Search criteria
59 vulnerabilities found for cvs by cvs
VAR-201011-0260
Vulnerability from variot - Updated: 2023-12-18 13:20Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow. Concurrent Versions System is an open source version control system. Enticing users to examine specially constructed files can trigger a heap-based buffer overflow. CVS is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer. A local attacker can exploit this issue by storing a malicious RCS file in the CVS repository, and enticing an unsuspecting user to update their CVS repository tree with the file. Successful exploitation allows the attacker to execute arbitrary code with the privileges of the user running the vulnerable application. Failed attempts will result in denial-of-service conditions. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta: http://secunia.com/products/corporate/vim/
TITLE: CVS Delta Fragment Array Indexing Vulnerability
SECUNIA ADVISORY ID: SA41079
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41079/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41079
RELEASE DATE: 2010-10-29
DISCUSS ADVISORY: http://secunia.com/advisories/41079/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/41079/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41079
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in CVS, which can be exploited by malicious, local users to gain escalated privileges.
The vulnerability is reported in version 1.11.23. Other versions may also be affected.
SOLUTION: Fixed in the CVS repository.
PROVIDED AND/OR DISCOVERED BY: Red Hat credits Ralph Loader
ORIGINAL ADVISORY: CVS: http://cvs.savannah.gnu.org/viewvc/cvs/ccvs/src/rcs.c?r1=1.262.4.65&r2=1.262.4.66&sortby=rev
Red Hat: https://bugzilla.redhat.com/show_bug.cgi?id=642146
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
For more information: SA41079
SOLUTION: Apply updated packages via the yum utility ("yum update cvs")
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201011-0260",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cvs",
"scope": "eq",
"trust": 1.7,
"vendor": "cvs",
"version": "1.11.23"
},
{
"model": "cvs",
"scope": "eq",
"trust": 1.6,
"vendor": "nongnu",
"version": "1.11.23"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-2595"
},
{
"db": "BID",
"id": "44528"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002534"
},
{
"db": "NVD",
"id": "CVE-2010-3846"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-046"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:nongnu:cvs:1.11.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-3846"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jan Lieskovsky",
"sources": [
{
"db": "BID",
"id": "44528"
}
],
"trust": 0.3
},
"cve": "CVE-2010-3846",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.9,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2010-3846",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2010-3846",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201011-046",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002534"
},
{
"db": "NVD",
"id": "CVE-2010-3846"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-046"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow. Concurrent Versions System is an open source version control system. Enticing users to examine specially constructed files can trigger a heap-based buffer overflow. CVS is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer. \nA local attacker can exploit this issue by storing a malicious RCS file in the CVS repository, and enticing an unsuspecting user to update their CVS repository tree with the file. \nSuccessful exploitation allows the attacker to execute arbitrary code with the privileges of the user running the vulnerable application. Failed attempts will result in denial-of-service conditions. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. \n\nJoin the beta: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nCVS Delta Fragment Array Indexing Vulnerability\n\nSECUNIA ADVISORY ID:\nSA41079\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/41079/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41079\n\nRELEASE DATE:\n2010-10-29\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/41079/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/41079/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41079\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in CVS, which can be exploited by\nmalicious, local users to gain escalated privileges. \n\nThe vulnerability is reported in version 1.11.23. Other versions may\nalso be affected. \n\nSOLUTION:\nFixed in the CVS repository. \n\nPROVIDED AND/OR DISCOVERED BY:\nRed Hat credits Ralph Loader\n\nORIGINAL ADVISORY:\nCVS:\nhttp://cvs.savannah.gnu.org/viewvc/cvs/ccvs/src/rcs.c?r1=1.262.4.65\u0026r2=1.262.4.66\u0026sortby=rev\n\nRed Hat:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=642146\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. This fixes a vulnerability,\nwhich can be exploited by malicious, local users to gain escalated\nprivileges. \n\nFor more information:\nSA41079\n\nSOLUTION:\nApply updated packages via the yum utility (\"yum update cvs\")",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-3846"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002534"
},
{
"db": "CNVD",
"id": "CNVD-2010-2595"
},
{
"db": "BID",
"id": "44528"
},
{
"db": "PACKETSTORM",
"id": "95293"
},
{
"db": "PACKETSTORM",
"id": "96222"
},
{
"db": "PACKETSTORM",
"id": "95295"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-3846",
"trust": 3.3
},
{
"db": "SECUNIA",
"id": "41079",
"trust": 3.1
},
{
"db": "BID",
"id": "44528",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "42409",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1024795",
"trust": 2.4
},
{
"db": "VUPEN",
"id": "ADV-2010-2845",
"trust": 2.4
},
{
"db": "VUPEN",
"id": "ADV-2010-3080",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "68952",
"trust": 2.4
},
{
"db": "SECUNIA",
"id": "42041",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-2846",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2010-2869",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2010-2899",
"trust": 1.6
},
{
"db": "XF",
"id": "62858",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002534",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2010-2595",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201011-046",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "95293",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "96222",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "95295",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-2595"
