Vulnerabilites related to cvs - cvs
Vulnerability from fkie_nvd
Published
2000-10-20 04:00
Modified
2024-11-20 23:33
Severity ?
Summary
The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files.
Impacted products
Vendor Product Version
cvs cvs 1.10.8



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "62135DD0-140D-42C2-9302-31B5E2DE1A4A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files.",
      },
   ],
   id: "CVE-2000-0679",
   lastModified: "2024-11-20T23:33:02.963",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.1,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2000-10-20T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/1523",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/1523",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-08-06 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.
References
cve@mitre.orgftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc
cve@mitre.orgftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc
cve@mitre.orghttp://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html
cve@mitre.orghttp://marc.info/?l=bugtraq&m=108716553923643&w=2
cve@mitre.orghttp://security.e-matters.de/advisories/092004.html
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200406-06.xml
cve@mitre.orghttp://www.debian.org/security/2004/dsa-519Patch, Vendor Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2004:058
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-233.html
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10070
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A994
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc
af854a3a-2127-422b-91ae-364da2661108http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=108716553923643&w=2
af854a3a-2127-422b-91ae-364da2661108http://security.e-matters.de/advisories/092004.html
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200406-06.xml
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-519Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2004:058
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-233.html
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10070
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A994
Impacted products
Vendor Product Version
cvs cvs 1.10.7
cvs cvs 1.10.8
cvs cvs 1.11
cvs cvs 1.11.1
cvs cvs 1.11.1_p1
cvs cvs 1.11.2
cvs cvs 1.11.3
cvs cvs 1.11.4
cvs cvs 1.11.5
cvs cvs 1.11.6
cvs cvs 1.11.10
cvs cvs 1.11.11
cvs cvs 1.11.14
cvs cvs 1.11.15
cvs cvs 1.11.16
cvs cvs 1.12.1
cvs cvs 1.12.2
cvs cvs 1.12.5
cvs cvs 1.12.7
cvs cvs 1.12.8
openpkg openpkg *
openpkg openpkg 1.3
openpkg openpkg 2.0
sgi propack 2.4
sgi propack 3.0
gentoo linux 1.4
openbsd openbsd *
openbsd openbsd 3.4
openbsd openbsd 3.5



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "C9F7CA6E-7D45-46C9-A437-0D0C4D3F25CC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "62135DD0-140D-42C2-9302-31B5E2DE1A4A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "37B53C85-AA0E-40DD-B477-058586197714",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.1_p1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D1D1234F-1BB0-432B-B7B7-A97E3ADD5561",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "6D472B97-F7C2-4973-9D71-AB3CF1F8774D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D0DCF26-59A8-46AC-99D7-97C203A0D702",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B31BAACA-7518-48D2-ADEE-F59F4569D3BF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D2748A8-5047-4338-A08E-986497AE4B1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "525C4E91-2186-4D3A-9DF0-1C6A75A3F919",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB231E7F-1A6F-4A79-8ED2-F6CAD311A5A6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF7105E4-25F8-4AE3-9EDD-D44BF3E17145",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "7C22BAF3-7B9C-4B2E-B5C6-1F37B896C301",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "4AFFAE96-873A-4253-BCC7-1049DA81D9CA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "D1163535-583A-4504-BE7B-8919143CDF9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.12.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "766053F7-A174-4716-BF49-76B50FC79FD8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.12.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "C7D2623F-167A-4976-B757-DAC4CCFAFE64",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.12.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "FAEC4477-D040-450E-A850-8B03C937A600",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.12.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "2848AA51-9AF1-448D-955F-50B5203F7229",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.12.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "7B66BE64-E340-4777-B877-483FEAA66988",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openpkg:openpkg:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F74941A0-97CA-44D4-B55B-9224F051D40F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openpkg:openpkg:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "46B96764-9241-4586-9FA5-77D8D8EBE3BD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openpkg:openpkg:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "48A4B336-2D5B-4D9B-AA87-E5266FED05BD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0702A32E-E577-403C-B4D9-15037D7100A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "29DC217F-C257-4A3C-9CBD-08010C30BEC3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "65ED9D8C-604D-4B0B-A192-C0DA4D2E9AEB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CA3CDD3C-DBA6-4BA2-967D-AD746822F3CF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "9496279F-AB43-4B53-81A6-87C651ABC4BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BDA160D4-5CAB-44E7-880A-59DD98FEAD62",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de doble liberación en la cadena error_prog_name en CVS 1.12.x a 1.12.8, y 1.11.x a 1.11.16, puede permitir a atacantes remotos ejecutar código arbitrario.",
      },
   ],
   id: "CVE-2004-0416",
   lastModified: "2024-11-20T23:48:32.687",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: true,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-08-06T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc",
      },
      {
         source: "cve@mitre.org",
         url: "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=108716553923643&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://security.e-matters.de/advisories/092004.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://security.gentoo.org/glsa/glsa-200406-06.xml",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.debian.org/security/2004/dsa-519",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2004-233.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10070",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A994",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=108716553923643&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://security.e-matters.de/advisories/092004.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://security.gentoo.org/glsa/glsa-200406-06.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.debian.org/security/2004/dsa-519",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2004-233.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10070",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A994",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.
Impacted products
Vendor Product Version
cvs cvs 1.10.7
cvs cvs 1.10.8
cvs cvs 1.11
cvs cvs 1.11.1
cvs cvs 1.11.1_p1
cvs cvs 1.11.2
cvs cvs 1.11.3
cvs cvs 1.11.4
cvs cvs 1.11.5
cvs cvs 1.11.6
cvs cvs 1.11.10
cvs cvs 1.11.11
cvs cvs 1.11.14
cvs cvs 1.11.15
cvs cvs 1.11.16
cvs cvs 1.12.1
cvs cvs 1.12.2
cvs cvs 1.12.5
cvs cvs 1.12.7
cvs cvs 1.12.8
openpkg openpkg 1.3
openpkg openpkg 2.0
openpkg openpkg current
sgi propack 2.4
sgi propack 3.0
freebsd freebsd 1.1.5.1
freebsd freebsd 2.0
freebsd freebsd 2.0.5
freebsd freebsd 2.1.0
freebsd freebsd 2.1.5
freebsd freebsd 2.1.6
freebsd freebsd 2.1.6.1
freebsd freebsd 2.1.7.1
freebsd freebsd 2.2
freebsd freebsd 2.2.2
freebsd freebsd 2.2.3
freebsd freebsd 2.2.4
freebsd freebsd 2.2.5
freebsd freebsd 2.2.6
freebsd freebsd 2.2.8
freebsd freebsd 3.0
freebsd freebsd 3.0
freebsd freebsd 3.1
freebsd freebsd 3.2
freebsd freebsd 3.3
freebsd freebsd 3.4
freebsd freebsd 3.5
freebsd freebsd 3.5
freebsd freebsd 3.5.1
freebsd freebsd 3.5.1
freebsd freebsd 3.5.1
freebsd freebsd 4.0
freebsd freebsd 4.0
freebsd freebsd 4.0
freebsd freebsd 4.1
freebsd freebsd 4.1.1
freebsd freebsd 4.1.1
freebsd freebsd 4.1.1
freebsd freebsd 4.2
freebsd freebsd 4.2
freebsd freebsd 4.3
freebsd freebsd 4.3
freebsd freebsd 4.3
freebsd freebsd 4.3
freebsd freebsd 4.3
freebsd freebsd 4.4
freebsd freebsd 4.4
freebsd freebsd 4.4
freebsd freebsd 4.4
freebsd freebsd 4.5
freebsd freebsd 4.5
freebsd freebsd 4.5
freebsd freebsd 4.5
freebsd freebsd 4.5
freebsd freebsd 4.6
freebsd freebsd 4.6
freebsd freebsd 4.6
freebsd freebsd 4.6
freebsd freebsd 4.6
freebsd freebsd 4.6.2
freebsd freebsd 4.7
freebsd freebsd 4.7
freebsd freebsd 4.7
freebsd freebsd 4.7
freebsd freebsd 4.7
freebsd freebsd 4.8
freebsd freebsd 4.8
freebsd freebsd 4.8
freebsd freebsd 4.8
freebsd freebsd 4.9
freebsd freebsd 4.9
freebsd freebsd 4.9
freebsd freebsd 4.10
freebsd freebsd 4.10
freebsd freebsd 4.10
freebsd freebsd 5.0
freebsd freebsd 5.0
freebsd freebsd 5.0
freebsd freebsd 5.0
freebsd freebsd 5.1
freebsd freebsd 5.1
freebsd freebsd 5.1
freebsd freebsd 5.1
freebsd freebsd 5.1
freebsd freebsd 5.2
freebsd freebsd 5.2.1
freebsd freebsd 5.2.1
gentoo linux 1.4
openbsd openbsd 3.4
openbsd openbsd 3.5
openbsd openbsd current



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "C9F7CA6E-7D45-46C9-A437-0D0C4D3F25CC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "62135DD0-140D-42C2-9302-31B5E2DE1A4A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "37B53C85-AA0E-40DD-B477-058586197714",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.1_p1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D1D1234F-1BB0-432B-B7B7-A97E3ADD5561",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "6D472B97-F7C2-4973-9D71-AB3CF1F8774D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D0DCF26-59A8-46AC-99D7-97C203A0D702",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B31BAACA-7518-48D2-ADEE-F59F4569D3BF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D2748A8-5047-4338-A08E-986497AE4B1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "525C4E91-2186-4D3A-9DF0-1C6A75A3F919",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB231E7F-1A6F-4A79-8ED2-F6CAD311A5A6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF7105E4-25F8-4AE3-9EDD-D44BF3E17145",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "7C22BAF3-7B9C-4B2E-B5C6-1F37B896C301",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "4AFFAE96-873A-4253-BCC7-1049DA81D9CA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "D1163535-583A-4504-BE7B-8919143CDF9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.12.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "766053F7-A174-4716-BF49-76B50FC79FD8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.12.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "C7D2623F-167A-4976-B757-DAC4CCFAFE64",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.12.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "FAEC4477-D040-450E-A850-8B03C937A600",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.12.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "2848AA51-9AF1-448D-955F-50B5203F7229",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.12.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "7B66BE64-E340-4777-B877-483FEAA66988",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openpkg:openpkg:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "46B96764-9241-4586-9FA5-77D8D8EBE3BD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openpkg:openpkg:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "48A4B336-2D5B-4D9B-AA87-E5266FED05BD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openpkg:openpkg:current:*:*:*:*:*:*:*",
                     matchCriteriaId: "D342447B-5233-45FD-B1CF-8D84921402AD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0702A32E-E577-403C-B4D9-15037D7100A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "29DC217F-C257-4A3C-9CBD-08010C30BEC3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:1.1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C496B665-70DA-4B98-A5D1-E2935C0CE840",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1F098C1-D09E-49B4-9B51-E84B6C4EA6CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:2.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "34797660-41F5-4358-B70F-2A40DE48F182",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:2.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "27C9E23D-AB82-4AE1-873E-C5493BB96AA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:2.1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "4054D69F-596F-4EB4-BE9A-E2478343F55A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:2.1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "CA26ABBE-9973-45FA-9E9B-82170B751219",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:2.1.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7891202C-62AF-4590-9E5F-3514FDA2B38E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:2.1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "BF8F9B2F-E898-4F87-A245-32A41748587B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "183667CA-6DF1-4BFB-AE32-9ABF55B7283A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:2.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "EBDDEC3F-52EB-4E1E-84C4-B472600059EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:2.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "B58E02AE-38B4-466E-BF73-2F0B80AF7BA5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:2.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "3928D5CF-6FC0-434C-8A80-ABDBF346C2C9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:2.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "314BA420-4C74-4060-8ACE-D7A7C041CF2B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:2.2.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "2EAD7613-A5B3-4621-B981-290C7C6B8BA0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:2.2.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "D1CA3337-9BEE-49C5-9EDE-8CDBE5580537",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE38C50A-81FE-412E-9717-3672FAE6A6F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:3.0:releng:*:*:*:*:*:*",
                     matchCriteriaId: "A0A3F7B6-2878-40C0-B59C-EBA8D171D2F7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "263F3734-7076-4EA8-B4C0-F37CFC4E979E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0419DD66-FF66-48BC-AD3B-F6AFD0551E36",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C3518628-08E5-4AD7-AAF6-A4E38F1CDE2C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B982342C-1981-4C55-8044-AFE4D87623DF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "47E02BE6-4800-4940-B269-385B66AC5077",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:3.5:stable:*:*:*:*:*:*",
                     matchCriteriaId: "0EB09993-B837-4352-B09D-3656F62638A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:3.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7C283AD7-1C58-4CE8-A6CD-502FFE0B18BB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:3.5.1:release:*:*:*:*:*:*",
                     matchCriteriaId: "0361EA35-FBD7-4E8F-8625-C8100ED7BB7C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:3.5.1:stable:*:*:*:*:*:*",
                     matchCriteriaId: "29EAA113-2404-4ABB-826B-3AA2AA858D02",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D0A585A1-FF82-418F-90F8-072458DB7816",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.0:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "E3F7EB61-55A5-4776-B0E7-3508920A6CEA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.0:releng:*:*:*:*:*:*",
                     matchCriteriaId: "A442DE97-4485-4D95-B95D-58947585E455",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "AE31DFF8-06AB-489D-A0C5-509C090283B5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3BE1E3D8-2BB1-4FFA-9BC9-7AF347D26190",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.1.1:release:*:*:*:*:*:*",
                     matchCriteriaId: "1E8A6564-129A-4555-A5ED-6F65C56AE7B4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.1.1:stable:*:*:*:*:*:*",
                     matchCriteriaId: "237174A4-E030-4A0B-AD0B-5C463603EAA4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "DF49BF03-C25E-4737-84D5-892895C86C58",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.2:stable:*:*:*:*:*:*",
                     matchCriteriaId: "5D7F8F11-1869-40E2-8478-28B4E946D3CC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "D2019E0E-426B-43AF-8904-1B811AE171E8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.3:release:*:*:*:*:*:*",
                     matchCriteriaId: "9062BAB5-D437-49BE-A384-39F62434B70B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.3:release_p38:*:*:*:*:*:*",
                     matchCriteriaId: "3BA1504C-14FE-4C21-A801-944041F2946F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.3:releng:*:*:*:*:*:*",
                     matchCriteriaId: "21B69535-4FB6-4FAD-AAA6-C790FF82EFAF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.3:stable:*:*:*:*:*:*",
                     matchCriteriaId: "6E53C673-9D6D-42C8-A502-033E1FC28D97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "55C5FC1A-1253-4390-A4FC-573BB14EA937",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.4:release_p42:*:*:*:*:*:*",
                     matchCriteriaId: "6F4AC452-6042-409D-8673-ACAD108EE3B5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.4:releng:*:*:*:*:*:*",
                     matchCriteriaId: "2FE1009B-371A-48E2-A456-935A1F0B7D0D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.4:stable:*:*:*:*:*:*",
                     matchCriteriaId: "C844A170-B5A7-4703-AF3B-67366D44EA8B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "44308D13-D935-4FF8-AB52-F0E115ED1AD2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.5:release:*:*:*:*:*:*",
                     matchCriteriaId: "3D41CB12-7894-4D25-80EC-23C56171D973",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.5:release_p32:*:*:*:*:*:*",
                     matchCriteriaId: "9BCD9C12-EDAB-473F-9CC5-04F06B413720",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.5:releng:*:*:*:*:*:*",
                     matchCriteriaId: "58EBC5C8-5CA8-4881-A036-179FDEBA3CA4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.5:stable:*:*:*:*:*:*",
                     matchCriteriaId: "09789843-6A1A-4CDB-97E8-89E82B79DDB5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "9C001822-FDF8-497C-AC2C-B59A00E9ACD2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.6:release:*:*:*:*:*:*",
                     matchCriteriaId: "118211EF-CED7-4EB5-9669-F54C8169D4AE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.6:release_p20:*:*:*:*:*:*",
                     matchCriteriaId: "58288F0F-B4CE-445C-AD93-DA73E3AD6FC3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.6:releng:*:*:*:*:*:*",
                     matchCriteriaId: "CC96FBA9-6A65-4CC7-BE68-ADAF450ABE21",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.6:stable:*:*:*:*:*:*",
                     matchCriteriaId: "9A405AE2-ECC4-4BB0-80DD-4736394FB217",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4AB4AD26-6AF2-4F3A-B602-F231FAABA73E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "B86C77AB-B8FF-4376-9B4E-C88417396F3D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.7:release:*:*:*:*:*:*",
                     matchCriteriaId: "E5612FB0-8403-4A7E-B89A-D7BDFAC00078",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.7:release_p17:*:*:*:*:*:*",
                     matchCriteriaId: "FA699BB4-94AA-40E6-A6B6-33E3D416CDA7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.7:releng:*:*:*:*:*:*",
                     matchCriteriaId: "AFDA151E-E614-4A24-A34D-B6D5309110CC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.7:stable:*:*:*:*:*:*",
                     matchCriteriaId: "A7818E11-1BEB-4DAA-BA7A-A278454BA4B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "441BE3A0-20F4-4972-B279-19B3DB5FA14D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.8:pre-release:*:*:*:*:*:*",
                     matchCriteriaId: "09BFA20B-2F31-4246-8F74-63DF1DB884EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.8:release_p6:*:*:*:*:*:*",
                     matchCriteriaId: "5F3B4BA2-8A61-4F9A-8E46-7FA80E7F5514",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.8:releng:*:*:*:*:*:*",
                     matchCriteriaId: "2D33C6EF-DBE1-4943-83E4-1F10670DAC6E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "00EAEA17-033A-4A50-8E39-D61154876D2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.9:pre-release:*:*:*:*:*:*",
                     matchCriteriaId: "4AE93D3D-34B4-47B7-A784-61F4479FF5A2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.9:releng:*:*:*:*:*:*",
                     matchCriteriaId: "E6288144-0CD7-45B6-B5A7-09B1DF14FBE8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "9FFD9D1C-A459-47AD-BC62-15631417A32F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.10:release:*:*:*:*:*:*",
                     matchCriteriaId: "4ECDEC87-0132-46B6-BD9B-A94F9B669EAA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.10:releng:*:*:*:*:*:*",
                     matchCriteriaId: "43E84296-9B5C-4623-A2C4-431D76FC2765",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "61EBA52A-2D8B-4FB5-866E-AE67CE1842E7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:5.0:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "3B13D898-C1B6-44B9-8432-7DDB8A380E9E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:5.0:release_p14:*:*:*:*:*:*",
                     matchCriteriaId: "51A612F6-E4EB-4E34-8F55-79E16C74758E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:5.0:releng:*:*:*:*:*:*",
                     matchCriteriaId: "5C19B266-8FE7-49ED-8678-2D522257491D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "4EE93350-92E6-4F5C-A14C-9993CFFDBCD4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:5.1:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "15C4D826-A419-45F5-B91C-1445DB480916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:5.1:release:*:*:*:*:*:*",
                     matchCriteriaId: "0D9F2B04-A1F2-4788-A53D-C8274A758DDA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:5.1:release_p5:*:*:*:*:*:*",
                     matchCriteriaId: "FEC7B38F-C6FB-4213-AE18-2D039A4D8E7A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:5.1:releng:*:*:*:*:*:*",
                     matchCriteriaId: "9A5309ED-D84F-4F52-9864-5B0FEEEE5022",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "DD7C441E-444B-4DF5-8491-86805C70FB99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:5.2.1:release:*:*:*:*:*:*",
                     matchCriteriaId: "C9CCE8F3-84EE-4571-8AAA-BF2D132E9BD4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:5.2.1:releng:*:*:*:*:*:*",
                     matchCriteriaId: "8E4BC012-ADE4-468F-9A25-261CD8055694",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "65ED9D8C-604D-4B0B-A192-C0DA4D2E9AEB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "9496279F-AB43-4B53-81A6-87C651ABC4BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BDA160D4-5CAB-44E7-880A-59DD98FEAD62",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:openbsd:openbsd:current:*:*:*:*:*:*:*",
                     matchCriteriaId: "0370727F-1E37-4B82-8969-A2AC644632E8",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.",
      },
   ],
   evaluatorImpact: "Failed exploit attempts will likely cause a denial of service condition.",
   id: "CVE-2004-1471",
   lastModified: "2024-11-20T23:50:57.937",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.1,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:H/Au:S/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 10,
            obtainAllPrivilege: true,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-12-31T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:14.cvs.asc",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://security.e-matters.de/advisories/092004.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/10499",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16365",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:14.cvs.asc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://security.e-matters.de/advisories/092004.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/10499",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16365",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-06-01 04:00
Modified
2024-11-20 23:47
Severity ?
Summary
The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405.
References
cve@mitre.orgftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.ascPatch, Vendor Advisory
cve@mitre.orgftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch
cve@mitre.orgftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc
cve@mitre.orghttp://marc.info/?l=bugtraq&m=108636445031613&w=2
cve@mitre.orghttp://secunia.com/advisories/11368
cve@mitre.orghttp://secunia.com/advisories/11371
cve@mitre.orghttp://secunia.com/advisories/11374
cve@mitre.orghttp://secunia.com/advisories/11375
cve@mitre.orghttp://secunia.com/advisories/11377
cve@mitre.orghttp://secunia.com/advisories/11380
cve@mitre.orghttp://secunia.com/advisories/11391
cve@mitre.orghttp://secunia.com/advisories/11400
cve@mitre.orghttp://secunia.com/advisories/11405
cve@mitre.orghttp://secunia.com/advisories/11548
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200404-13.xml
cve@mitre.orghttp://www.debian.org/security/2004/dsa-486Patch, Vendor Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2004:028
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-153.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-154.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.400181
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/15864
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1042
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9462
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.ascPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=108636445031613&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/11368
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/11371
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/11374
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/11375
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/11377
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/11380
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/11391
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/11400
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/11405
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/11548
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200404-13.xml
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-486Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2004:028
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-153.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-154.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.400181
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/15864
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1042
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9462
Impacted products
Vendor Product Version
cvs cvs *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3F6FCAEE-A0CB-4D8C-A160-F7A1247E9A64",
                     versionEndIncluding: "1.10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405.",
      },
   ],
   id: "CVE-2004-0180",
   lastModified: "2024-11-20T23:47:56.730",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.6,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 4.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2004-06-01T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc",
      },
      {
         source: "cve@mitre.org",
         url: "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch",
      },
      {
         source: "cve@mitre.org",
         url: "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=108636445031613&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/11368",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/11371",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/11374",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/11375",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/11377",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/11380",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/11391",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/11400",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/11405",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/11548",
      },
      {
         source: "cve@mitre.org",
         url: "http://security.gentoo.org/glsa/glsa-200404-13.xml",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.debian.org/security/2004/dsa-486",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:028",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2004-153.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2004-154.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.400181",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15864",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1042",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9462",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=108636445031613&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/11368",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/11371",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/11374",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/11375",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/11377",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/11380",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/11391",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/11400",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/11405",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/11548",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://security.gentoo.org/glsa/glsa-200404-13.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.debian.org/security/2004/dsa-486",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:028",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2004-153.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2004-154.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.400181",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15864",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1042",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9462",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2000-10-20 04:00
Modified
2024-11-20 23:33
Severity ?
Summary
The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action.
Impacted products
Vendor Product Version
cvs cvs 1.10.8



