Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2004-2771 (GCVE-0-2004-2771)

Vulnerability from nvd – Published: 2014-12-24 18:00 – Updated: 2024-08-08 01:36
VLAI?
Summary
The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://linux.oracle.com/errata/ELSA-2014-1999.html x_refsource_CONFIRM
http://www.debian.org/security/2014/dsa-3105 vendor-advisoryx_refsource_DEBIAN
http://secunia.com/advisories/61693 third-party-advisoryx_refsource_SECUNIA
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… x_refsource_CONFIRM
http://seclists.org/oss-sec/2014/q4/1066 mailing-listx_refsource_MLIST
http://secunia.com/advisories/60940 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61585 third-party-advisoryx_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2014-1999.html vendor-advisoryx_refsource_REDHAT
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:36:25.354Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://linux.oracle.com/errata/ELSA-2014-1999.html"
          },
          {
            "name": "DSA-3105",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3105"
          },
          {
            "name": "61693",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61693"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748"
          },
          {
            "name": "[oss-security] 20141216 mailx issues (CVE-2004-2771, CVE-2014-7844)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2014/q4/1066"
          },
          {
            "name": "60940",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60940"
          },
          {
            "name": "61585",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61585"
          },
          {
            "name": "RHSA-2014:1999",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1999.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-10-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-12-24T17:57:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://linux.oracle.com/errata/ELSA-2014-1999.html"
        },
        {
          "name": "DSA-3105",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3105"
        },
        {
          "name": "61693",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61693"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748"
        },
        {
          "name": "[oss-security] 20141216 mailx issues (CVE-2004-2771, CVE-2014-7844)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2014/q4/1066"
        },
        {
          "name": "60940",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60940"
        },
        {
          "name": "61585",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61585"
        },
        {
          "name": "RHSA-2014:1999",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1999.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2004-2771",
    "datePublished": "2014-12-24T18:00:00",
    "dateReserved": "2012-01-04T00:00:00",
    "dateUpdated": "2024-08-08T01:36:25.354Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}