},
{
"db": "BID",
"id": "44528"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002534"
},
{
"db": "PACKETSTORM",
"id": "95293"
},
{
"db": "PACKETSTORM",
"id": "96222"
},
{
"db": "PACKETSTORM",
"id": "95295"
},
{
"db": "NVD",
"id": "CVE-2010-3846"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-046"
}
]
},
"id": "VAR-201011-0260",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-2595"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-2595"
}
]
},
"last_update_date": "2023-12-18T13:20:19.071000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://savannah.nongnu.org/projects/cvs/"
},
{
"title": "RHSA-2010:0918",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2010-0918.html"
},
{
"title": "Patch for CVS Delta Fragment Array Indexing Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/1552"
},
{
"title": "FreeBSD CVSweb Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=234755"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-2595"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002534"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-046"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002534"
},
{
"db": "NVD",
"id": "CVE-2010-3846"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.osvdb.org/68952"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/41079"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/42409"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/44528"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1024795"
},
{
"trust": 2.4,
"url": "http://www.vupen.com/english/advisories/2010/2845"
},
{
"trust": 2.4,
"url": "http://www.vupen.com/english/advisories/2010/3080"
},
{
"trust": 2.0,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=642146"
},
{
"trust": 1.7,
"url": "http://cvs.savannah.gnu.org/viewvc/cvs/ccvs/src/rcs.c?r1=1.262.4.65\u0026r2=1.262.4.66\u0026sortby=rev"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-october/050090.html"
},
{
"trust": 1.6,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-november/050212.html"
},
{
"trust": 1.6,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-november/050287.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/42041"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0918.html"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2010/2846"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2010/2869"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2010/2899"
},
{
"trust": 1.6,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62858"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3846"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/62858"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3846"
},
{
"trust": 0.7,
"url": "http://secunia.com/advisories/41079/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0918"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2010-3846"
},
{
"trust": 0.3,
"url": "http://www.cvshome.org/eng/"
},
{
"trust": 0.3,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.3,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.3,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.3,
"url": "http://secunia.com/products/corporate/vim/"
},
{
"trust": 0.3,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.3,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.3,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/41079/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41079"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2010-0918.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42409/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42409"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42409/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42041/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42041/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42041"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-2595"
},
{
"db": "BID",
"id": "44528"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002534"
},
{
"db": "PACKETSTORM",
"id": "95293"
},
{
"db": "PACKETSTORM",
"id": "96222"
},
{
"db": "PACKETSTORM",
"id": "95295"
},
{
"db": "NVD",
"id": "CVE-2010-3846"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-046"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-2595"
},
{
"db": "BID",
"id": "44528"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002534"
},
{
"db": "PACKETSTORM",
"id": "95293"
},
{
"db": "PACKETSTORM",
"id": "96222"
},
{
"db": "PACKETSTORM",
"id": "95295"
},
{
"db": "NVD",
"id": "CVE-2010-3846"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-046"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-11-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-2595"
},
{
"date": "2010-10-28T00:00:00",
"db": "BID",
"id": "44528"
},
{
"date": "2010-12-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002534"
},
{
"date": "2010-11-01T01:34:47",
"db": "PACKETSTORM",
"id": "95293"
},
{
"date": "2010-11-30T05:50:29",
"db": "PACKETSTORM",
"id": "96222"
},
{
"date": "2010-11-01T01:34:52",
"db": "PACKETSTORM",
"id": "95295"
},
{
"date": "2010-11-05T17:00:02.530000",
"db": "NVD",
"id": "CVE-2010-3846"
},
{
"date": "2010-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201011-046"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-11-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-2595"
},
{
"date": "2015-04-13T21:59:00",
"db": "BID",
"id": "44528"
},
{
"date": "2010-12-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002534"
},
{
"date": "2023-02-13T04:26:00.547000",
"db": "NVD",
"id": "CVE-2010-3846"
},
{
"date": "2023-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201011-046"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "PACKETSTORM",
"id": "95293"
},
{
"db": "PACKETSTORM",
"id": "96222"
},
{
"db": "PACKETSTORM",
"id": "95295"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-046"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CVS of rcs.c Is in apply_rcs_change Elevation of privilege vulnerability in functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002534"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201011-046"
}
],
"trust": 0.6
}
}
FKIE_CVE-2012-0804
Vulnerability from fkie_nvd - Published: 2012-05-29 20:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "36BFAB00-58EA-43B7-93FB-874EF4104C5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en la funcion proxy_connect en src/client.c en CVS v1.11 y v1.12 permite a los servidores proxy HTTP remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una respuesta HTTP manipulada."