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "62135DD0-140D-42C2-9302-31B5E2DE1A4A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action.",
      },
   ],
   id: "CVE-2000-0680",
   lastModified: "2024-11-20T23:33:03.103",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.2,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 10,
            obtainAllPrivilege: true,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2000-10-20T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/1524",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/1524",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash).
Impacted products
Vendor Product Version
cvs cvs 1.10
cvs cvs 1.10.6
cvs cvs 1.10.7
cvs cvs 1.10.8
cvs cvs 1.11
cvs cvs 1.11.1
cvs cvs 1.11.1_p1
cvs cvs 1.11.2
cvs cvs 1.11.3
cvs cvs 1.11.4
cvs cvs 1.11.5
cvs cvs 1.11.6
cvs cvs 1.11.10
cvs cvs 1.11.11
cvs cvs 1.11.14
cvs cvs 1.11.15
cvs cvs 1.11.16
cvs cvs 1.12



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "BEA94DE3-B1DA-40CC-BD60-291B0563500F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.10.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "A305C6F7-35DA-48E2-B345-14671629226D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "C9F7CA6E-7D45-46C9-A437-0D0C4D3F25CC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "62135DD0-140D-42C2-9302-31B5E2DE1A4A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "37B53C85-AA0E-40DD-B477-058586197714",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.1_p1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D1D1234F-1BB0-432B-B7B7-A97E3ADD5561",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "6D472B97-F7C2-4973-9D71-AB3CF1F8774D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D0DCF26-59A8-46AC-99D7-97C203A0D702",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B31BAACA-7518-48D2-ADEE-F59F4569D3BF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D2748A8-5047-4338-A08E-986497AE4B1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "525C4E91-2186-4D3A-9DF0-1C6A75A3F919",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB231E7F-1A6F-4A79-8ED2-F6CAD311A5A6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF7105E4-25F8-4AE3-9EDD-D44BF3E17145",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "7C22BAF3-7B9C-4B2E-B5C6-1F37B896C301",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "4AFFAE96-873A-4253-BCC7-1049DA81D9CA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "D1163535-583A-4504-BE7B-8919143CDF9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "36BFAB00-58EA-43B7-93FB-874EF4104C5B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash).",
      },
   ],
   id: "CVE-2004-1343",
   lastModified: "2024-11-20T23:50:39.053",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-12-31T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.debian.org/security/2005/dsa-715",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.debian.org/security/2005/dsa-715",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-04-18 04:00
Modified
2024-11-20 23:55
Severity ?
Summary
Buffer overflow in CVS before 1.11.20 allows remote attackers to execute arbitrary code.
References
secalert@redhat.comhttp://bugs.gentoo.org/attachment.cgi?id=54352&action=viewVendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/14976/Patch, Vendor Advisory
secalert@redhat.comhttp://www.debian.org/security/2005/dsa-742
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200504-16.xmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2005_24_cvs.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-387.htmlPatch, Vendor Advisory
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/20148
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9688
af854a3a-2127-422b-91ae-364da2661108http://bugs.gentoo.org/attachment.cgi?id=54352&action=viewVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/14976/Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2005/dsa-742
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200504-16.xmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2005_24_cvs.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-387.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/20148
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9688
Impacted products
Vendor Product Version
cvs cvs 1.10
cvs cvs 1.10.6
cvs cvs 1.10.7
cvs cvs 1.10.8
cvs cvs 1.11
cvs cvs 1.11.1
cvs cvs 1.11.1_p1
cvs cvs 1.11.2
cvs cvs 1.11.3
cvs cvs 1.11.4
cvs cvs 1.11.5
cvs cvs 1.11.6
cvs cvs 1.11.10
cvs cvs 1.11.11
cvs cvs 1.11.14
cvs cvs 1.11.15
cvs cvs 1.11.16



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "BEA94DE3-B1DA-40CC-BD60-291B0563500F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.10.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "A305C6F7-35DA-48E2-B345-14671629226D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "C9F7CA6E-7D45-46C9-A437-0D0C4D3F25CC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "62135DD0-140D-42C2-9302-31B5E2DE1A4A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "37B53C85-AA0E-40DD-B477-058586197714",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.1_p1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D1D1234F-1BB0-432B-B7B7-A97E3ADD5561",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "6D472B97-F7C2-4973-9D71-AB3CF1F8774D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D0DCF26-59A8-46AC-99D7-97C203A0D702",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B31BAACA-7518-48D2-ADEE-F59F4569D3BF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D2748A8-5047-4338-A08E-986497AE4B1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "525C4E91-2186-4D3A-9DF0-1C6A75A3F919",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB231E7F-1A6F-4A79-8ED2-F6CAD311A5A6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF7105E4-25F8-4AE3-9EDD-D44BF3E17145",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "7C22BAF3-7B9C-4B2E-B5C6-1F37B896C301",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "4AFFAE96-873A-4253-BCC7-1049DA81D9CA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "D1163535-583A-4504-BE7B-8919143CDF9F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Buffer overflow in CVS before 1.11.20 allows remote attackers to execute arbitrary code.",
      },
   ],
   id: "CVE-2005-0753",
   lastModified: "2024-11-20T23:55:49.790",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: true,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-04-18T04:00:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://bugs.gentoo.org/attachment.cgi?id=54352&action=view",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14976/",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2005/dsa-742",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200504-16.xml",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.novell.com/linux/security/advisories/2005_24_cvs.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-387.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20148",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9688",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://bugs.gentoo.org/attachment.cgi?id=54352&action=view",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14976/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2005/dsa-742",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200504-16.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.novell.com/linux/security/advisories/2005_24_cvs.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-387.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20148",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9688",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-08-26 15:50
Modified
2024-11-21 00:00
Severity ?
Summary
cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack.
References
secalert@redhat.comftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:20.cvsbug.asc
secalert@redhat.comhttp://secunia.com/advisories/16765
secalert@redhat.comhttp://securitytracker.com/id?1014857
secalert@redhat.comhttp://www.debian.org/security/2005/dsa-802
secalert@redhat.comhttp://www.debian.org/security/2005/dsa-806
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-756.html
secalert@redhat.comhttp://www.vupen.com/english/advisories/2005/1667
secalert@redhat.comhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166366Patch
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10835
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:20.cvsbug.asc
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/16765
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1014857
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2005/dsa-802
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2005/dsa-806
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-756.html
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/1667
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166366Patch
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10835
Impacted products
Vendor Product Version
cvs cvs 1.12.12



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.12.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "172E2DD8-4493-486E-AE72-A19ED2BE5EDA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack.",
      },
   ],
   id: "CVE-2005-2693",
   lastModified: "2024-11-21T00:00:10.097",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.6,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: true,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-08-26T15:50:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:20.cvsbug.asc",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/16765",
      },
      {
         source: "secalert@redhat.com",
         url: "http://securitytracker.com/id?1014857",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2005/dsa-802",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2005/dsa-806",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-756.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.vupen.com/english/advisories/2005/1667",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166366",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10835",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:20.cvsbug.asc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/16765",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1014857",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2005/dsa-802",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2005/dsa-806",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-756.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2005/1667",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166366",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10835",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vendorComments: [
      {
         comment: "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
         lastModified: "2007-03-14T00:00:00",
         organization: "Red Hat",
      },
   ],
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2012-05-29 20:55
Modified
2024-11-21 01:35
Severity ?
Summary
Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.
References
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2012-02/msg00064.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-0321.html
secalert@redhat.comhttp://secunia.com/advisories/47869Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/48063Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/48142Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/48150
secalert@redhat.comhttp://ubuntu.com/usn/usn-1371-1
secalert@redhat.comhttp://www.debian.org/security/2012/dsa-2407
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:044
secalert@redhat.comhttp://www.osvdb.org/78987
secalert@redhat.comhttp://www.securityfocus.com/bid/51943
secalert@redhat.comhttp://www.securitytracker.com/id?1026719
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=784141
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/73097
secalert@redhat.comhttps://security.gentoo.org/glsa/201701-44
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2012-02/msg00064.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-0321.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/47869Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48063Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48142Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48150
af854a3a-2127-422b-91ae-364da2661108http://ubuntu.com/usn/usn-1371-1
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2012/dsa-2407
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2012:044
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/78987
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/51943
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1026719
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=784141
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/73097
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201701-44
Impacted products
Vendor Product Version
cvs cvs 1.11
cvs cvs 1.12



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "36BFAB00-58EA-43B7-93FB-874EF4104C5B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.",
      },
      {
         lang: "es",
         value: "Desbordamiento de búfer basado en memoria dinámica  en la funcion proxy_connect en src/client.c en CVS v1.11 y v1.12 permite a los servidores proxy HTTP remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de una respuesta HTTP manipulada.",
      },
   ],
   id: "CVE-2012-0804",
   lastModified: "2024-11-21T01:35:45.457",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2012-05-29T20:55:06.867",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-updates/2012-02/msg00064.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2012-0321.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/47869",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/48063",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/48142",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/48150",
      },
      {
         source: "secalert@redhat.com",
         url: "http://ubuntu.com/usn/usn-1371-1",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2012/dsa-2407",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:044",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.osvdb.org/78987",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/51943",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securitytracker.com/id?1026719",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=784141",
      },
      {
         source: "secalert@redhat.com",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/73097",
      },
      {
         source: "secalert@redhat.com",
         url: "https://security.gentoo.org/glsa/201701-44",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-updates/2012-02/msg00064.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2012-0321.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/47869",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/48063",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/48142",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/48150",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://ubuntu.com/usn/usn-1371-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2012/dsa-2407",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:044",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.osvdb.org/78987",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/51943",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id?1026719",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=784141",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/73097",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201701-44",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-08-06 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.
References
cve@mitre.orgftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc
cve@mitre.orgftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc
cve@mitre.orghttp://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html
cve@mitre.orghttp://marc.info/?l=bugtraq&m=108716553923643&w=2
cve@mitre.orghttp://security.e-matters.de/advisories/092004.html
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200406-06.xmlVendor Advisory
cve@mitre.orghttp://www.debian.org/security/2004/dsa-517Patch, Vendor Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2004:058
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-233.html
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10575
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A993
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc
af854a3a-2127-422b-91ae-364da2661108http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=108716553923643&w=2
af854a3a-2127-422b-91ae-364da2661108http://security.e-matters.de/advisories/092004.html
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200406-06.xmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-517Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2004:058
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-233.html
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10575
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A993
Impacted products
Vendor Product Version
cvs cvs 1.10.7
cvs cvs 1.10.8
cvs cvs 1.11
cvs cvs 1.11.1
cvs cvs 1.11.1_p1
cvs cvs 1.11.2
cvs cvs 1.11.3
cvs cvs 1.11.4
cvs cvs 1.11.5
cvs cvs 1.11.6
cvs cvs 1.11.10
cvs cvs 1.11.11
cvs cvs 1.11.14
cvs cvs 1.11.15
cvs cvs 1.11.16
cvs cvs 1.12.1
cvs cvs 1.12.2
cvs cvs 1.12.5
cvs cvs 1.12.7
cvs cvs 1.12.8
openpkg openpkg *
openpkg openpkg 1.3
openpkg openpkg 2.0
sgi propack 2.4
sgi propack 3.0
gentoo linux 1.4
openbsd openbsd *
openbsd openbsd 3.4
openbsd openbsd 3.5



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "C9F7CA6E-7D45-46C9-A437-0D0C4D3F25CC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "62135DD0-140D-42C2-9302-31B5E2DE1A4A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "37B53C85-AA0E-40DD-B477-058586197714",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.1_p1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D1D1234F-1BB0-432B-B7B7-A97E3ADD5561",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "6D472B97-F7C2-4973-9D71-AB3CF1F8774D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D0DCF26-59A8-46AC-99D7-97C203A0D702",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B31BAACA-7518-48D2-ADEE-F59F4569D3BF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D2748A8-5047-4338-A08E-986497AE4B1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "525C4E91-2186-4D3A-9DF0-1C6A75A3F919",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB231E7F-1A6F-4A79-8ED2-F6CAD311A5A6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF7105E4-25F8-4AE3-9EDD-D44BF3E17145",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "7C22BAF3-7B9C-4B2E-B5C6-1F37B896C301",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "4AFFAE96-873A-4253-BCC7-1049DA81D9CA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "D1163535-583A-4504-BE7B-8919143CDF9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.12.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "766053F7-A174-4716-BF49-76B50FC79FD8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.12.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "C7D2623F-167A-4976-B757-DAC4CCFAFE64",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.12.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "FAEC4477-D040-450E-A850-8B03C937A600",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.12.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "2848AA51-9AF1-448D-955F-50B5203F7229",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.12.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "7B66BE64-E340-4777-B877-483FEAA66988",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openpkg:openpkg:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F74941A0-97CA-44D4-B55B-9224F051D40F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openpkg:openpkg:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "46B96764-9241-4586-9FA5-77D8D8EBE3BD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openpkg:openpkg:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "48A4B336-2D5B-4D9B-AA87-E5266FED05BD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0702A32E-E577-403C-B4D9-15037D7100A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "29DC217F-C257-4A3C-9CBD-08010C30BEC3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "65ED9D8C-604D-4B0B-A192-C0DA4D2E9AEB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CA3CDD3C-DBA6-4BA2-967D-AD746822F3CF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "9496279F-AB43-4B53-81A6-87C651ABC4BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BDA160D4-5CAB-44E7-880A-59DD98FEAD62",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed \"Entry\" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.",
      },
      {
         lang: "es",
         value: "CVS 1.12.z a 1.12.8, y 1.11.x a 1.11.16, no maneja adecuadamente líneas \"Entry\" malformadas, lo que impide que un terminador NULL sea usado y puede conducir a una denegación de servicio (caída), modificación de datos de programa críticos, o ejecución de código arbitrario.",
      },
   ],
   id: "CVE-2004-0414",
   lastModified: "2024-11-20T23:48:32.330",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: true,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-08-06T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc",
      },
      {
         source: "cve@mitre.org",
         url: "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=108716553923643&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://security.e-matters.de/advisories/092004.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://security.gentoo.org/glsa/glsa-200406-06.xml",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.debian.org/security/2004/dsa-517",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2004-233.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10575",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A993",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=108716553923643&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://security.e-matters.de/advisories/092004.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://security.gentoo.org/glsa/glsa-200406-06.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.debian.org/security/2004/dsa-517",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2004-233.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10575",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A993",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-06-01 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180.
References
cve@mitre.orgftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.ascPatch, Vendor Advisory
cve@mitre.orgftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.ascPatch, Vendor Advisory
cve@mitre.orghttp://marc.info/?l=bugtraq&m=108636445031613&w=2
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200404-13.xml
cve@mitre.orghttp://www.debian.org/security/2004/dsa-486Patch, Vendor Advisory
cve@mitre.orghttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.400181
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/15891
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1060
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10818
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.ascPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.ascPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=108636445031613&w=2
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200404-13.xml
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-486Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.400181
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/15891
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1060
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10818
Impacted products
Vendor Product Version
cvs cvs *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3F6FCAEE-A0CB-4D8C-A160-F7A1247E9A64",
                     versionEndIncluding: "1.10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180.",
      },
   ],
   id: "CVE-2004-0405",
   lastModified: "2024-11-20T23:48:31.147",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-06-01T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=108636445031613&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://security.gentoo.org/glsa/glsa-200404-13.xml",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.debian.org/security/2004/dsa-486",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.400181",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15891",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1060",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10818",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=108636445031613&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://security.gentoo.org/glsa/glsa-200404-13.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.debian.org/security/2004/dsa-486",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.400181",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15891",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1060",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10818",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-01-05 05:00
Modified
2024-11-20 23:46
Severity ?
Summary
CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.
References
cve@mitre.orgftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc
cve@mitre.orgftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
cve@mitre.orghttp://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1Patch
cve@mitre.orghttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000808
cve@mitre.orghttp://marc.info/?l=bugtraq&m=107168035515554&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=107540163908129&w=2
cve@mitre.orghttp://secunia.com/advisories/10601
cve@mitre.orghttp://www.debian.org/security/2004/dsa-422Patch, Vendor Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2003:112
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-003.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-004.html
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/13929
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
af854a3a-2127-422b-91ae-364da2661108http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1Patch
af854a3a-2127-422b-91ae-364da2661108http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000808
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=107168035515554&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=107540163908129&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/10601
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-422Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2003:112
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-003.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-004.html
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/13929
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866
Impacted products
Vendor Product Version
cvs cvs 1.10.7
cvs cvs 1.10.8
cvs cvs 1.11
cvs cvs 1.11.1
cvs cvs 1.11.1_p1
cvs cvs 1.11.2
cvs cvs 1.11.3
cvs cvs 1.11.4
cvs cvs 1.11.5
cvs cvs 1.11.6
slackware slackware_linux 8.1
slackware slackware_linux 9.0
slackware slackware_linux 9.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "C9F7CA6E-7D45-46C9-A437-0D0C4D3F25CC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "62135DD0-140D-42C2-9302-31B5E2DE1A4A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "37B53C85-AA0E-40DD-B477-058586197714",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.1_p1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D1D1234F-1BB0-432B-B7B7-A97E3ADD5561",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "6D472B97-F7C2-4973-9D71-AB3CF1F8774D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D0DCF26-59A8-46AC-99D7-97C203A0D702",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B31BAACA-7518-48D2-ADEE-F59F4569D3BF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D2748A8-5047-4338-A08E-986497AE4B1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "525C4E91-2186-4D3A-9DF0-1C6A75A3F919",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "57F41B40-75E6-45C8-A5FB-8464C0B2D064",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "300A6A65-05FD-401C-80F6-B5F5B1F056E0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA3D53C9-3806-45E6-8AE9-7D41280EF64C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad desconocida en servidores CVS anteriores a 1.11.10 puede permitir a atacantes causar que el servidor CVS cree directorios y ficheros en el directorio raíz del sistema de ficheros.",
      },
   ],
   id: "CVE-2003-0977",
   lastModified: "2024-11-20T23:46:01.820",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: true,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-01-05T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc",
      },
      {
         source: "cve@mitre.org",
         url: "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1",
      },
      {
         source: "cve@mitre.org",
         url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000808",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=107168035515554&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=107540163908129&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/10601",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.debian.org/security/2004/dsa-422",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2003:112",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2004-003.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2004-004.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/13929",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000808",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=107168035515554&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=107540163908129&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/10601",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.debian.org/security/2004/dsa-422",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2003:112",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2004-003.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2004-004.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/13929",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-06-14 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.
References
cve@mitre.orgftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-008.txt.asc
cve@mitre.orgftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc
cve@mitre.orghttp://archives.neohapsis.com/archives/fulldisclosure/2004-05/0980.html
cve@mitre.orghttp://cert.uni-stuttgart.de/archive/bugtraq/2004/05/msg00219.html
cve@mitre.orghttp://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021742.html
cve@mitre.orghttp://marc.info/?l=bugtraq&m=108498454829020&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=108500040719512&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=108636445031613&w=2
cve@mitre.orghttp://marc.info/?l=openbsd-security-announce&m=108508894405639&w=2
cve@mitre.orghttp://secunia.com/advisories/11641
cve@mitre.orghttp://secunia.com/advisories/11647
cve@mitre.orghttp://secunia.com/advisories/11651
cve@mitre.orghttp://secunia.com/advisories/11652
cve@mitre.orghttp://secunia.com/advisories/11674
cve@mitre.orghttp://security.e-matters.de/advisories/072004.html
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200405-12.xml
cve@mitre.orghttp://www.ciac.org/ciac/bulletins/o-147.shtml
cve@mitre.orghttp://www.debian.org/security/2004/dsa-505Patch, Vendor Advisory
cve@mitre.orghttp://www.kb.cert.org/vuls/id/192038Patch, Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2004:048
cve@mitre.orghttp://www.osvdb.org/6305
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-190.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/10384
cve@mitre.orghttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.395865
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA04-147A.htmlUS Government Resource
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/16193
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9058
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A970
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-008.txt.asc
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0980.html
af854a3a-2127-422b-91ae-364da2661108http://cert.uni-stuttgart.de/archive/bugtraq/2004/05/msg00219.html
af854a3a-2127-422b-91ae-364da2661108http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021742.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=108498454829020&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=108500040719512&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=108636445031613&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=openbsd-security-announce&m=108508894405639&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/11641
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/11647
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/11651
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/11652
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/11674
af854a3a-2127-422b-91ae-364da2661108http://security.e-matters.de/advisories/072004.html
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200405-12.xml
af854a3a-2127-422b-91ae-364da2661108http://www.ciac.org/ciac/bulletins/o-147.shtml
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-505Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/192038Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2004:048
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/6305
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-190.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/10384
af854a3a-2127-422b-91ae-364da2661108http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.395865
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA04-147A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/16193
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9058
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A970
Impacted products
Vendor Product Version
cvs cvs 1.11
cvs cvs 1.12



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "36BFAB00-58EA-43B7-93FB-874EF4104C5B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.",
      },
      {
         lang: "es",
         value: "Desbordamiento basado en la pila en CVS 1.11.X a 1.11.5 y 1.12. a 1.12.7, cuando se usa el mecanismo pserver, permite a atacantes remotos ejecutar código arbitrario mediante lineas de Entradas.",
      },
   ],
   id: "CVE-2004-0396",
   lastModified: "2024-11-20T23:48:29.723",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: true,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-06-14T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-008.txt.asc",
      },
      {
         source: "cve@mitre.org",
         url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc",
      },
      {
         source: "cve@mitre.org",
         url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0980.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://cert.uni-stuttgart.de/archive/bugtraq/2004/05/msg00219.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021742.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=108498454829020&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=108500040719512&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=108636445031613&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=openbsd-security-announce&m=108508894405639&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/11641",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/11647",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/11651",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/11652",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/11674",
      },
      {
         source: "cve@mitre.org",
         url: "http://security.e-matters.de/advisories/072004.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://security.gentoo.org/glsa/glsa-200405-12.xml",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.ciac.org/ciac/bulletins/o-147.shtml",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.debian.org/security/2004/dsa-505",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/192038",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:048",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.osvdb.org/6305",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2004-190.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/10384",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.395865",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.us-cert.gov/cas/techalerts/TA04-147A.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16193",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9058",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A970",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-008.txt.asc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0980.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://cert.uni-stuttgart.de/archive/bugtraq/2004/05/msg00219.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021742.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=108498454829020&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=108500040719512&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=108636445031613&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=openbsd-security-announce&m=108508894405639&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/11641",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/11647",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/11651",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/11652",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/11674",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://security.e-matters.de/advisories/072004.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://security.gentoo.org/glsa/glsa-200405-12.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ciac.org/ciac/bulletins/o-147.shtml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.debian.org/security/2004/dsa-505",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/192038",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:048",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.osvdb.org/6305",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2004-190.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/10384",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.395865",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.us-cert.gov/cas/techalerts/TA04-147A.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16193",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9058",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A970",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-08-06 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.
References
cve@mitre.orgftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc
cve@mitre.orgftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc
cve@mitre.orghttp://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html
cve@mitre.orghttp://marc.info/?l=bugtraq&m=108716553923643&w=2
cve@mitre.orghttp://security.e-matters.de/advisories/092004.html
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200406-06.xmlVendor Advisory
cve@mitre.orghttp://www.debian.org/security/2004/dsa-519Patch, Vendor Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2004:058
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-233.html
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1003
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11242
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc
af854a3a-2127-422b-91ae-364da2661108http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=108716553923643&w=2
af854a3a-2127-422b-91ae-364da2661108http://security.e-matters.de/advisories/092004.html
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200406-06.xmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-519Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2004:058
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-233.html
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1003
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11242
Impacted products
Vendor Product Version
cvs cvs 1.10.7
cvs cvs 1.10.8
cvs cvs 1.11
cvs cvs 1.11.1
cvs cvs 1.11.1_p1
cvs cvs 1.11.2
cvs cvs 1.11.3
cvs cvs 1.11.4
cvs cvs 1.11.5
cvs cvs 1.11.6
cvs cvs 1.11.10
cvs cvs 1.11.11
cvs cvs 1.11.14
cvs cvs 1.11.15
cvs cvs 1.11.16
cvs cvs 1.12.1
cvs cvs 1.12.2
cvs cvs 1.12.5
cvs cvs 1.12.7
cvs cvs 1.12.8
openpkg openpkg *
openpkg openpkg 1.3
openpkg openpkg 2.0
sgi propack 2.4
sgi propack 3.0
gentoo linux 1.4
openbsd openbsd *
openbsd openbsd 3.4
openbsd openbsd 3.5



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "C9F7CA6E-7D45-46C9-A437-0D0C4D3F25CC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "62135DD0-140D-42C2-9302-31B5E2DE1A4A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "37B53C85-AA0E-40DD-B477-058586197714",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.1_p1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D1D1234F-1BB0-432B-B7B7-A97E3ADD5561",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "6D472B97-F7C2-4973-9D71-AB3CF1F8774D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D0DCF26-59A8-46AC-99D7-97C203A0D702",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B31BAACA-7518-48D2-ADEE-F59F4569D3BF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D2748A8-5047-4338-A08E-986497AE4B1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "525C4E91-2186-4D3A-9DF0-1C6A75A3F919",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB231E7F-1A6F-4A79-8ED2-F6CAD311A5A6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF7105E4-25F8-4AE3-9EDD-D44BF3E17145",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "7C22BAF3-7B9C-4B2E-B5C6-1F37B896C301",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "4AFFAE96-873A-4253-BCC7-1049DA81D9CA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "D1163535-583A-4504-BE7B-8919143CDF9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.12.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "766053F7-A174-4716-BF49-76B50FC79FD8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.12.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "C7D2623F-167A-4976-B757-DAC4CCFAFE64",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.12.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "FAEC4477-D040-450E-A850-8B03C937A600",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.12.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "2848AA51-9AF1-448D-955F-50B5203F7229",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.12.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "7B66BE64-E340-4777-B877-483FEAA66988",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openpkg:openpkg:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F74941A0-97CA-44D4-B55B-9224F051D40F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openpkg:openpkg:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "46B96764-9241-4586-9FA5-77D8D8EBE3BD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openpkg:openpkg:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "48A4B336-2D5B-4D9B-AA87-E5266FED05BD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0702A32E-E577-403C-B4D9-15037D7100A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "29DC217F-C257-4A3C-9CBD-08010C30BEC3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "65ED9D8C-604D-4B0B-A192-C0DA4D2E9AEB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CA3CDD3C-DBA6-4BA2-967D-AD746822F3CF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "9496279F-AB43-4B53-81A6-87C651ABC4BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BDA160D4-5CAB-44E7-880A-59DD98FEAD62",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an \"out-of-bounds\" write for a single byte to execute arbitrary code or modify critical program data.",
      },
      {
         lang: "es",
         value: "serve_notify en CVS 1.12.x a 1.12.8 y 1.11.x a 1.11.16 no maneja adecuadamente líneas de datos vacías, lo que puede permitir a atacantes remotos realizar una escritura \"fuera de límites\" en un solo byte para ejecutar código arbitrario o modificar datos críticos del programa.",
      },
   ],
   id: "CVE-2004-0418",
   lastModified: "2024-11-20T23:48:33.000",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: true,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-08-06T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc",
      },
      {
         source: "cve@mitre.org",
         url: "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=108716553923643&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://security.e-matters.de/advisories/092004.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://security.gentoo.org/glsa/glsa-200406-06.xml",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.debian.org/security/2004/dsa-519",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2004-233.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1003",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11242",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=108716553923643&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://security.e-matters.de/advisories/092004.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://security.gentoo.org/glsa/glsa-200406-06.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.debian.org/security/2004/dsa-519",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2004-233.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1003",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11242",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2003-02-07 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.
References
cve@mitre.orghttp://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html
cve@mitre.orghttp://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14Broken Link
cve@mitre.orghttp://marc.info/?l=bugtraq&m=104333092200589&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=104342550612736&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=104428571204468&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=104438807203491&w=2
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2003-013.htmlPatch, Vendor Advisory
cve@mitre.orghttp://security.e-matters.de/advisories/012003.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.cert.org/advisories/CA-2003-02.htmlUS Government Resource
cve@mitre.orghttp://www.ciac.org/ciac/bulletins/n-032.shtml
cve@mitre.orghttp://www.debian.org/security/2003/dsa-233
cve@mitre.orghttp://www.kb.cert.org/vuls/id/650937Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2003-012.html
cve@mitre.orghttp://www.securityfocus.com/bid/6650
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/11108
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html
af854a3a-2127-422b-91ae-364da2661108http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14Broken Link
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=104333092200589&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=104342550612736&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=104428571204468&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=104438807203491&w=2
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2003-013.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.e-matters.de/advisories/012003.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.cert.org/advisories/CA-2003-02.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.ciac.org/ciac/bulletins/n-032.shtml
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2003/dsa-233
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/650937Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2003-012.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/6650
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/11108
Impacted products
Vendor Product Version
freebsd freebsd 4.4
freebsd freebsd 4.5
freebsd freebsd 4.6
freebsd freebsd 4.7
freebsd freebsd 5.0
cvs cvs 1.10.7
cvs cvs 1.10.8
cvs cvs 1.11
cvs cvs 1.11.1
cvs cvs 1.11.1p1
cvs cvs 1.11.2
cvs cvs 1.11.3
cvs cvs 1.11.4