}
],
"id": "CVE-2012-0804",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-05-29T20:55:06.867",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2012-02/msg00064.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0321.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47869"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48063"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48142"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/48150"
},
{
"source": "secalert@redhat.com",
"url": "http://ubuntu.com/usn/usn-1371-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2407"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:044"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/78987"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/51943"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1026719"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=784141"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73097"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/201701-44"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2012-02/msg00064.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0321.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-1371-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/78987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51943"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1026719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=784141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-44"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-2693
Vulnerability from fkie_nvd - Published: 2005-08-26 15:50 - Updated: 2025-04-03 01:03
Severity ?
Summary
cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.12:*:*:*:*:*:*:*",
"matchCriteriaId": "172E2DD8-4493-486E-AE72-A19ED2BE5EDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack."
}
],
"id": "CVE-2005-2693",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-08-26T15:50:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:20.cvsbug.asc"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/16765"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1014857"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2005/dsa-802"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2005/dsa-806"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2005-756.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2005/1667"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166366"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:20.cvsbug.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-756.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/1667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10835"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"lastModified": "2007-03-14T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-1342
Vulnerability from fkie_nvd - Published: 2005-04-27 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.debian.org/security/2005/dsa-715 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2005/dsa-715 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA94DE3-B1DA-40CC-BD60-291B0563500F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A305C6F7-35DA-48E2-B345-14671629226D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F7CA6E-7D45-46C9-A437-0D0C4D3F25CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "62135DD0-140D-42C2-9302-31B5E2DE1A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37B53C85-AA0E-40DD-B477-058586197714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1_p1:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D1234F-1BB0-432B-B7B7-A97E3ADD5561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D472B97-F7C2-4973-9D71-AB3CF1F8774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9D0DCF26-59A8-46AC-99D7-97C203A0D702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B31BAACA-7518-48D2-ADEE-F59F4569D3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2748A8-5047-4338-A08E-986497AE4B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "525C4E91-2186-4D3A-9DF0-1C6A75A3F919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EB231E7F-1A6F-4A79-8ED2-F6CAD311A5A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FF7105E4-25F8-4AE3-9EDD-D44BF3E17145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.14:*:*:*:*:*:*:*",
"matchCriteriaId": "7C22BAF3-7B9C-4B2E-B5C6-1F37B896C301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4AFFAE96-873A-4253-BCC7-1049DA81D9CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D1163535-583A-4504-BE7B-8919143CDF9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "36BFAB00-58EA-43B7-93FB-874EF4104C5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method."
}
],
"id": "CVE-2004-1342",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-04-27T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-715"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-0753
Vulnerability from fkie_nvd - Published: 2005-04-18 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Buffer overflow in CVS before 1.11.20 allows remote attackers to execute arbitrary code.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA94DE3-B1DA-40CC-BD60-291B0563500F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A305C6F7-35DA-48E2-B345-14671629226D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F7CA6E-7D45-46C9-A437-0D0C4D3F25CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "62135DD0-140D-42C2-9302-31B5E2DE1A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37B53C85-AA0E-40DD-B477-058586197714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1_p1:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D1234F-1BB0-432B-B7B7-A97E3ADD5561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D472B97-F7C2-4973-9D71-AB3CF1F8774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9D0DCF26-59A8-46AC-99D7-97C203A0D702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B31BAACA-7518-48D2-ADEE-F59F4569D3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2748A8-5047-4338-A08E-986497AE4B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "525C4E91-2186-4D3A-9DF0-1C6A75A3F919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EB231E7F-1A6F-4A79-8ED2-F6CAD311A5A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FF7105E4-25F8-4AE3-9EDD-D44BF3E17145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.14:*:*:*:*:*:*:*",
"matchCriteriaId": "7C22BAF3-7B9C-4B2E-B5C6-1F37B896C301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4AFFAE96-873A-4253-BCC7-1049DA81D9CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D1163535-583A-4504-BE7B-8919143CDF9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in CVS before 1.11.20 allows remote attackers to execute arbitrary code."