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "55C5FC1A-1253-4390-A4FC-573BB14EA937",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "44308D13-D935-4FF8-AB52-F0E115ED1AD2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "9C001822-FDF8-497C-AC2C-B59A00E9ACD2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "B86C77AB-B8FF-4376-9B4E-C88417396F3D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "61EBA52A-2D8B-4FB5-866E-AE67CE1842E7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "C9F7CA6E-7D45-46C9-A437-0D0C4D3F25CC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "62135DD0-140D-42C2-9302-31B5E2DE1A4A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "37B53C85-AA0E-40DD-B477-058586197714",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.1p1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEA5C320-0306-4A15-9AB0-4DCD01F103DF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "6D472B97-F7C2-4973-9D71-AB3CF1F8774D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D0DCF26-59A8-46AC-99D7-97C203A0D702",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B31BAACA-7518-48D2-ADEE-F59F4569D3BF",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de doble liberación de memoria en CVS 1.11.4 y anteriores permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante una petición de de directorio mal formada, como ha sido demostrado evitando las comprobaciones de escritura para ejecutar los comandos Update-prog y Checkin-prog.",
      },
   ],
   id: "CVE-2003-0015",
   lastModified: "2024-11-20T23:43:44.333",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: true,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2003-02-07T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=104333092200589&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=104342550612736&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=104428571204468&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=104438807203491&w=2",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2003-013.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://security.e-matters.de/advisories/012003.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.cert.org/advisories/CA-2003-02.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.ciac.org/ciac/bulletins/n-032.shtml",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.debian.org/security/2003/dsa-233",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/650937",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2003-012.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/6650",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/11108",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=104333092200589&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=104342550612736&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=104428571204468&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=104438807203491&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2003-013.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://security.e-matters.de/advisories/012003.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.cert.org/advisories/CA-2003-02.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ciac.org/ciac/bulletins/n-032.shtml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2003/dsa-233",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/650937",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2003-012.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/6650",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/11108",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-415",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-04-27 04:00
Modified
2024-11-20 23:50
Severity ?
Summary
CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method.
Impacted products
Vendor Product Version
cvs cvs 1.10
cvs cvs 1.10.6
cvs cvs 1.10.7
cvs cvs 1.10.8
cvs cvs 1.11
cvs cvs 1.11.1
cvs cvs 1.11.1_p1
cvs cvs 1.11.2
cvs cvs 1.11.3
cvs cvs 1.11.4
cvs cvs 1.11.5
cvs cvs 1.11.6
cvs cvs 1.11.10
cvs cvs 1.11.11
cvs cvs 1.11.14
cvs cvs 1.11.15
cvs cvs 1.11.16
cvs cvs 1.12



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "BEA94DE3-B1DA-40CC-BD60-291B0563500F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.10.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "A305C6F7-35DA-48E2-B345-14671629226D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "C9F7CA6E-7D45-46C9-A437-0D0C4D3F25CC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "62135DD0-140D-42C2-9302-31B5E2DE1A4A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "37B53C85-AA0E-40DD-B477-058586197714",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.1_p1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D1D1234F-1BB0-432B-B7B7-A97E3ADD5561",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "6D472B97-F7C2-4973-9D71-AB3CF1F8774D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D0DCF26-59A8-46AC-99D7-97C203A0D702",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B31BAACA-7518-48D2-ADEE-F59F4569D3BF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D2748A8-5047-4338-A08E-986497AE4B1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "525C4E91-2186-4D3A-9DF0-1C6A75A3F919",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB231E7F-1A6F-4A79-8ED2-F6CAD311A5A6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF7105E4-25F8-4AE3-9EDD-D44BF3E17145",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "7C22BAF3-7B9C-4B2E-B5C6-1F37B896C301",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "4AFFAE96-873A-4253-BCC7-1049DA81D9CA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "D1163535-583A-4504-BE7B-8919143CDF9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "36BFAB00-58EA-43B7-93FB-874EF4104C5B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method.",
      },
   ],
   id: "CVE-2004-1342",
   lastModified: "2024-11-20T23:50:38.923",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: true,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-04-27T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.debian.org/security/2005/dsa-715",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.debian.org/security/2005/dsa-715",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-08-06 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.
References
cve@mitre.orgftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc
cve@mitre.orghttp://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html
cve@mitre.orghttp://marc.info/?l=bugtraq&m=108716553923643&w=2
cve@mitre.orghttp://security.e-matters.de/advisories/092004.html
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200406-06.xmlVendor Advisory
cve@mitre.orghttp://www.debian.org/security/2004/dsa-519Patch, Vendor Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2004:058
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-233.html
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1001
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11145
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc
af854a3a-2127-422b-91ae-364da2661108http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=108716553923643&w=2
af854a3a-2127-422b-91ae-364da2661108http://security.e-matters.de/advisories/092004.html
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200406-06.xmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-519Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2004:058
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-233.html
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1001
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11145
Impacted products
Vendor Product Version
cvs cvs 1.10.7
cvs cvs 1.10.8
cvs cvs 1.11
cvs cvs 1.11.1
cvs cvs 1.11.1_p1
cvs cvs 1.11.2
cvs cvs 1.11.3
cvs cvs 1.11.4
cvs cvs 1.11.5
cvs cvs 1.11.6
cvs cvs 1.11.10
cvs cvs 1.11.11
cvs cvs 1.11.14
cvs cvs 1.11.15
cvs cvs 1.11.16
cvs cvs 1.12.1
cvs cvs 1.12.2
cvs cvs 1.12.5
cvs cvs 1.12.7
cvs cvs 1.12.8
openpkg openpkg *
openpkg openpkg 1.3
openpkg openpkg 2.0
sgi propack 2.4
sgi propack 3.0
gentoo linux 1.4
openbsd openbsd *
openbsd openbsd 3.4
openbsd openbsd 3.5



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "C9F7CA6E-7D45-46C9-A437-0D0C4D3F25CC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "62135DD0-140D-42C2-9302-31B5E2DE1A4A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "37B53C85-AA0E-40DD-B477-058586197714",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.1_p1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D1D1234F-1BB0-432B-B7B7-A97E3ADD5561",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "6D472B97-F7C2-4973-9D71-AB3CF1F8774D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D0DCF26-59A8-46AC-99D7-97C203A0D702",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B31BAACA-7518-48D2-ADEE-F59F4569D3BF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D2748A8-5047-4338-A08E-986497AE4B1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "525C4E91-2186-4D3A-9DF0-1C6A75A3F919",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB231E7F-1A6F-4A79-8ED2-F6CAD311A5A6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF7105E4-25F8-4AE3-9EDD-D44BF3E17145",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "7C22BAF3-7B9C-4B2E-B5C6-1F37B896C301",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "4AFFAE96-873A-4253-BCC7-1049DA81D9CA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.11.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "D1163535-583A-4504-BE7B-8919143CDF9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.12.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "766053F7-A174-4716-BF49-76B50FC79FD8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.12.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "C7D2623F-167A-4976-B757-DAC4CCFAFE64",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.12.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "FAEC4477-D040-450E-A850-8B03C937A600",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.12.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "2848AA51-9AF1-448D-955F-50B5203F7229",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:1.12.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "7B66BE64-E340-4777-B877-483FEAA66988",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openpkg:openpkg:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F74941A0-97CA-44D4-B55B-9224F051D40F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openpkg:openpkg:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "46B96764-9241-4586-9FA5-77D8D8EBE3BD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openpkg:openpkg:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "48A4B336-2D5B-4D9B-AA87-E5266FED05BD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0702A32E-E577-403C-B4D9-15037D7100A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "29DC217F-C257-4A3C-9CBD-08010C30BEC3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "65ED9D8C-604D-4B0B-A192-C0DA4D2E9AEB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CA3CDD3C-DBA6-4BA2-967D-AD746822F3CF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "9496279F-AB43-4B53-81A6-87C651ABC4BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BDA160D4-5CAB-44E7-880A-59DD98FEAD62",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Integer overflow in the \"Max-dotdot\" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.",
      },
      {
         lang: "es",
         value: "Desobordamiento de enteros en la orden de protocolo CVS \"Max-dotdot\" (serve_max_dotdot) en CVS 1.12.x a 1.12.8 y 1.11.x a 1.11.16 puede permitir a atacantes remotos causar una caída del servidor, lo que podría hacer que datos temporales permanezcan sin detectar y consumir espacio en disco.",
      },
   ],
   id: "CVE-2004-0417",
   lastModified: "2024-11-20T23:48:32.843",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-08-06T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=108716553923643&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://security.e-matters.de/advisories/092004.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://security.gentoo.org/glsa/glsa-200406-06.xml",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.debian.org/security/2004/dsa-519",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2004-233.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1001",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11145",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=108716553923643&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://security.e-matters.de/advisories/092004.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://security.gentoo.org/glsa/glsa-200406-06.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.debian.org/security/2004/dsa-519",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2004-233.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1001",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11145",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2002-03-15 05:00
Modified
2024-11-20 23:38
Severity ?
Summary
CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (server crash) via the diff capability.
Impacted products
Vendor Product Version
cvs cvs *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cvs:cvs:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8716B52E-5846-4A35-A12B-001DCFBE92A0",
                     versionEndIncluding: "1.10.8",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (server crash) via the diff capability.",
      },
      {
         lang: "es",
         value: "CVS anteriores a 1.10.8 no inicializa adecudamente una variable global, lo que permite a atacantes remotos causar una denegación de servicio (caída del servidor) mediante la capacidad diff.",
      },
   ],
   id: "CVE-2002-0092",
   lastModified: "2024-11-20T23:38:17.527",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2002-03-15T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=vuln-dev&m=101422243817321&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=vuln-dev&m=101433077724524&w=2",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.debian.org/security/2002/dsa-117",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.iss.net/security_center/static/8366.php",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2002-026.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/4234",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=vuln-dev&m=101422243817321&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=vuln-dev&m=101433077724524&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.debian.org/security/2002/dsa-117",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.iss.net/security_center/static/8366.php",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2002-026.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/4234",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

cve-2004-0180
Vulnerability from cvelistv5
Published
2004-04-16 04:00
Modified
2024-08-08 00:10
Severity ?
Summary
The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405.
References
http://secunia.com/advisories/11548third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1042vdb-entry, signature, x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9462vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/11400third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/11375third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2004/dsa-486vendor-advisory, x_refsource_DEBIAN
http://www.mandriva.com/security/advisories?name=MDKSA-2004:028vendor-advisory, x_refsource_MANDRAKE
http://secunia.com/advisories/11368third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/11380third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/15864vdb-entry, x_refsource_XF
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patchx_refsource_CONFIRM
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.400181vendor-advisory, x_refsource_SLACKWARE
ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.ascvendor-advisory, x_refsource_SGI
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.ascvendor-advisory, x_refsource_FREEBSD
http://secunia.com/advisories/11374third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/11377third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200404-13.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/11371third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2004-153.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=108636445031613&w=2vendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/11405third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2004-154.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/11391third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:10:03.820Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "11548",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/11548",
               },
               {
                  name: "oval:org.mitre.oval:def:1042",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1042",
               },
               {
                  name: "oval:org.mitre.oval:def:9462",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9462",
               },
               {
                  name: "11400",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/11400",
               },
               {
                  name: "11375",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/11375",
               },
               {
                  name: "DSA-486",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2004/dsa-486",
               },
               {
                  name: "MDKSA-2004:028",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRAKE",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:028",
               },
               {
                  name: "11368",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/11368",
               },
               {
                  name: "11380",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/11380",
               },
               {
                  name: "cvs-rcs-create-files(15864)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15864",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch",
               },
               {
                  name: "SSA:2004-108-02",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SLACKWARE",
                     "x_transferred",
                  ],
                  url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.400181",
               },
               {
                  name: "20040404-01-U",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SGI",
                     "x_transferred",
                  ],
                  url: "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc",
               },
               {
                  name: "FreeBSD-SA-04:07",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FREEBSD",
                     "x_transferred",
                  ],
                  url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc",
               },
               {
                  name: "11374",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/11374",
               },
               {
                  name: "11377",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/11377",
               },
               {
                  name: "GLSA-200404-13",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-200404-13.xml",
               },
               {
                  name: "11371",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/11371",
               },
               {
                  name: "RHSA-2004:153",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2004-153.html",
               },
               {
                  name: "FEDORA-2004-1620",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=108636445031613&w=2",
               },
               {
                  name: "11405",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/11405",
               },
               {
                  name: "RHSA-2004:154",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2004-154.html",
               },
               {
                  name: "11391",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/11391",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-04-14T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "11548",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/11548",
            },
            {
               name: "oval:org.mitre.oval:def:1042",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1042",
            },
            {
               name: "oval:org.mitre.oval:def:9462",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9462",
            },
            {
               name: "11400",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/11400",
            },
            {
               name: "11375",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/11375",
            },
            {
               name: "DSA-486",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2004/dsa-486",
            },
            {
               name: "MDKSA-2004:028",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:028",
            },
            {
               name: "11368",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/11368",
            },
            {
               name: "11380",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/11380",
            },
            {
               name: "cvs-rcs-create-files(15864)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15864",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch",
            },
            {
               name: "SSA:2004-108-02",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SLACKWARE",
               ],
               url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.400181",
            },
            {
               name: "20040404-01-U",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SGI",
               ],
               url: "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc",
            },
            {
               name: "FreeBSD-SA-04:07",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
               ],
               url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc",
            },
            {
               name: "11374",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/11374",
            },
            {
               name: "11377",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/11377",
            },
            {
               name: "GLSA-200404-13",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-200404-13.xml",
            },
            {
               name: "11371",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/11371",
            },
            {
               name: "RHSA-2004:153",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2004-153.html",
            },
            {
               name: "FEDORA-2004-1620",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://marc.info/?l=bugtraq&m=108636445031613&w=2",
            },
            {
               name: "11405",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/11405",
            },
            {
               name: "RHSA-2004:154",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2004-154.html",
            },
            {
               name: "11391",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/11391",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-0180",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "11548",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/11548",
                  },
                  {
                     name: "oval:org.mitre.oval:def:1042",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1042",
                  },
                  {
                     name: "oval:org.mitre.oval:def:9462",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9462",
                  },
                  {
                     name: "11400",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/11400",
                  },
                  {
                     name: "11375",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/11375",
                  },
                  {
                     name: "DSA-486",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2004/dsa-486",
                  },
                  {
                     name: "MDKSA-2004:028",
                     refsource: "MANDRAKE",
                     url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:028",
                  },
                  {
                     name: "11368",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/11368",
                  },
                  {
                     name: "11380",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/11380",
                  },
                  {
                     name: "cvs-rcs-create-files(15864)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15864",
                  },
                  {
                     name: "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch",
                     refsource: "CONFIRM",
                     url: "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch",
                  },
                  {
                     name: "SSA:2004-108-02",
                     refsource: "SLACKWARE",
                     url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.400181",
                  },
                  {
                     name: "20040404-01-U",
                     refsource: "SGI",
                     url: "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc",
                  },
                  {
                     name: "FreeBSD-SA-04:07",
                     refsource: "FREEBSD",
                     url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc",
                  },
                  {
                     name: "11374",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/11374",
                  },
                  {
                     name: "11377",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/11377",
                  },
                  {
                     name: "GLSA-200404-13",
                     refsource: "GENTOO",
                     url: "http://security.gentoo.org/glsa/glsa-200404-13.xml",
                  },
                  {
                     name: "11371",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/11371",
                  },
                  {
                     name: "RHSA-2004:153",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2004-153.html",
                  },
                  {
                     name: "FEDORA-2004-1620",
                     refsource: "FEDORA",
                     url: "http://marc.info/?l=bugtraq&m=108636445031613&w=2",
                  },
                  {
                     name: "11405",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/11405",
                  },
                  {
                     name: "RHSA-2004:154",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2004-154.html",
                  },
                  {
                     name: "11391",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/11391",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-0180",
      datePublished: "2004-04-16T04:00:00",
      dateReserved: "2004-02-25T00:00:00",
      dateUpdated: "2024-08-08T00:10:03.820Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2000-0679
Vulnerability from cvelistv5
Published
2001-01-22 05:00
Modified
2024-08-08 05:28
Severity ?
Summary
The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T05:28:41.109Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20000728 cvs security problem",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org",
               },
               {
                  name: "1523",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/1523",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2000-07-28T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2005-11-02T10:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "20000728 cvs security problem",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org",
            },
            {
               name: "1523",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/1523",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2000-0679",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20000728 cvs security problem",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org",
                  },
                  {
                     name: "1523",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/1523",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2000-0679",
      datePublished: "2001-01-22T05:00:00",
      dateReserved: "2000-09-19T00:00:00",
      dateUpdated: "2024-08-08T05:28:41.109Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-0416
Vulnerability from cvelistv5
Published
2004-06-11 04:00
Modified
2024-08-08 00:17
Severity ?
Summary
Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:17:14.603Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "DSA-519",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2004/dsa-519",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://security.e-matters.de/advisories/092004.html",
               },
               {
                  name: "20040605-01-U",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SGI",
                     "x_transferred",
                  ],
                  url: "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc",
               },
               {
                  name: "20040611 [OpenPKG-SA-2004.027] OpenPKG Security Advisory (cvs)",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=108716553923643&w=2",
               },
               {
                  name: "oval:org.mitre.oval:def:10070",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10070",
               },
               {
                  name: "RHSA-2004:233",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2004-233.html",
               },
               {
                  name: "MDKSA-2004:058",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRAKE",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058",
               },
               {
                  name: "GLSA-200406-06",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-200406-06.xml",
               },
               {
                  name: "20040604-01-U",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SGI",
                     "x_transferred",
                  ],
                  url: "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc",
               },
               {
                  name: "oval:org.mitre.oval:def:994",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A994",
               },
               {
                  name: "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-06-09T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "DSA-519",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2004/dsa-519",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://security.e-matters.de/advisories/092004.html",
            },
            {
               name: "20040605-01-U",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SGI",
               ],
               url: "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc",
            },
            {
               name: "20040611 [OpenPKG-SA-2004.027] OpenPKG Security Advisory (cvs)",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://marc.info/?l=bugtraq&m=108716553923643&w=2",
            },
            {
               name: "oval:org.mitre.oval:def:10070",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10070",
            },
            {
               name: "RHSA-2004:233",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2004-233.html",
            },
            {
               name: "MDKSA-2004:058",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058",
            },
            {
               name: "GLSA-200406-06",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-200406-06.xml",
            },
            {
               name: "20040604-01-U",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SGI",
               ],
               url: "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc",
            },
            {
               name: "oval:org.mitre.oval:def:994",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A994",
            },
            {
               name: "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-0416",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "DSA-519",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2004/dsa-519",
                  },
                  {
                     name: "http://security.e-matters.de/advisories/092004.html",
                     refsource: "MISC",
                     url: "http://security.e-matters.de/advisories/092004.html",
                  },
                  {
                     name: "20040605-01-U",
                     refsource: "SGI",
                     url: "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc",
                  },
                  {
                     name: "20040611 [OpenPKG-SA-2004.027] OpenPKG Security Advisory (cvs)",
                     refsource: "BUGTRAQ",
                     url: "http://marc.info/?l=bugtraq&m=108716553923643&w=2",
                  },
                  {
                     name: "oval:org.mitre.oval:def:10070",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10070",
                  },
                  {
                     name: "RHSA-2004:233",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2004-233.html",
                  },
                  {
                     name: "MDKSA-2004:058",
                     refsource: "MANDRAKE",
                     url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058",
                  },
                  {
                     name: "GLSA-200406-06",
                     refsource: "GENTOO",
                     url: "http://security.gentoo.org/glsa/glsa-200406-06.xml",
                  },
                  {
                     name: "20040604-01-U",
                     refsource: "SGI",
                     url: "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc",
                  },
                  {
                     name: "oval:org.mitre.oval:def:994",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A994",
                  },
                  {
                     name: "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
                     refsource: "FULLDISC",
                     url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-0416",
      datePublished: "2004-06-11T04:00:00",
      dateReserved: "2004-04-16T00:00:00",
      dateUpdated: "2024-08-08T00:17:14.603Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-0778
Vulnerability from cvelistv5
Published
2004-08-18 04:00
Modified
2024-08-08 00:31
Severity ?
Summary
CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:31:47.840Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "10955",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/10955",
               },
               {
                  name: "MDKSA-2004:108",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRAKE",
                     "x_transferred",
                  ],
                  url: "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:108",
               },
               {
                  name: "oval:org.mitre.oval:def:10688",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10688",
               },
               {
                  name: "20040816 CVS Undocumented Flag Information Disclosure Vulnerability",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_IDEFENSE",
                     "x_transferred",
                  ],
                  url: "http://www.idefense.com/application/poi/display?id=130&type=vulnerabilities",
               },
               {
                  name: "cvs-history-info-disclosure(17001)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17001",
               },
               {
                  name: "VU#579225",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/579225",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-08-16T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "10955",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/10955",
            },
            {
               name: "MDKSA-2004:108",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
               ],
               url: "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:108",
            },
            {
               name: "oval:org.mitre.oval:def:10688",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10688",
            },
            {
               name: "20040816 CVS Undocumented Flag Information Disclosure Vulnerability",
               tags: [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
               ],
               url: "http://www.idefense.com/application/poi/display?id=130&type=vulnerabilities",
            },
            {
               name: "cvs-history-info-disclosure(17001)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17001",
            },
            {
               name: "VU#579225",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "http://www.kb.cert.org/vuls/id/579225",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-0778",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "10955",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/10955",
                  },
                  {
                     name: "MDKSA-2004:108",
                     refsource: "MANDRAKE",
                     url: "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:108",
                  },
                  {
                     name: "oval:org.mitre.oval:def:10688",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10688",
                  },
                  {
                     name: "20040816 CVS Undocumented Flag Information Disclosure Vulnerability",
                     refsource: "IDEFENSE",
                     url: "http://www.idefense.com/application/poi/display?id=130&type=vulnerabilities",
                  },
                  {
                     name: "cvs-history-info-disclosure(17001)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17001",
                  },
                  {
                     name: "VU#579225",
                     refsource: "CERT-VN",
                     url: "http://www.kb.cert.org/vuls/id/579225",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-0778",
      datePublished: "2004-08-18T04:00:00",
      dateReserved: "2004-08-11T00:00:00",
      dateUpdated: "2024-08-08T00:31:47.840Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-0414
Vulnerability from cvelistv5
Published
2004-06-11 04:00
Modified
2024-08-08 00:17
Severity ?
Summary
CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:17:14.669Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "oval:org.mitre.oval:def:10575",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10575",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://security.e-matters.de/advisories/092004.html",
               },
               {
                  name: "20040605-01-U",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SGI",
                     "x_transferred",
                  ],
                  url: "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc",
               },
               {
                  name: "DSA-517",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2004/dsa-517",
               },
               {
                  name: "oval:org.mitre.oval:def:993",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A993",
               },
               {
                  name: "20040611 [OpenPKG-SA-2004.027] OpenPKG Security Advisory (cvs)",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=108716553923643&w=2",
               },
               {
                  name: "RHSA-2004:233",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2004-233.html",
               },
               {
                  name: "MDKSA-2004:058",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRAKE",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058",
               },
               {
                  name: "GLSA-200406-06",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-200406-06.xml",
               },
               {
                  name: "20040604-01-U",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SGI",
                     "x_transferred",
                  ],
                  url: "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc",
               },
               {
                  name: "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-06-09T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed \"Entry\" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "oval:org.mitre.oval:def:10575",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10575",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://security.e-matters.de/advisories/092004.html",
            },
            {
               name: "20040605-01-U",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SGI",
               ],
               url: "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc",
            },
            {
               name: "DSA-517",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2004/dsa-517",
            },
            {
               name: "oval:org.mitre.oval:def:993",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A993",
            },
            {
               name: "20040611 [OpenPKG-SA-2004.027] OpenPKG Security Advisory (cvs)",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://marc.info/?l=bugtraq&m=108716553923643&w=2",
            },
            {
               name: "RHSA-2004:233",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2004-233.html",
            },
            {
               name: "MDKSA-2004:058",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058",
            },
            {
               name: "GLSA-200406-06",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-200406-06.xml",
            },
            {
               name: "20040604-01-U",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SGI",
               ],
               url: "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc",
            },
            {
               name: "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-0414",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed \"Entry\" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "oval:org.mitre.oval:def:10575",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10575",
                  },
                  {
                     name: "http://security.e-matters.de/advisories/092004.html",
                     refsource: "MISC",
                     url: "http://security.e-matters.de/advisories/092004.html",
                  },
                  {
                     name: "20040605-01-U",
                     refsource: "SGI",
                     url: "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc",
                  },
                  {
                     name: "DSA-517",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2004/dsa-517",
                  },
                  {
                     name: "oval:org.mitre.oval:def:993",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A993",
                  },
                  {
                     name: "20040611 [OpenPKG-SA-2004.027] OpenPKG Security Advisory (cvs)",
                     refsource: "BUGTRAQ",
                     url: "http://marc.info/?l=bugtraq&m=108716553923643&w=2",
                  },
                  {
                     name: "RHSA-2004:233",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2004-233.html",
                  },
                  {
                     name: "MDKSA-2004:058",
                     refsource: "MANDRAKE",
                     url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058",
                  },
                  {
                     name: "GLSA-200406-06",
                     refsource: "GENTOO",
                     url: "http://security.gentoo.org/glsa/glsa-200406-06.xml",
                  },
                  {
                     name: "20040604-01-U",
                     refsource: "SGI",
                     url: "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc",
                  },
                  {
                     name: "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
                     refsource: "FULLDISC",
                     url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-0414",
      datePublished: "2004-06-11T04:00:00",
      dateReserved: "2004-04-16T00:00:00",
      dateUpdated: "2024-08-08T00:17:14.669Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-1342
Vulnerability from cvelistv5
Published
2005-04-27 04:00
Modified
2024-09-16 22:55
Severity ?
Summary
CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method.
References
http://www.debian.org/security/2005/dsa-715vendor-advisory, x_refsource_DEBIAN
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:46:12.507Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "DSA-715",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2005/dsa-715",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2005-04-27T04:00:00Z",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "DSA-715",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2005/dsa-715",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-1342",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "DSA-715",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2005/dsa-715",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-1342",
      datePublished: "2005-04-27T04:00:00Z",
      dateReserved: "2005-01-06T00:00:00Z",
      dateUpdated: "2024-09-16T22:55:47.901Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-0418
Vulnerability from cvelistv5
Published
2004-06-11 04:00
Modified
2024-08-08 00:17
Severity ?
Summary
serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:17:14.976Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "DSA-519",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2004/dsa-519",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://security.e-matters.de/advisories/092004.html",
               },
               {
                  name: "oval:org.mitre.oval:def:11242",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11242",
               },
               {
                  name: "20040605-01-U",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SGI",
                     "x_transferred",
                  ],
                  url: "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc",
               },
               {
                  name: "oval:org.mitre.oval:def:1003",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1003",
               },
               {
                  name: "20040611 [OpenPKG-SA-2004.027] OpenPKG Security Advisory (cvs)",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=108716553923643&w=2",
               },
               {
                  name: "RHSA-2004:233",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2004-233.html",
               },
               {
                  name: "MDKSA-2004:058",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRAKE",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058",
               },
               {
                  name: "GLSA-200406-06",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-200406-06.xml",
               },
               {
                  name: "20040604-01-U",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SGI",
                     "x_transferred",
                  ],
                  url: "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc",
               },
               {
                  name: "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-06-09T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an \"out-of-bounds\" write for a single byte to execute arbitrary code or modify critical program data.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "DSA-519",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2004/dsa-519",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://security.e-matters.de/advisories/092004.html",
            },
            {
               name: "oval:org.mitre.oval:def:11242",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11242",
            },
            {
               name: "20040605-01-U",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SGI",
               ],
               url: "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc",
            },
            {
               name: "oval:org.mitre.oval:def:1003",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1003",
            },
            {
               name: "20040611 [OpenPKG-SA-2004.027] OpenPKG Security Advisory (cvs)",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://marc.info/?l=bugtraq&m=108716553923643&w=2",
            },
            {
               name: "RHSA-2004:233",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2004-233.html",
            },
            {
               name: "MDKSA-2004:058",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058",
            },
            {
               name: "GLSA-200406-06",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-200406-06.xml",
            },
            {
               name: "20040604-01-U",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SGI",
               ],
               url: "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc",
            },
            {
               name: "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-0418",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an \"out-of-bounds\" write for a single byte to execute arbitrary code or modify critical program data.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "DSA-519",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2004/dsa-519",
                  },
                  {
                     name: "http://security.e-matters.de/advisories/092004.html",
                     refsource: "MISC",
                     url: "http://security.e-matters.de/advisories/092004.html",
                  },
                  {
                     name: "oval:org.mitre.oval:def:11242",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11242",
                  },
                  {
                     name: "20040605-01-U",
                     refsource: "SGI",
                     url: "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc",
                  },
                  {
                     name: "oval:org.mitre.oval:def:1003",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1003",
                  },
                  {
                     name: "20040611 [OpenPKG-SA-2004.027] OpenPKG Security Advisory (cvs)",
                     refsource: "BUGTRAQ",
                     url: "http://marc.info/?l=bugtraq&m=108716553923643&w=2",
                  },
                  {
                     name: "RHSA-2004:233",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2004-233.html",
                  },
                  {
                     name: "MDKSA-2004:058",
                     refsource: "MANDRAKE",