}
],
"id": "CVE-2005-0753",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-04-18T04:00:00.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://bugs.gentoo.org/attachment.cgi?id=54352\u0026action=view"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14976/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2005/dsa-742"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200504-16.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_24_cvs.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-387.html"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20148"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://bugs.gentoo.org/attachment.cgi?id=54352\u0026action=view"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14976/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200504-16.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_24_cvs.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-387.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9688"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-1471
Vulnerability from fkie_nvd - Published: 2004-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F7CA6E-7D45-46C9-A437-0D0C4D3F25CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "62135DD0-140D-42C2-9302-31B5E2DE1A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37B53C85-AA0E-40DD-B477-058586197714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1_p1:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D1234F-1BB0-432B-B7B7-A97E3ADD5561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D472B97-F7C2-4973-9D71-AB3CF1F8774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9D0DCF26-59A8-46AC-99D7-97C203A0D702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B31BAACA-7518-48D2-ADEE-F59F4569D3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2748A8-5047-4338-A08E-986497AE4B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "525C4E91-2186-4D3A-9DF0-1C6A75A3F919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EB231E7F-1A6F-4A79-8ED2-F6CAD311A5A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FF7105E4-25F8-4AE3-9EDD-D44BF3E17145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.14:*:*:*:*:*:*:*",
"matchCriteriaId": "7C22BAF3-7B9C-4B2E-B5C6-1F37B896C301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4AFFAE96-873A-4253-BCC7-1049DA81D9CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D1163535-583A-4504-BE7B-8919143CDF9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "766053F7-A174-4716-BF49-76B50FC79FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D2623F-167A-4976-B757-DAC4CCFAFE64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FAEC4477-D040-450E-A850-8B03C937A600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2848AA51-9AF1-448D-955F-50B5203F7229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7B66BE64-E340-4777-B877-483FEAA66988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "46B96764-9241-4586-9FA5-77D8D8EBE3BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48A4B336-2D5B-4D9B-AA87-E5266FED05BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:current:*:*:*:*:*:*:*",
"matchCriteriaId": "D342447B-5233-45FD-B1CF-8D84921402AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0702A32E-E577-403C-B4D9-15037D7100A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29DC217F-C257-4A3C-9CBD-08010C30BEC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:freebsd:freebsd:1.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C496B665-70DA-4B98-A5D1-E2935C0CE840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F098C1-D09E-49B4-9B51-E84B6C4EA6CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "34797660-41F5-4358-B70F-2A40DE48F182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "27C9E23D-AB82-4AE1-873E-C5493BB96AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4054D69F-596F-4EB4-BE9A-E2478343F55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CA26ABBE-9973-45FA-9E9B-82170B751219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7891202C-62AF-4590-9E5F-3514FDA2B38E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF8F9B2F-E898-4F87-A245-32A41748587B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "183667CA-6DF1-4BFB-AE32-9ABF55B7283A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EBDDEC3F-52EB-4E1E-84C4-B472600059EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B58E02AE-38B4-466E-BF73-2F0B80AF7BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3928D5CF-6FC0-434C-8A80-ABDBF346C2C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "314BA420-4C74-4060-8ACE-D7A7C041CF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2EAD7613-A5B3-4621-B981-290C7C6B8BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D1CA3337-9BEE-49C5-9EDE-8CDBE5580537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE38C50A-81FE-412E-9717-3672FAE6A6F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.0:releng:*:*:*:*:*:*",