                     url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058",
                  },
                  {
                     name: "GLSA-200406-06",
                     refsource: "GENTOO",
                     url: "http://security.gentoo.org/glsa/glsa-200406-06.xml",
                  },
                  {
                     name: "20040604-01-U",
                     refsource: "SGI",
                     url: "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc",
                  },
                  {
                     name: "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
                     refsource: "FULLDISC",
                     url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-0418",
      datePublished: "2004-06-11T04:00:00",
      dateReserved: "2004-04-16T00:00:00",
      dateUpdated: "2024-08-08T00:17:14.976Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2002-0092
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 02:35
Severity ?
Summary
CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (server crash) via the diff capability.
References
http://www.securityfocus.com/bid/4234vdb-entry, x_refsource_BID
http://marc.info/?l=vuln-dev&m=101422243817321&w=2mailing-list, x_refsource_VULN-DEV
http://marc.info/?l=vuln-dev&m=101433077724524&w=2mailing-list, x_refsource_VULN-DEV
http://www.redhat.com/support/errata/RHSA-2002-026.htmlvendor-advisory, x_refsource_REDHAT
http://www.iss.net/security_center/static/8366.phpvdb-entry, x_refsource_XF
http://www.debian.org/security/2002/dsa-117vendor-advisory, x_refsource_DEBIAN
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T02:35:17.572Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "4234",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/4234",
               },
               {
                  name: "20020220 Help needed with bufferoverflow in cvs",
                  tags: [
                     "mailing-list",
                     "x_refsource_VULN-DEV",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=vuln-dev&m=101422243817321&w=2",
               },
               {
                  name: "20020220 Re: [Fwd: Help needed with bufferoverflow in cvs]",
                  tags: [
                     "mailing-list",
                     "x_refsource_VULN-DEV",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=vuln-dev&m=101433077724524&w=2",
               },
               {
                  name: "RHSA-2002:026",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2002-026.html",
               },
               {
                  name: "cvs-global-var-dos(8366)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "http://www.iss.net/security_center/static/8366.php",
               },
               {
                  name: "DSA-117",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2002/dsa-117",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2002-02-20T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (server crash) via the diff capability.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2002-06-16T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "4234",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/4234",
            },
            {
               name: "20020220 Help needed with bufferoverflow in cvs",
               tags: [
                  "mailing-list",
                  "x_refsource_VULN-DEV",
               ],
               url: "http://marc.info/?l=vuln-dev&m=101422243817321&w=2",
            },
            {
               name: "20020220 Re: [Fwd: Help needed with bufferoverflow in cvs]",
               tags: [
                  "mailing-list",
                  "x_refsource_VULN-DEV",
               ],
               url: "http://marc.info/?l=vuln-dev&m=101433077724524&w=2",
            },
            {
               name: "RHSA-2002:026",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2002-026.html",
            },
            {
               name: "cvs-global-var-dos(8366)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "http://www.iss.net/security_center/static/8366.php",
            },
            {
               name: "DSA-117",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2002/dsa-117",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2002-0092",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (server crash) via the diff capability.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "4234",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/4234",
                  },
                  {
                     name: "20020220 Help needed with bufferoverflow in cvs",
                     refsource: "VULN-DEV",
                     url: "http://marc.info/?l=vuln-dev&m=101422243817321&w=2",
                  },
                  {
                     name: "20020220 Re: [Fwd: Help needed with bufferoverflow in cvs]",
                     refsource: "VULN-DEV",
                     url: "http://marc.info/?l=vuln-dev&m=101433077724524&w=2",
                  },
                  {
                     name: "RHSA-2002:026",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2002-026.html",
                  },
                  {
                     name: "cvs-global-var-dos(8366)",
                     refsource: "XF",
                     url: "http://www.iss.net/security_center/static/8366.php",
                  },
                  {
                     name: "DSA-117",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2002/dsa-117",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2002-0092",
      datePublished: "2002-06-25T04:00:00",
      dateReserved: "2002-03-08T00:00:00",
      dateUpdated: "2024-08-08T02:35:17.572Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2012-0804
Vulnerability from cvelistv5
Published
2012-05-29 20:00
Modified
2024-08-06 18:38
Severity ?
Summary
Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.
References
http://lists.opensuse.org/opensuse-updates/2012-02/msg00064.htmlvendor-advisory, x_refsource_SUSE
http://www.securitytracker.com/id?1026719vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/48150third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/73097vdb-entry, x_refsource_XF
http://rhn.redhat.com/errata/RHSA-2012-0321.htmlvendor-advisory, x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDVSA-2012:044vendor-advisory, x_refsource_MANDRIVA
http://www.osvdb.org/78987vdb-entry, x_refsource_OSVDB
http://secunia.com/advisories/48142third-party-advisory, x_refsource_SECUNIA
http://ubuntu.com/usn/usn-1371-1vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/47869third-party-advisory, x_refsource_SECUNIA
https://security.gentoo.org/glsa/201701-44vendor-advisory, x_refsource_GENTOO
https://bugzilla.redhat.com/show_bug.cgi?id=784141x_refsource_MISC
http://www.debian.org/security/2012/dsa-2407vendor-advisory, x_refsource_DEBIAN
http://www.securityfocus.com/bid/51943vdb-entry, x_refsource_BID
http://secunia.com/advisories/48063third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T18:38:14.402Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "openSUSE-SU-2012:0310",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2012-02/msg00064.html",
               },
               {
                  name: "1026719",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1026719",
               },
               {
                  name: "48150",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/48150",
               },
               {
                  name: "cvs-proxyconnect-bo(73097)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/73097",
               },
               {
                  name: "RHSA-2012:0321",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2012-0321.html",
               },
               {
                  name: "MDVSA-2012:044",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:044",
               },
               {
                  name: "78987",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://www.osvdb.org/78987",
               },
               {
                  name: "48142",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/48142",
               },
               {
                  name: "USN-1371-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://ubuntu.com/usn/usn-1371-1",
               },
               {
                  name: "47869",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/47869",
               },
               {
                  name: "GLSA-201701-44",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201701-44",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=784141",
               },
               {
                  name: "DSA-2407",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2012/dsa-2407",
               },
               {
                  name: "51943",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/51943",
               },
               {
                  name: "48063",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/48063",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2012-02-06T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-01-17T19:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "openSUSE-SU-2012:0310",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2012-02/msg00064.html",
            },
            {
               name: "1026719",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1026719",
            },
            {
               name: "48150",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/48150",
            },
            {
               name: "cvs-proxyconnect-bo(73097)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/73097",
            },
            {
               name: "RHSA-2012:0321",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2012-0321.html",
            },
            {
               name: "MDVSA-2012:044",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:044",
            },
            {
               name: "78987",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://www.osvdb.org/78987",
            },
            {
               name: "48142",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/48142",
            },
            {
               name: "USN-1371-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://ubuntu.com/usn/usn-1371-1",
            },
            {
               name: "47869",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/47869",
            },
            {
               name: "GLSA-201701-44",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201701-44",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=784141",
            },
            {
               name: "DSA-2407",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2012/dsa-2407",
            },
            {
               name: "51943",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/51943",
            },
            {
               name: "48063",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/48063",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2012-0804",
      datePublished: "2012-05-29T20:00:00",
      dateReserved: "2012-01-19T00:00:00",
      dateUpdated: "2024-08-06T18:38:14.402Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-0417
Vulnerability from cvelistv5
Published
2004-06-11 04:00
Modified
2024-08-08 00:17
Severity ?
Summary
Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:17:14.946Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "oval:org.mitre.oval:def:11145",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11145",
               },
               {
                  name: "DSA-519",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2004/dsa-519",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://security.e-matters.de/advisories/092004.html",
               },
               {
                  name: "20040605-01-U",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SGI",
                     "x_transferred",
                  ],
                  url: "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc",
               },
               {
                  name: "20040611 [OpenPKG-SA-2004.027] OpenPKG Security Advisory (cvs)",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=108716553923643&w=2",
               },
               {
                  name: "RHSA-2004:233",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2004-233.html",
               },
               {
                  name: "MDKSA-2004:058",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRAKE",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058",
               },
               {
                  name: "GLSA-200406-06",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-200406-06.xml",
               },
               {
                  name: "oval:org.mitre.oval:def:1001",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1001",
               },
               {
                  name: "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-06-09T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Integer overflow in the \"Max-dotdot\" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "oval:org.mitre.oval:def:11145",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11145",
            },
            {
               name: "DSA-519",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2004/dsa-519",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://security.e-matters.de/advisories/092004.html",
            },
            {
               name: "20040605-01-U",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SGI",
               ],
               url: "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc",
            },
            {
               name: "20040611 [OpenPKG-SA-2004.027] OpenPKG Security Advisory (cvs)",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://marc.info/?l=bugtraq&m=108716553923643&w=2",
            },
            {
               name: "RHSA-2004:233",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2004-233.html",
            },
            {
               name: "MDKSA-2004:058",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058",
            },
            {
               name: "GLSA-200406-06",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-200406-06.xml",
            },
            {
               name: "oval:org.mitre.oval:def:1001",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1001",
            },
            {
               name: "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-0417",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Integer overflow in the \"Max-dotdot\" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "oval:org.mitre.oval:def:11145",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11145",
                  },
                  {
                     name: "DSA-519",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2004/dsa-519",
                  },
                  {
                     name: "http://security.e-matters.de/advisories/092004.html",
                     refsource: "MISC",
                     url: "http://security.e-matters.de/advisories/092004.html",
                  },
                  {
                     name: "20040605-01-U",
                     refsource: "SGI",
                     url: "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc",
                  },
                  {
                     name: "20040611 [OpenPKG-SA-2004.027] OpenPKG Security Advisory (cvs)",
                     refsource: "BUGTRAQ",
                     url: "http://marc.info/?l=bugtraq&m=108716553923643&w=2",
                  },
                  {
                     name: "RHSA-2004:233",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2004-233.html",
                  },
                  {
                     name: "MDKSA-2004:058",
                     refsource: "MANDRAKE",
                     url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058",
                  },
                  {
                     name: "GLSA-200406-06",
                     refsource: "GENTOO",
                     url: "http://security.gentoo.org/glsa/glsa-200406-06.xml",
                  },
                  {
                     name: "oval:org.mitre.oval:def:1001",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1001",
                  },
                  {
                     name: "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
                     refsource: "FULLDISC",
                     url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-0417",
      datePublished: "2004-06-11T04:00:00",
      dateReserved: "2004-04-16T00:00:00",
      dateUpdated: "2024-08-08T00:17:14.946Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2003-0977
Vulnerability from cvelistv5
Published
2003-12-10 05:00
Modified
2024-08-08 02:12
Severity ?
Summary
CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855vdb-entry, signature, x_refsource_OVAL
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.ascvendor-advisory, x_refsource_SGI
http://marc.info/?l=bugtraq&m=107540163908129&w=2mailing-list, x_refsource_BUGTRAQ
http://www.mandriva.com/security/advisories?name=MDKSA-2003:112vendor-advisory, x_refsource_MANDRAKE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866vdb-entry, signature, x_refsource_OVAL
http://www.debian.org/security/2004/dsa-422vendor-advisory, x_refsource_DEBIAN
http://www.redhat.com/support/errata/RHSA-2004-003.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/10601third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528vdb-entry, signature, x_refsource_OVAL
http://marc.info/?l=bugtraq&m=107168035515554&w=2mailing-list, x_refsource_BUGTRAQ
http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1x_refsource_CONFIRM
ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.ascvendor-advisory, x_refsource_SGI
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000808vendor-advisory, x_refsource_CONECTIVA
http://www.redhat.com/support/errata/RHSA-2004-004.htmlvendor-advisory, x_refsource_REDHAT
https://exchange.xforce.ibmcloud.com/vulnerabilities/13929vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T02:12:35.454Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "oval:org.mitre.oval:def:855",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855",
               },
               {
                  name: "20040202-01-U",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SGI",
                     "x_transferred",
                  ],
                  url: "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc",
               },
               {
                  name: "20040129 [FLSA-2004:1207] Updated cvs resolves security vulnerability",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=107540163908129&w=2",
               },
               {
                  name: "MDKSA-2003:112",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRAKE",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDKSA-2003:112",
               },
               {
                  name: "oval:org.mitre.oval:def:866",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866",
               },
               {
                  name: "DSA-422",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2004/dsa-422",
               },
               {
                  name: "RHSA-2004:003",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2004-003.html",
               },
               {
                  name: "10601",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/10601",
               },
               {
                  name: "oval:org.mitre.oval:def:11528",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528",
               },
               {
                  name: "20031217 [OpenPKG-SA-2003.052] OpenPKG Security Advisory (cvs)",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=107168035515554&w=2",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1",
               },
               {
                  name: "20040103-01-U",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SGI",
                     "x_transferred",
                  ],
                  url: "ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc",
               },
               {
                  name: "CLA-2004:808",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CONECTIVA",
                     "x_transferred",
                  ],
                  url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000808",
               },
               {
                  name: "RHSA-2004:004",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2004-004.html",
               },
               {
                  name: "cvs-module-file-manipulation(13929)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/13929",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2003-12-04T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "oval:org.mitre.oval:def:855",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855",
            },
            {
               name: "20040202-01-U",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SGI",
               ],
               url: "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc",
            },
            {
               name: "20040129 [FLSA-2004:1207] Updated cvs resolves security vulnerability",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://marc.info/?l=bugtraq&m=107540163908129&w=2",
            },
            {
               name: "MDKSA-2003:112",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDKSA-2003:112",
            },
            {
               name: "oval:org.mitre.oval:def:866",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866",
            },
            {
               name: "DSA-422",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2004/dsa-422",
            },
            {
               name: "RHSA-2004:003",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2004-003.html",
            },
            {
               name: "10601",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/10601",
            },
            {
               name: "oval:org.mitre.oval:def:11528",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528",
            },
            {
               name: "20031217 [OpenPKG-SA-2003.052] OpenPKG Security Advisory (cvs)",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://marc.info/?l=bugtraq&m=107168035515554&w=2",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1",
            },
            {
               name: "20040103-01-U",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SGI",
               ],
               url: "ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc",
            },
            {
               name: "CLA-2004:808",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CONECTIVA",
               ],
               url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000808",
            },
            {
               name: "RHSA-2004:004",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2004-004.html",
            },
            {
               name: "cvs-module-file-manipulation(13929)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/13929",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2003-0977",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "oval:org.mitre.oval:def:855",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855",
                  },
                  {
                     name: "20040202-01-U",
                     refsource: "SGI",
                     url: "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc",
                  },
                  {
                     name: "20040129 [FLSA-2004:1207] Updated cvs resolves security vulnerability",
                     refsource: "BUGTRAQ",
                     url: "http://marc.info/?l=bugtraq&m=107540163908129&w=2",
                  },
                  {
                     name: "MDKSA-2003:112",
                     refsource: "MANDRAKE",
                     url: "http://www.mandriva.com/security/advisories?name=MDKSA-2003:112",
                  },
                  {
                     name: "oval:org.mitre.oval:def:866",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866",
                  },
                  {
                     name: "DSA-422",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2004/dsa-422",
                  },
                  {
                     name: "RHSA-2004:003",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2004-003.html",
                  },
                  {
                     name: "10601",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/10601",
                  },
                  {
                     name: "oval:org.mitre.oval:def:11528",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528",
                  },
                  {
                     name: "20031217 [OpenPKG-SA-2003.052] OpenPKG Security Advisory (cvs)",
                     refsource: "BUGTRAQ",
                     url: "http://marc.info/?l=bugtraq&m=107168035515554&w=2",
                  },
                  {
                     name: "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1",
                     refsource: "CONFIRM",
                     url: "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1",
                  },
                  {
                     name: "20040103-01-U",
                     refsource: "SGI",
                     url: "ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc",
                  },
                  {
                     name: "CLA-2004:808",
                     refsource: "CONECTIVA",
                     url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000808",
                  },
                  {
                     name: "RHSA-2004:004",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2004-004.html",
                  },
                  {
                     name: "cvs-module-file-manipulation(13929)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/13929",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2003-0977",
      datePublished: "2003-12-10T05:00:00",
      dateReserved: "2003-12-09T00:00:00",
      dateUpdated: "2024-08-08T02:12:35.454Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2003-0015
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 01:36
Severity ?
Summary
Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.
References
http://www.redhat.com/support/errata/RHSA-2003-012.htmlvendor-advisory, x_refsource_REDHAT
http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=104342550612736&w=2mailing-list, x_refsource_BUGTRAQ
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009vendor-advisory, x_refsource_MANDRAKE
http://marc.info/?l=bugtraq&m=104438807203491&w=2vendor-advisory, x_refsource_FREEBSD
http://www.securityfocus.com/bid/6650vdb-entry, x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/11108vdb-entry, x_refsource_XF
http://marc.info/?l=bugtraq&m=104333092200589&w=2mailing-list, x_refsource_BUGTRAQ
http://rhn.redhat.com/errata/RHSA-2003-013.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=104428571204468&w=2mailing-list, x_refsource_BUGTRAQ
http://www.debian.org/security/2003/dsa-233vendor-advisory, x_refsource_DEBIAN
http://www.kb.cert.org/vuls/id/650937third-party-advisory, x_refsource_CERT-VN
http://security.e-matters.de/advisories/012003.htmlx_refsource_MISC
http://www.cert.org/advisories/CA-2003-02.htmlthird-party-advisory, x_refsource_CERT
http://www.ciac.org/ciac/bulletins/n-032.shtmlthird-party-advisory, government-resource, x_refsource_CIAC
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.htmlmailing-list, x_refsource_VULNWATCH
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T01:36:25.368Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2003:012",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2003-012.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14",
               },
               {
                  name: "20030124 Test program for CVS double-free.",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=104342550612736&w=2",
               },
               {
                  name: "MDKSA-2003:009",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRAKE",
                     "x_transferred",
                  ],
                  url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009",
               },
               {
                  name: "FreeBSD-SA-03:01",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FREEBSD",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=104438807203491&w=2",
               },
               {
                  name: "6650",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/6650",
               },
               {
                  name: "cvs-doublefree-memory-corruption(11108)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/11108",
               },
               {
                  name: "20030122 [security@slackware.com: [slackware-security] New CVS packages available]",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=104333092200589&w=2",
               },
               {
                  name: "RHSA-2003:013",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2003-013.html",
               },
               {
                  name: "20030202 Exploit for CVS double free() for Linux pserver",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=104428571204468&w=2",
               },
               {
                  name: "DSA-233",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2003/dsa-233",
               },
               {
                  name: "VU#650937",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/650937",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://security.e-matters.de/advisories/012003.html",
               },
               {
                  name: "CA-2003-02",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT",
                     "x_transferred",
                  ],
                  url: "http://www.cert.org/advisories/CA-2003-02.html",
               },
               {
                  name: "N-032",
                  tags: [
                     "third-party-advisory",
                     "government-resource",
                     "x_refsource_CIAC",
                     "x_transferred",
                  ],
                  url: "http://www.ciac.org/ciac/bulletins/n-032.shtml",
               },
               {
                  name: "20030120 Advisory 01/2003: CVS remote vulnerability",
                  tags: [
                     "mailing-list",
                     "x_refsource_VULNWATCH",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2003-01-20T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2007-11-29T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "RHSA-2003:012",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2003-012.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14",
            },
            {
               name: "20030124 Test program for CVS double-free.",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://marc.info/?l=bugtraq&m=104342550612736&w=2",
            },
            {
               name: "MDKSA-2003:009",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
               ],
               url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009",
            },
            {
               name: "FreeBSD-SA-03:01",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
               ],
               url: "http://marc.info/?l=bugtraq&m=104438807203491&w=2",
            },
            {
               name: "6650",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/6650",
            },
            {
               name: "cvs-doublefree-memory-corruption(11108)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/11108",
            },
            {
               name: "20030122 [security@slackware.com: [slackware-security] New CVS packages available]",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://marc.info/?l=bugtraq&m=104333092200589&w=2",
            },
            {
               name: "RHSA-2003:013",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2003-013.html",
            },
            {
               name: "20030202 Exploit for CVS double free() for Linux pserver",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://marc.info/?l=bugtraq&m=104428571204468&w=2",
            },
            {
               name: "DSA-233",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2003/dsa-233",
            },
            {
               name: "VU#650937",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "http://www.kb.cert.org/vuls/id/650937",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://security.e-matters.de/advisories/012003.html",
            },
            {
               name: "CA-2003-02",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT",
               ],
               url: "http://www.cert.org/advisories/CA-2003-02.html",
            },
            {
               name: "N-032",
               tags: [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
               ],
               url: "http://www.ciac.org/ciac/bulletins/n-032.shtml",
            },
            {
               name: "20030120 Advisory 01/2003: CVS remote vulnerability",
               tags: [
                  "mailing-list",
                  "x_refsource_VULNWATCH",
               ],
               url: "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2003-0015",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "RHSA-2003:012",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2003-012.html",
                  },
                  {
                     name: "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14",
                     refsource: "CONFIRM",
                     url: "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14",
                  },
                  {
                     name: "20030124 Test program for CVS double-free.",
                     refsource: "BUGTRAQ",
                     url: "http://marc.info/?l=bugtraq&m=104342550612736&w=2",
                  },
                  {
                     name: "MDKSA-2003:009",
                     refsource: "MANDRAKE",
                     url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009",
                  },
                  {
                     name: "FreeBSD-SA-03:01",
                     refsource: "FREEBSD",
                     url: "http://marc.info/?l=bugtraq&m=104438807203491&w=2",
                  },
                  {
                     name: "6650",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/6650",
                  },
                  {
                     name: "cvs-doublefree-memory-corruption(11108)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/11108",
                  },
                  {
                     name: "20030122 [security@slackware.com: [slackware-security] New CVS packages available]",
                     refsource: "BUGTRAQ",
                     url: "http://marc.info/?l=bugtraq&m=104333092200589&w=2",
                  },
                  {
                     name: "RHSA-2003:013",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2003-013.html",
                  },
                  {
                     name: "20030202 Exploit for CVS double free() for Linux pserver",
                     refsource: "BUGTRAQ",
                     url: "http://marc.info/?l=bugtraq&m=104428571204468&w=2",
                  },
                  {
                     name: "DSA-233",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2003/dsa-233",
                  },
                  {
                     name: "VU#650937",
                     refsource: "CERT-VN",
                     url: "http://www.kb.cert.org/vuls/id/650937",
                  },
                  {
                     name: "http://security.e-matters.de/advisories/012003.html",
                     refsource: "MISC",
                     url: "http://security.e-matters.de/advisories/012003.html",
                  },
                  {
                     name: "CA-2003-02",
                     refsource: "CERT",
                     url: "http://www.cert.org/advisories/CA-2003-02.html",
                  },
                  {
                     name: "N-032",
                     refsource: "CIAC",
                     url: "http://www.ciac.org/ciac/bulletins/n-032.shtml",
                  },
                  {
                     name: "20030120 Advisory 01/2003: CVS remote vulnerability",
                     refsource: "VULNWATCH",
                     url: "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2003-0015",
      datePublished: "2004-09-01T04:00:00",
      dateReserved: "2003-01-07T00:00:00",
      dateUpdated: "2024-08-08T01:36:25.368Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-1471
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:53
Severity ?
Summary
Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:53:23.983Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://security.e-matters.de/advisories/092004.html",
               },
               {
                  name: "10499",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/10499",
               },
               {
                  name: "FreeBSD-SA-04:14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FREEBSD",
                     "x_transferred",
                  ],
                  url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:14.cvs.asc",
               },
               {
                  name: "cvs-wrapper-format-string(16365)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16365",
               },
               {
                  name: "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-06-09T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-07-10T14:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://security.e-matters.de/advisories/092004.html",
            },
            {
               name: "10499",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/10499",
            },
            {
               name: "FreeBSD-SA-04:14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
               ],
               url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:14.cvs.asc",
            },
            {
               name: "cvs-wrapper-format-string(16365)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16365",
            },
            {
               name: "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-1471",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://security.e-matters.de/advisories/092004.html",
                     refsource: "MISC",
                     url: "http://security.e-matters.de/advisories/092004.html",
                  },
                  {
                     name: "10499",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/10499",
                  },
                  {
                     name: "FreeBSD-SA-04:14",
                     refsource: "FREEBSD",
                     url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:14.cvs.asc",
                  },
                  {
                     name: "cvs-wrapper-format-string(16365)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16365",
                  },
                  {
                     name: "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
                     refsource: "FULLDISC",
                     url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-1471",
      datePublished: "2005-02-13T05:00:00",
      dateReserved: "2005-02-13T00:00:00",
      dateUpdated: "2024-08-08T00:53:23.983Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-0396
Vulnerability from cvelistv5
Published
2004-05-20 04:00
Modified
2024-08-08 00:17
Severity ?
Summary
Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.
References
http://secunia.com/advisories/11641third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/11652third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A970vdb-entry, signature, x_refsource_OVAL
http://marc.info/?l=bugtraq&m=108500040719512&w=2mailing-list, x_refsource_BUGTRAQ
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9058vdb-entry, signature, x_refsource_OVAL
http://www.mandriva.com/security/advisories?name=MDKSA-2004:048vendor-advisory, x_refsource_MANDRAKE
http://cert.uni-stuttgart.de/archive/bugtraq/2004/05/msg00219.htmlmailing-list, x_refsource_BUGTRAQ
http://marc.info/?l=openbsd-security-announce&m=108508894405639&w=2vendor-advisory, x_refsource_OPENBSD
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.ascvendor-advisory, x_refsource_FREEBSD
http://www.redhat.com/support/errata/RHSA-2004-190.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/11674third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200405-12.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/11651third-party-advisory, x_refsource_SECUNIA
http://www.osvdb.org/6305vdb-entry, x_refsource_OSVDB
http://www.us-cert.gov/cas/techalerts/TA04-147A.htmlthird-party-advisory, x_refsource_CERT
http://www.ciac.org/ciac/bulletins/o-147.shtmlthird-party-advisory, government-resource, x_refsource_CIAC
http://marc.info/?l=bugtraq&m=108498454829020&w=2mailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/11647third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=108636445031613&w=2vendor-advisory, x_refsource_FEDORA
http://www.kb.cert.org/vuls/id/192038third-party-advisory, x_refsource_CERT-VN
http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0980.htmlmailing-list, x_refsource_FULLDISC
http://www.debian.org/security/2004/dsa-505vendor-advisory, x_refsource_DEBIAN
https://exchange.xforce.ibmcloud.com/vulnerabilities/16193vdb-entry, x_refsource_XF
http://security.e-matters.de/advisories/072004.htmlx_refsource_MISC
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.395865vendor-advisory, x_refsource_SLACKWARE
ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-008.txt.ascvendor-advisory, x_refsource_NETBSD
http://www.securityfocus.com/bid/10384vdb-entry, x_refsource_BID
http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021742.htmlvendor-advisory, x_refsource_SUSE
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:17:14.626Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "11641",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/11641",
               },
               {
                  name: "11652",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/11652",
               },
               {
                  name: "oval:org.mitre.oval:def:970",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A970",
               },
               {
                  name: "20040519 [OpenPKG-SA-2004.022] OpenPKG Security Advisory (cvs)",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=108500040719512&w=2",
               },
               {
                  name: "oval:org.mitre.oval:def:9058",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9058",
               },
               {
                  name: "MDKSA-2004:048",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRAKE",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:048",
               },
               {
                  name: "20040519 Advisory 07/2004: CVS remote vulnerability",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://cert.uni-stuttgart.de/archive/bugtraq/2004/05/msg00219.html",
               },
               {
                  name: "20040520 cvs server buffer overflow vulnerability",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_OPENBSD",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=openbsd-security-announce&m=108508894405639&w=2",
               },
               {
                  name: "FreeBSD-SA-04:10",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FREEBSD",
                     "x_transferred",
                  ],
                  url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc",
               },
               {
                  name: "RHSA-2004:190",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2004-190.html",
               },
               {
                  name: "11674",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/11674",
               },
               {
                  name: "GLSA-200405-12",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-200405-12.xml",
               },
               {
                  name: "11651",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/11651",
               },
               {
                  name: "6305",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://www.osvdb.org/6305",
               },
               {
                  name: "TA04-147A",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT",
                     "x_transferred",
                  ],
                  url: "http://www.us-cert.gov/cas/techalerts/TA04-147A.html",
               },
               {
                  name: "O-147",
                  tags: [
                     "third-party-advisory",
                     "government-resource",
                     "x_refsource_CIAC",
                     "x_transferred",
                  ],
                  url: "http://www.ciac.org/ciac/bulletins/o-147.shtml",
               },
               {
                  name: "20040519 Advisory 07/2004: CVS remote vulnerability",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=108498454829020&w=2",
               },
               {
                  name: "11647",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/11647",
               },
               {
                  name: "FEDORA-2004-1620",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=108636445031613&w=2",
               },
               {
                  name: "VU#192038",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/192038",
               },
               {
                  name: "20040519 Advisory 07/2004: CVS remote vulnerability",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0980.html",
               },
               {
                  name: "DSA-505",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2004/dsa-505",
               },
               {
                  name: "cvs-entry-line-bo(16193)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16193",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://security.e-matters.de/advisories/072004.html",
               },
               {
                  name: "SSA:2004-140-01",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SLACKWARE",
                     "x_transferred",
                  ],
                  url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.395865",
               },
               {
                  name: "NetBSD-SA2004-008",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_NETBSD",
                     "x_transferred",
                  ],
                  url: "ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-008.txt.asc",
               },
               {
                  name: "10384",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/10384",
               },
               {
                  name: "SuSE-SA:2004:013",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021742.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-05-19T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "11641",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/11641",
            },
            {
               name: "11652",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/11652",
            },
            {
               name: "oval:org.mitre.oval:def:970",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A970",
            },
            {
               name: "20040519 [OpenPKG-SA-2004.022] OpenPKG Security Advisory (cvs)",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://marc.info/?l=bugtraq&m=108500040719512&w=2",
            },
            {
               name: "oval:org.mitre.oval:def:9058",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9058",
            },
            {
               name: "MDKSA-2004:048",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:048",
            },
            {
               name: "20040519 Advisory 07/2004: CVS remote vulnerability",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://cert.uni-stuttgart.de/archive/bugtraq/2004/05/msg00219.html",
            },
            {
               name: "20040520 cvs server buffer overflow vulnerability",
               tags: [
                  "vendor-advisory",
                  "x_refsource_OPENBSD",
               ],
               url: "http://marc.info/?l=openbsd-security-announce&m=108508894405639&w=2",
            },
            {
               name: "FreeBSD-SA-04:10",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
               ],
               url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc",
            },
            {
               name: "RHSA-2004:190",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2004-190.html",
            },
            {
               name: "11674",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/11674",
            },
            {
               name: "GLSA-200405-12",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-200405-12.xml",
            },
            {
               name: "11651",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/11651",
            },
            {
               name: "6305",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://www.osvdb.org/6305",
            },
            {
               name: "TA04-147A",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT",
               ],
               url: "http://www.us-cert.gov/cas/techalerts/TA04-147A.html",
            },
            {
               name: "O-147",
               tags: [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
               ],
               url: "http://www.ciac.org/ciac/bulletins/o-147.shtml",
            },
            {
               name: "20040519 Advisory 07/2004: CVS remote vulnerability",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://marc.info/?l=bugtraq&m=108498454829020&w=2",
            },
            {
               name: "11647",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/11647",
            },
            {
               name: "FEDORA-2004-1620",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://marc.info/?l=bugtraq&m=108636445031613&w=2",
            },
            {
               name: "VU#192038",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "http://www.kb.cert.org/vuls/id/192038",
            },
            {
               name: "20040519 Advisory 07/2004: CVS remote vulnerability",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0980.html",
            },
            {
               name: "DSA-505",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2004/dsa-505",
            },
            {
               name: "cvs-entry-line-bo(16193)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16193",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://security.e-matters.de/advisories/072004.html",
            },
            {
               name: "SSA:2004-140-01",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SLACKWARE",
               ],
               url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.395865",
            },
            {
               name: "NetBSD-SA2004-008",
               tags: [
                  "vendor-advisory",
                  "x_refsource_NETBSD",
               ],
               url: "ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-008.txt.asc",
            },
            {
               name: "10384",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/10384",
            },
            {
               name: "SuSE-SA:2004:013",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021742.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-0396",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "11641",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/11641",
                  },
                  {
                     name: "11652",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/11652",
                  },
                  {
                     name: "oval:org.mitre.oval:def:970",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A970",
                  },
                  {
                     name: "20040519 [OpenPKG-SA-2004.022] OpenPKG Security Advisory (cvs)",
                     refsource: "BUGTRAQ",
                     url: "http://marc.info/?l=bugtraq&m=108500040719512&w=2",
                  },
                  {
                     name: "oval:org.mitre.oval:def:9058",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9058",
                  },
                  {
                     name: "MDKSA-2004:048",
                     refsource: "MANDRAKE",
                     url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:048",
                  },
                  {
                     name: "20040519 Advisory 07/2004: CVS remote vulnerability",
                     refsource: "BUGTRAQ",
                     url: "http://cert.uni-stuttgart.de/archive/bugtraq/2004/05/msg00219.html",
                  },
                  {
                     name: "20040520 cvs server buffer overflow vulnerability",
                     refsource: "OPENBSD",
                     url: "http://marc.info/?l=openbsd-security-announce&m=108508894405639&w=2",
                  },
                  {
                     name: "FreeBSD-SA-04:10",
                     refsource: "FREEBSD",
                     url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc",
                  },
                  {
                     name: "RHSA-2004:190",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2004-190.html",
                  },
                  {
                     name: "11674",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/11674",
                  },
                  {
                     name: "GLSA-200405-12",
                     refsource: "GENTOO",
                     url: "http://security.gentoo.org/glsa/glsa-200405-12.xml",
                  },
                  {
                     name: "11651",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/11651",
                  },
                  {
                     name: "6305",
                     refsource: "OSVDB",
                     url: "http://www.osvdb.org/6305",
                  },
                  {
                     name: "TA04-147A",
                     refsource: "CERT",
                     url: "http://www.us-cert.gov/cas/techalerts/TA04-147A.html",
                  },
                  {
                     name: "O-147",
                     refsource: "CIAC",
                     url: "http://www.ciac.org/ciac/bulletins/o-147.shtml",
                  },
                  {
                     name: "20040519 Advisory 07/2004: CVS remote vulnerability",
                     refsource: "BUGTRAQ",
                     url: "http://marc.info/?l=bugtraq&m=108498454829020&w=2",
                  },
                  {
                     name: "11647",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/11647",
                  },
                  {
                     name: "FEDORA-2004-1620",
                     refsource: "FEDORA",
                     url: "http://marc.info/?l=bugtraq&m=108636445031613&w=2",
                  },
                  {
                     name: "VU#192038",
                     refsource: "CERT-VN",
                     url: "http://www.kb.cert.org/vuls/id/192038",
                  },
                  {
                     name: "20040519 Advisory 07/2004: CVS remote vulnerability",
                     refsource: "FULLDISC",
                     url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0980.html",
                  },
                  {
                     name: "DSA-505",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2004/dsa-505",
                  },
                  {
                     name: "cvs-entry-line-bo(16193)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16193",
                  },
                  {
                     name: "http://security.e-matters.de/advisories/072004.html",
                     refsource: "MISC",
                     url: "http://security.e-matters.de/advisories/072004.html",
                  },
                  {
                     name: "SSA:2004-140-01",
                     refsource: "SLACKWARE",
                     url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.395865",
                  },
                  {
                     name: "NetBSD-SA2004-008",
                     refsource: "NETBSD",
                     url: "ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-008.txt.asc",
                  },
                  {
                     name: "10384",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/10384",
                  },
                  {
                     name: "SuSE-SA:2004:013",
                     refsource: "SUSE",
                     url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021742.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-0396",
      datePublished: "2004-05-20T04:00:00",
      dateReserved: "2004-04-13T00:00:00",
      dateUpdated: "2024-08-08T00:17:14.626Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-0405
Vulnerability from cvelistv5
Published
2004-04-17 04:00
Modified
2024-08-08 00:17
Severity ?
Summary
CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:17:14.607Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "oval:org.mitre.oval:def:1060",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1060",
               },
               {
                  name: "cvs-dotdot-directory-traversal(15891)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15891",
               },
               {
                  name: "DSA-486",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2004/dsa-486",
               },
               {
                  name: "SSA:2004-108-02",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SLACKWARE",
                     "x_transferred",
                  ],
                  url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.400181",
               },
               {
                  name: "20040404-01-U",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SGI",
                     "x_transferred",
                  ],
                  url: "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc",
               },
               {
                  name: "FreeBSD-SA-04:07",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FREEBSD",
                     "x_transferred",
                  ],
                  url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc",
               },
               {
                  name: "GLSA-200404-13",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-200404-13.xml",
               },
               {
                  name: "oval:org.mitre.oval:def:10818",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10818",
               },
               {
                  name: "FEDORA-2004-1620",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=108636445031613&w=2",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-04-14T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "oval:org.mitre.oval:def:1060",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1060",
            },
            {
               name: "cvs-dotdot-directory-traversal(15891)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15891",
            },
            {
               name: "DSA-486",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2004/dsa-486",
            },
            {
               name: "SSA:2004-108-02",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SLACKWARE",
               ],
               url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.400181",
            },
            {
               name: "20040404-01-U",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SGI",
               ],
               url: "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc",
            },
            {
               name: "FreeBSD-SA-04:07",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
               ],
               url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc",
            },
            {
               name: "GLSA-200404-13",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-200404-13.xml",
            },
            {
               name: "oval:org.mitre.oval:def:10818",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10818",
            },
            {
               name: "FEDORA-2004-1620",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://marc.info/?l=bugtraq&m=108636445031613&w=2",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-0405",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "oval:org.mitre.oval:def:1060",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1060",
                  },
                  {
                     name: "cvs-dotdot-directory-traversal(15891)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15891",
                  },
                  {
                     name: "DSA-486",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2004/dsa-486",
                  },
                  {
                     name: "SSA:2004-108-02",
                     refsource: "SLACKWARE",
                     url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.400181",
                  },
                  {
                     name: "20040404-01-U",
                     refsource: "SGI",
                     url: "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc",
                  },
                  {
                     name: "FreeBSD-SA-04:07",
                     refsource: "FREEBSD",
                     url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc",
                  },
                  {
                     name: "GLSA-200404-13",
                     refsource: "GENTOO",
                     url: "http://security.gentoo.org/glsa/glsa-200404-13.xml",
                  },
                  {
                     name: "oval:org.mitre.oval:def:10818",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10818",
                  },
                  {
                     name: "FEDORA-2004-1620",
                     refsource: "FEDORA",
                     url: "http://marc.info/?l=bugtraq&m=108636445031613&w=2",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-0405",
      datePublished: "2004-04-17T04:00:00",
      dateReserved: "2004-04-16T00:00:00",
      dateUpdated: "2024-08-08T00:17:14.607Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-0753
Vulnerability from cvelistv5
Published
2005-04-21 04:00
Modified
2024-08-07 21:28
Severity ?
Summary
Buffer overflow in CVS before 1.11.20 allows remote attackers to execute arbitrary code.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T21:28:27.168Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://bugs.gentoo.org/attachment.cgi?id=54352&action=view",
               },
               {
                  name: "DSA-742",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2005/dsa-742",
               },
               {
                  name: "oval:org.mitre.oval:def:9688",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9688",
               },
               {
                  name: "cvs-bo(20148)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20148",
               },
               {
                  name: "SUSE-SA:2005:024",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2005_24_cvs.html",
               },
               {
                  name: "GLSA-200504-16",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200504-16.xml",
               },
               {
                  name: "14976",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/14976/",
               },
               {
                  name: "RHSA-2005:387",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-387.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-04-18T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Buffer overflow in CVS before 1.11.20 allows remote attackers to execute arbitrary code.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://bugs.gentoo.org/attachment.cgi?id=54352&action=view",
            },
            {
               name: "DSA-742",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2005/dsa-742",
            },
            {
               name: "oval:org.mitre.oval:def:9688",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9688",
            },
            {
               name: "cvs-bo(20148)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20148",
            },
            {
               name: "SUSE-SA:2005:024",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2005_24_cvs.html",
            },
            {
               name: "GLSA-200504-16",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200504-16.xml",
            },
            {
               name: "14976",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/14976/",
            },
            {
               name: "RHSA-2005:387",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-387.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2005-0753",
      datePublished: "2005-04-21T04:00:00",
      dateReserved: "2005-03-17T00:00:00",
      dateUpdated: "2024-08-07T21:28:27.168Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-2693
Vulnerability from cvelistv5
Published
2005-08-25 04:00
Modified
2024-08-07 22:45
Severity ?
Summary
cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T22:45:01.936Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "ADV-2005-1667",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2005/1667",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166366",
               },
               {
                  name: "FreeBSD-SA-05:20",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FREEBSD",
                     "x_transferred",
                  ],
                  url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:20.cvsbug.asc",
               },
               {
                  name: "RHSA-2005:756",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-756.html",
               },
               {
                  name: "16765",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/16765",
               },
               {
                  name: "1014857",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1014857",
               },
               {
                  name: "DSA-802",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2005/dsa-802",
               },
               {
                  name: "DSA-806",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2005/dsa-806",
               },
               {
                  name: "oval:org.mitre.oval:def:10835",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10835",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-08-19T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "ADV-2005-1667",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2005/1667",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166366",
            },
            {
               name: "FreeBSD-SA-05:20",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
               ],
               url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:20.cvsbug.asc",
            },
            {
               name: "RHSA-2005:756",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-756.html",
            },
            {
               name: "16765",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/16765",
            },
            {
               name: "1014857",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1014857",
            },
            {
               name: "DSA-802",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2005/dsa-802",
            },
            {
               name: "DSA-806",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2005/dsa-806",
            },
            {
               name: "oval:org.mitre.oval:def:10835",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10835",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2005-2693",
      datePublished: "2005-08-25T04:00:00",
      dateReserved: "2005-08-25T00:00:00",
      dateUpdated: "2024-08-07T22:45:01.936Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2000-0680
Vulnerability from cvelistv5
Published
2000-09-21 04:00
Modified
2024-08-08 05:28
Severity ?
Summary
The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T05:28:40.711Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20000728 cvs security problem",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org",
               },
               {
                  name: "1524",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/1524",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2000-07-28T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2005-11-02T10:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "20000728 cvs security problem",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org",
            },
            {
               name: "1524",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/1524",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2000-0680",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20000728 cvs security problem",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org",
                  },
                  {
                     name: "1524",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/1524",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2000-0680",
      datePublished: "2000-09-21T04:00:00",
      dateReserved: "2000-09-19T00:00:00",
      dateUpdated: "2024-08-08T05:28:40.711Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2000-0338
Vulnerability from cvelistv5
Published
2000-10-13 04:00
Modified
2024-08-08 05:14
Severity ?
Summary
Concurrent Versions Software (CVS) uses predictable temporary file names for locking, which allows local users to cause a denial of service by creating the lock directory before it is created for use by a legitimate CVS user.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T05:14:21.271Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20000423 CVS DoS",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D20000423174038.A520%40clico.pl",
               },
               {
                  name: "1136",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/1136",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2000-04-23T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Concurrent Versions Software (CVS) uses predictable temporary file names for locking, which allows local users to cause a denial of service by creating the lock directory before it is created for use by a legitimate CVS user.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2005-11-02T10:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "20000423 CVS DoS",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D20000423174038.A520%40clico.pl",
            },
            {
               name: "1136",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/1136",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2000-0338",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Concurrent Versions Software (CVS) uses predictable temporary file names for locking, which allows local users to cause a denial of service by creating the lock directory before it is created for use by a legitimate CVS user.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20000423 CVS DoS",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D20000423174038.A520%40clico.pl",
                  },
                  {
                     name: "1136",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/1136",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2000-0338",
      datePublished: "2000-10-13T04:00:00",
      dateReserved: "2000-05-11T00:00:00",
      dateUpdated: "2024-08-08T05:14:21.271Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-1343
Vulnerability from cvelistv5
Published
2005-04-27 04:00
Modified
2024-09-17 02:01
Severity ?
Summary
CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash).
References
http://www.debian.org/security/2005/dsa-715vendor-advisory, x_refsource_DEBIAN
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:46:12.326Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "DSA-715",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2005/dsa-715",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2005-04-27T04:00:00Z",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "DSA-715",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2005/dsa-715",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-1343",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash).",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "DSA-715",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2005/dsa-715",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-1343",
      datePublished: "2005-04-27T04:00:00Z",
      dateReserved: "2005-01-06T00:00:00Z",
      dateUpdated: "2024-09-17T02:01:39.656Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