"matchCriteriaId": "A0A3F7B6-2878-40C0-B59C-EBA8D171D2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "263F3734-7076-4EA8-B4C0-F37CFC4E979E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0419DD66-FF66-48BC-AD3B-F6AFD0551E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C3518628-08E5-4AD7-AAF6-A4E38F1CDE2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B982342C-1981-4C55-8044-AFE4D87623DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "47E02BE6-4800-4940-B269-385B66AC5077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.5:stable:*:*:*:*:*:*",
"matchCriteriaId": "0EB09993-B837-4352-B09D-3656F62638A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C283AD7-1C58-4CE8-A6CD-502FFE0B18BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.5.1:release:*:*:*:*:*:*",
"matchCriteriaId": "0361EA35-FBD7-4E8F-8625-C8100ED7BB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.5.1:stable:*:*:*:*:*:*",
"matchCriteriaId": "29EAA113-2404-4ABB-826B-3AA2AA858D02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A585A1-FF82-418F-90F8-072458DB7816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "E3F7EB61-55A5-4776-B0E7-3508920A6CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.0:releng:*:*:*:*:*:*",
"matchCriteriaId": "A442DE97-4485-4D95-B95D-58947585E455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE31DFF8-06AB-489D-A0C5-509C090283B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE1E3D8-2BB1-4FFA-9BC9-7AF347D26190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.1.1:release:*:*:*:*:*:*",
"matchCriteriaId": "1E8A6564-129A-4555-A5ED-6F65C56AE7B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.1.1:stable:*:*:*:*:*:*",
"matchCriteriaId": "237174A4-E030-4A0B-AD0B-5C463603EAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF49BF03-C25E-4737-84D5-892895C86C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.2:stable:*:*:*:*:*:*",
"matchCriteriaId": "5D7F8F11-1869-40E2-8478-28B4E946D3CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2019E0E-426B-43AF-8904-1B811AE171E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.3:release:*:*:*:*:*:*",
"matchCriteriaId": "9062BAB5-D437-49BE-A384-39F62434B70B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.3:release_p38:*:*:*:*:*:*",
"matchCriteriaId": "3BA1504C-14FE-4C21-A801-944041F2946F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.3:releng:*:*:*:*:*:*",
"matchCriteriaId": "21B69535-4FB6-4FAD-AAA6-C790FF82EFAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.3:stable:*:*:*:*:*:*",
"matchCriteriaId": "6E53C673-9D6D-42C8-A502-033E1FC28D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "55C5FC1A-1253-4390-A4FC-573BB14EA937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.4:release_p42:*:*:*:*:*:*",
"matchCriteriaId": "6F4AC452-6042-409D-8673-ACAD108EE3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.4:releng:*:*:*:*:*:*",
"matchCriteriaId": "2FE1009B-371A-48E2-A456-935A1F0B7D0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.4:stable:*:*:*:*:*:*",
"matchCriteriaId": "C844A170-B5A7-4703-AF3B-67366D44EA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "44308D13-D935-4FF8-AB52-F0E115ED1AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.5:release:*:*:*:*:*:*",
"matchCriteriaId": "3D41CB12-7894-4D25-80EC-23C56171D973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.5:release_p32:*:*:*:*:*:*",
"matchCriteriaId": "9BCD9C12-EDAB-473F-9CC5-04F06B413720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.5:releng:*:*:*:*:*:*",
"matchCriteriaId": "58EBC5C8-5CA8-4881-A036-179FDEBA3CA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.5:stable:*:*:*:*:*:*",
"matchCriteriaId": "09789843-6A1A-4CDB-97E8-89E82B79DDB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C001822-FDF8-497C-AC2C-B59A00E9ACD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.6:release:*:*:*:*:*:*",
"matchCriteriaId": "118211EF-CED7-4EB5-9669-F54C8169D4AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.6:release_p20:*:*:*:*:*:*",
"matchCriteriaId": "58288F0F-B4CE-445C-AD93-DA73E3AD6FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.6:releng:*:*:*:*:*:*",
"matchCriteriaId": "CC96FBA9-6A65-4CC7-BE68-ADAF450ABE21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.6:stable:*:*:*:*:*:*",
"matchCriteriaId": "9A405AE2-ECC4-4BB0-80DD-4736394FB217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4AB4AD26-6AF2-4F3A-B602-F231FAABA73E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B86C77AB-B8FF-4376-9B4E-C88417396F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.7:release:*:*:*:*:*:*",
"matchCriteriaId": "E5612FB0-8403-4A7E-B89A-D7BDFAC00078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.7:release_p17:*:*:*:*:*:*",
"matchCriteriaId": "FA699BB4-94AA-40E6-A6B6-33E3D416CDA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.7:releng:*:*:*:*:*:*",
"matchCriteriaId": "AFDA151E-E614-4A24-A34D-B6D5309110CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.7:stable:*:*:*:*:*:*",
"matchCriteriaId": "A7818E11-1BEB-4DAA-BA7A-A278454BA4B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "441BE3A0-20F4-4972-B279-19B3DB5FA14D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.8:pre-release:*:*:*:*:*:*",
"matchCriteriaId": "09BFA20B-2F31-4246-8F74-63DF1DB884EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.8:release_p6:*:*:*:*:*:*",
"matchCriteriaId": "5F3B4BA2-8A61-4F9A-8E46-7FA80E7F5514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.8:releng:*:*:*:*:*:*",
"matchCriteriaId": "2D33C6EF-DBE1-4943-83E4-1F10670DAC6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "00EAEA17-033A-4A50-8E39-D61154876D2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.9:pre-release:*:*:*:*:*:*",
"matchCriteriaId": "4AE93D3D-34B4-47B7-A784-61F4479FF5A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.9:releng:*:*:*:*:*:*",
"matchCriteriaId": "E6288144-0CD7-45B6-B5A7-09B1DF14FBE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9FFD9D1C-A459-47AD-BC62-15631417A32F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.10:release:*:*:*:*:*:*",
"matchCriteriaId": "4ECDEC87-0132-46B6-BD9B-A94F9B669EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.10:releng:*:*:*:*:*:*",
"matchCriteriaId": "43E84296-9B5C-4623-A2C4-431D76FC2765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "61EBA52A-2D8B-4FB5-866E-AE67CE1842E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "3B13D898-C1B6-44B9-8432-7DDB8A380E9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.0:release_p14:*:*:*:*:*:*",
"matchCriteriaId": "51A612F6-E4EB-4E34-8F55-79E16C74758E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.0:releng:*:*:*:*:*:*",
"matchCriteriaId": "5C19B266-8FE7-49ED-8678-2D522257491D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EE93350-92E6-4F5C-A14C-9993CFFDBCD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.1:alpha:*:*:*:*:*:*",
"matchCriteriaId": "15C4D826-A419-45F5-B91C-1445DB480916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.1:release:*:*:*:*:*:*",
"matchCriteriaId": "0D9F2B04-A1F2-4788-A53D-C8274A758DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.1:release_p5:*:*:*:*:*:*",
"matchCriteriaId": "FEC7B38F-C6FB-4213-AE18-2D039A4D8E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.1:releng:*:*:*:*:*:*",
"matchCriteriaId": "9A5309ED-D84F-4F52-9864-5B0FEEEE5022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7C441E-444B-4DF5-8491-86805C70FB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.2.1:release:*:*:*:*:*:*",
"matchCriteriaId": "C9CCE8F3-84EE-4571-8AAA-BF2D132E9BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.2.1:releng:*:*:*:*:*:*",
"matchCriteriaId": "8E4BC012-ADE4-468F-9A25-261CD8055694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65ED9D8C-604D-4B0B-A192-C0DA4D2E9AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BDA160D4-5CAB-44E7-880A-59DD98FEAD62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:current:*:*:*:*:*:*:*",
"matchCriteriaId": "0370727F-1E37-4B82-8969-A2AC644632E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line."
}
],
"evaluatorImpact": "Failed exploit attempts will likely cause a denial of service condition.",
"id": "CVE-2004-1471",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:14.cvs.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
},
{
"source": "cve@mitre.org",
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10499"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:14.cvs.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16365"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-1343
Vulnerability from fkie_nvd - Published: 2004-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash).