var-201011-0260
Vulnerability from variot

Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow. Concurrent Versions System is an open source version control system. Enticing users to examine specially constructed files can trigger a heap-based buffer overflow. CVS is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer. A local attacker can exploit this issue by storing a malicious RCS file in the CVS repository, and enticing an unsuspecting user to update their CVS repository tree with the file. Successful exploitation allows the attacker to execute arbitrary code with the privileges of the user running the vulnerable application. Failed attempts will result in denial-of-service conditions. ----------------------------------------------------------------------

Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.

Join the beta: http://secunia.com/products/corporate/vim/

TITLE: CVS Delta Fragment Array Indexing Vulnerability

SECUNIA ADVISORY ID: SA41079

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41079/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41079

RELEASE DATE: 2010-10-29

DISCUSS ADVISORY: http://secunia.com/advisories/41079/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/41079/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=41079

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: A vulnerability has been reported in CVS, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is reported in version 1.11.23. Other versions may also be affected.

SOLUTION: Fixed in the CVS repository.

PROVIDED AND/OR DISCOVERED BY: Red Hat credits Ralph Loader

ORIGINAL ADVISORY: CVS: http://cvs.savannah.gnu.org/viewvc/cvs/ccvs/src/rcs.c?r1=1.262.4.65&r2=1.262.4.66&sortby=rev

Red Hat: https://bugzilla.redhat.com/show_bug.cgi?id=642146

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.

For more information: SA41079

SOLUTION: Apply updated packages via the yum utility ("yum update cvs")

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-201011-0260",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "cvs",
            scope: "eq",
            trust: 1.7,
            vendor: "cvs",
            version: "1.11.23",
         },
         {
            model: "cvs",
            scope: "eq",
            trust: 1.6,
            vendor: "nongnu",
            version: "1.11.23",
         },
         {
            model: "enterprise linux desktop",
            scope: "eq",
            trust: 0.8,
            vendor: "red hat",
            version: "6",
         },
         {
            model: "enterprise linux hpc node",
            scope: "eq",
            trust: 0.8,
            vendor: "red hat",
            version: "6",
         },
         {
            model: "enterprise linux server",
            scope: "eq",
            trust: 0.8,
            vendor: "red hat",
            version: "6",
         },
         {
            model: "enterprise linux workstation",
            scope: "eq",
            trust: 0.8,
            vendor: "red hat",
            version: "6",
         },
         {
            model: "enterprise linux workstation",
            scope: "eq",
            trust: 0.3,
            vendor: "redhat",
            version: "6",
         },
         {
            model: "enterprise linux server",
            scope: "eq",
            trust: 0.3,
            vendor: "redhat",
            version: "6",
         },
         {
            model: "enterprise linux hpc node",
            scope: "eq",
            trust: 0.3,
            vendor: "redhat",
            version: "6",
         },
         {
            model: "enterprise linux desktop",
            scope: "eq",
            trust: 0.3,
            vendor: "redhat",
            version: "6",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2010-2595",
         },
         {
            db: "BID",
            id: "44528",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2010-002534",
         },
         {
            db: "NVD",
            id: "CVE-2010-3846",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201011-046",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:nongnu:cvs:1.11.23:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2010-3846",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Jan Lieskovsky",
      sources: [
         {
            db: "BID",
            id: "44528",
         },
      ],
      trust: 0.3,
   },
   cve: "CVE-2010-3846",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "MEDIUM",
                  accessVector: "LOCAL",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "COMPLETE",
                  baseScore: 6.9,
                  confidentialityImpact: "COMPLETE",
                  exploitabilityScore: 3.4,
                  impactScore: 10,
                  integrityImpact: "COMPLETE",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "MEDIUM",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Medium",
                  accessVector: "Local",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Complete",
                  baseScore: 6.9,
                  confidentialityImpact: "Complete",
                  exploitabilityScore: null,
                  id: "CVE-2010-3846",
                  impactScore: null,
                  integrityImpact: "Complete",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C",
                  version: "2.0",
               },
            ],
            cvssV3: [],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2010-3846",
                  trust: 1.8,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-201011-046",
                  trust: 0.6,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2010-002534",
         },
         {
            db: "NVD",
            id: "CVE-2010-3846",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201011-046",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow. Concurrent Versions System is an open source version control system. Enticing users to examine specially constructed files can trigger a heap-based buffer overflow. CVS is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer. \nA local attacker can exploit this issue by storing a malicious RCS file  in the CVS repository, and enticing an unsuspecting user to update their  CVS repository tree with the file. \nSuccessful exploitation allows  the attacker to execute arbitrary code with the privileges of the user  running the vulnerable application. Failed attempts will result in  denial-of-service conditions. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. \n\nJoin the beta: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nCVS Delta Fragment Array Indexing Vulnerability\n\nSECUNIA ADVISORY ID:\nSA41079\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/41079/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory&vuln_id=41079\n\nRELEASE DATE:\n2010-10-29\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/41079/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/41079/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory&vuln_id=41079\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in CVS, which can be exploited by\nmalicious, local users to gain escalated privileges. \n\nThe vulnerability is reported in version 1.11.23. Other versions may\nalso be affected. \n\nSOLUTION:\nFixed in the CVS repository. \n\nPROVIDED AND/OR DISCOVERED BY:\nRed Hat credits Ralph Loader\n\nORIGINAL ADVISORY:\nCVS:\nhttp://cvs.savannah.gnu.org/viewvc/cvs/ccvs/src/rcs.c?r1=1.262.4.65&r2=1.262.4.66&sortby=rev\n\nRed Hat:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=642146\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. This fixes a vulnerability,\nwhich can be exploited by malicious, local users to gain escalated\nprivileges. \n\nFor more information:\nSA41079\n\nSOLUTION:\nApply updated packages via the yum utility (\"yum update cvs\")",
      sources: [
         {
            db: "NVD",
            id: "CVE-2010-3846",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2010-002534",
         },
         {
            db: "CNVD",
            id: "CNVD-2010-2595",
         },
         {
            db: "BID",
            id: "44528",
         },
         {
            db: "PACKETSTORM",
            id: "95293",
         },
         {
            db: "PACKETSTORM",
            id: "96222",
         },
         {
            db: "PACKETSTORM",
            id: "95295",
         },
      ],
      trust: 2.7,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2010-3846",
            trust: 3.3,
         },
         {
            db: "SECUNIA",
            id: "41079",
            trust: 3.1,
         },
         {
            db: "BID",
            id: "44528",
            trust: 2.7,
         },
         {
            db: "SECUNIA",
            id: "42409",
            trust: 2.5,
         },
         {
            db: "SECTRACK",
            id: "1024795",
            trust: 2.4,
         },
         {
            db: "VUPEN",
            id: "ADV-2010-2845",
            trust: 2.4,
         },
         {
            db: "VUPEN",
            id: "ADV-2010-3080",
            trust: 2.4,
         },
         {
            db: "OSVDB",
            id: "68952",
            trust: 2.4,
         },
         {
            db: "SECUNIA",
            id: "42041",
            trust: 1.7,
         },
         {
            db: "VUPEN",
            id: "ADV-2010-2846",
            trust: 1.6,
         },
         {
            db: "VUPEN",
            id: "ADV-2010-2869",
            trust: 1.6,
         },
         {
            db: "VUPEN",
            id: "ADV-2010-2899",
            trust: 1.6,
         },
         {
            db: "XF",
            id: "62858",
            trust: 0.8,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2010-002534",
            trust: 0.8,
         },
         {
            db: "CNVD",
            id: "CNVD-2010-2595",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-201011-046",
            trust: 0.6,
         },
         {
            db: "PACKETSTORM",
            id: "95293",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "96222",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "95295",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2010-2595",
         },
         {
            db: "BID",
            id: "44528",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2010-002534",
         },
         {
            db: "PACKETSTORM",
            id: "95293",
         },
         {
            db: "PACKETSTORM",
            id: "96222",
         },
         {
            db: "PACKETSTORM",
            id: "95295",
         },
         {
            db: "NVD",
            id: "CVE-2010-3846",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201011-046",
         },
      ],
   },
   id: "VAR-201011-0260",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2010-2595",
         },
      ],
      trust: 0.06,
   },
   iot_taxonomy: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            category: [
               "ICS",
            ],
            sub_category: null,
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2010-2595",
         },
      ],
   },
   last_update_date: "2023-12-18T13:20:19.071000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://savannah.nongnu.org/projects/cvs/",
         },
         {
            title: "RHSA-2010:0918",
            trust: 0.8,
            url: "https://rhn.redhat.com/errata/rhsa-2010-0918.html",
         },
         {
            title: "Patch for CVS Delta Fragment Array Indexing Vulnerability",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/1552",
         },
         {
            title: "FreeBSD CVSweb Buffer error vulnerability fix",
            trust: 0.6,
            url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=234755",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2010-2595",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2010-002534",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201011-046",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-119",
            trust: 1.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2010-002534",
         },
         {
            db: "NVD",
            id: "CVE-2010-3846",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2.4,
            url: "http://www.osvdb.org/68952",
         },
         {
            trust: 2.4,
            url: "http://secunia.com/advisories/41079",
         },
         {
            trust: 2.4,
            url: "http://secunia.com/advisories/42409",
         },
         {
            trust: 2.4,
            url: "http://www.securityfocus.com/bid/44528",
         },
         {
            trust: 2.4,
            url: "http://www.securitytracker.com/id?1024795",
         },
         {
            trust: 2.4,
            url: "http://www.vupen.com/english/advisories/2010/2845",
         },
         {
            trust: 2.4,
            url: "http://www.vupen.com/english/advisories/2010/3080",
         },
         {
            trust: 2,
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=642146",
         },
         {
            trust: 1.7,
            url: "http://cvs.savannah.gnu.org/viewvc/cvs/ccvs/src/rcs.c?r1=1.262.4.65&r2=1.262.4.66&sortby=rev",
         },
         {
            trust: 1.7,
            url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-october/050090.html",
         },
         {
            trust: 1.6,
            url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-november/050212.html",
         },
         {
            trust: 1.6,
            url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-november/050287.html",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/42041",
         },
         {
            trust: 1.6,
            url: "http://www.redhat.com/support/errata/rhsa-2010-0918.html",
         },
         {
            trust: 1.6,
            url: "http://www.vupen.com/english/advisories/2010/2846",
         },
         {
            trust: 1.6,
            url: "http://www.vupen.com/english/advisories/2010/2869",
         },
         {
            trust: 1.6,
            url: "http://www.vupen.com/english/advisories/2010/2899",
         },
         {
            trust: 1.6,
            url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/62858",
         },
         {
            trust: 0.8,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3846",
         },
         {
            trust: 0.8,
            url: "http://xforce.iss.net/xforce/xfdb/62858",
         },
         {
            trust: 0.8,
            url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3846",
         },
         {
            trust: 0.7,
            url: "http://secunia.com/advisories/41079/",
         },
         {
            trust: 0.6,
            url: "https://access.redhat.com/errata/rhsa-2010:0918",
         },
         {
            trust: 0.6,
            url: "https://access.redhat.com/security/cve/cve-2010-3846",
         },
         {
            trust: 0.3,
            url: "http://www.cvshome.org/eng/",
         },
         {
            trust: 0.3,
            url: "http://secunia.com/products/corporate/evm/",
         },
         {
            trust: 0.3,
            url: "http://secunia.com/advisories/secunia_security_advisories/",
         },
         {
            trust: 0.3,
            url: "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/",
         },
         {
            trust: 0.3,
            url: "http://secunia.com/products/corporate/vim/",
         },
         {
            trust: 0.3,
            url: "http://secunia.com/vulnerability_scanning/personal/",
         },
         {
            trust: 0.3,
            url: "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org",
         },
         {
            trust: 0.3,
            url: "http://secunia.com/advisories/about_secunia_advisories/",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/advisories/41079/#comments",
         },
         {
            trust: 0.1,
            url: "https://ca.secunia.com/?page=viewadvisory&vuln_id=41079",
         },
         {
            trust: 0.1,
            url: "https://rhn.redhat.com/errata/rhsa-2010-0918.html",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/advisories/42409/#comments",
         },
         {
            trust: 0.1,
            url: "https://ca.secunia.com/?page=viewadvisory&vuln_id=42409",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/advisories/42409/",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/advisories/42041/#comments",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/advisories/42041/",
         },
         {
            trust: 0.1,
            url: "https://ca.secunia.com/?page=viewadvisory&vuln_id=42041",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2010-2595",
         },
         {
            db: "BID",
            id: "44528",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2010-002534",
         },
         {
            db: "PACKETSTORM",
            id: "95293",
         },
         {
            db: "PACKETSTORM",
            id: "96222",
         },
         {
            db: "PACKETSTORM",
            id: "95295",
         },
         {
            db: "NVD",
            id: "CVE-2010-3846",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201011-046",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CNVD",
            id: "CNVD-2010-2595",
         },
         {
            db: "BID",
            id: "44528",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2010-002534",
         },
         {
            db: "PACKETSTORM",
            id: "95293",
         },
         {
            db: "PACKETSTORM",
            id: "96222",
         },
         {
            db: "PACKETSTORM",
            id: "95295",
         },
         {
            db: "NVD",
            id: "CVE-2010-3846",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201011-046",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2010-11-02T00:00:00",
            db: "CNVD",
            id: "CNVD-2010-2595",
         },
         {
            date: "2010-10-28T00:00:00",
            db: "BID",
            id: "44528",
         },
         {
            date: "2010-12-21T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2010-002534",
         },
         {
            date: "2010-11-01T01:34:47",
            db: "PACKETSTORM",
            id: "95293",
         },
         {
            date: "2010-11-30T05:50:29",
            db: "PACKETSTORM",
            id: "96222",
         },
         {
            date: "2010-11-01T01:34:52",
            db: "PACKETSTORM",
            id: "95295",
         },
         {
            date: "2010-11-05T17:00:02.530000",
            db: "NVD",
            id: "CVE-2010-3846",
         },
         {
            date: "2010-11-09T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201011-046",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2010-11-02T00:00:00",
            db: "CNVD",
            id: "CNVD-2010-2595",
         },
         {
            date: "2015-04-13T21:59:00",
            db: "BID",
            id: "44528",
         },
         {
            date: "2010-12-21T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2010-002534",
         },
         {
            date: "2023-02-13T04:26:00.547000",
            db: "NVD",
            id: "CVE-2010-3846",
         },
         {
            date: "2023-04-25T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201011-046",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "local",
      sources: [
         {
            db: "PACKETSTORM",
            id: "95293",
         },
         {
            db: "PACKETSTORM",
            id: "96222",
         },
         {
            db: "PACKETSTORM",
            id: "95295",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201011-046",
         },
      ],
      trust: 0.9,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "CVS of  rcs.c Is in  apply_rcs_change Elevation of privilege vulnerability in functions",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2010-002534",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "buffer error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201011-046",
         },
      ],
      trust: 0.6,
   },
}