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.debian.org/security/2005/dsa-715 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2005/dsa-715 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA94DE3-B1DA-40CC-BD60-291B0563500F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A305C6F7-35DA-48E2-B345-14671629226D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F7CA6E-7D45-46C9-A437-0D0C4D3F25CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "62135DD0-140D-42C2-9302-31B5E2DE1A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37B53C85-AA0E-40DD-B477-058586197714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1_p1:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D1234F-1BB0-432B-B7B7-A97E3ADD5561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D472B97-F7C2-4973-9D71-AB3CF1F8774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9D0DCF26-59A8-46AC-99D7-97C203A0D702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B31BAACA-7518-48D2-ADEE-F59F4569D3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2748A8-5047-4338-A08E-986497AE4B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "525C4E91-2186-4D3A-9DF0-1C6A75A3F919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EB231E7F-1A6F-4A79-8ED2-F6CAD311A5A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FF7105E4-25F8-4AE3-9EDD-D44BF3E17145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.14:*:*:*:*:*:*:*",
"matchCriteriaId": "7C22BAF3-7B9C-4B2E-B5C6-1F37B896C301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4AFFAE96-873A-4253-BCC7-1049DA81D9CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D1163535-583A-4504-BE7B-8919143CDF9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "36BFAB00-58EA-43B7-93FB-874EF4104C5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash)."
}
],
"id": "CVE-2004-1343",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-715"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-0414
Vulnerability from fkie_nvd - Published: 2004-08-06 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cvs | cvs | 1.10.7 | |
| cvs | cvs | 1.10.8 | |
| cvs | cvs | 1.11 | |
| cvs | cvs | 1.11.1 | |
| cvs | cvs | 1.11.1_p1 | |
| cvs | cvs | 1.11.2 | |
| cvs | cvs | 1.11.3 | |
| cvs | cvs | 1.11.4 | |
| cvs | cvs | 1.11.5 | |
| cvs | cvs | 1.11.6 | |
| cvs | cvs | 1.11.10 | |
| cvs | cvs | 1.11.11 | |
| cvs | cvs | 1.11.14 | |
| cvs | cvs | 1.11.15 | |
| cvs | cvs | 1.11.16 | |
| cvs | cvs | 1.12.1 | |
| cvs | cvs | 1.12.2 | |
| cvs | cvs | 1.12.5 | |
| cvs | cvs | 1.12.7 | |
| cvs | cvs | 1.12.8 | |
| openpkg | openpkg | * | |
| openpkg | openpkg | 1.3 | |
| openpkg | openpkg | 2.0 | |
| sgi | propack | 2.4 | |
| sgi | propack | 3.0 | |
| gentoo | linux | 1.4 | |
| openbsd | openbsd | * | |
| openbsd | openbsd | 3.4 | |
| openbsd | openbsd | 3.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F7CA6E-7D45-46C9-A437-0D0C4D3F25CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "62135DD0-140D-42C2-9302-31B5E2DE1A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37B53C85-AA0E-40DD-B477-058586197714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1_p1:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D1234F-1BB0-432B-B7B7-A97E3ADD5561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D472B97-F7C2-4973-9D71-AB3CF1F8774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9D0DCF26-59A8-46AC-99D7-97C203A0D702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B31BAACA-7518-48D2-ADEE-F59F4569D3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2748A8-5047-4338-A08E-986497AE4B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "525C4E91-2186-4D3A-9DF0-1C6A75A3F919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EB231E7F-1A6F-4A79-8ED2-F6CAD311A5A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FF7105E4-25F8-4AE3-9EDD-D44BF3E17145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.14:*:*:*:*:*:*:*",
"matchCriteriaId": "7C22BAF3-7B9C-4B2E-B5C6-1F37B896C301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4AFFAE96-873A-4253-BCC7-1049DA81D9CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D1163535-583A-4504-BE7B-8919143CDF9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "766053F7-A174-4716-BF49-76B50FC79FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D2623F-167A-4976-B757-DAC4CCFAFE64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FAEC4477-D040-450E-A850-8B03C937A600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2848AA51-9AF1-448D-955F-50B5203F7229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7B66BE64-E340-4777-B877-483FEAA66988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F74941A0-97CA-44D4-B55B-9224F051D40F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "46B96764-9241-4586-9FA5-77D8D8EBE3BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48A4B336-2D5B-4D9B-AA87-E5266FED05BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0702A32E-E577-403C-B4D9-15037D7100A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29DC217F-C257-4A3C-9CBD-08010C30BEC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65ED9D8C-604D-4B0B-A192-C0DA4D2E9AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA3CDD3C-DBA6-4BA2-967D-AD746822F3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BDA160D4-5CAB-44E7-880A-59DD98FEAD62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed \"Entry\" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution."
},
{
"lang": "es",
"value": "CVS 1.12.z a 1.12.8, y 1.11.x a 1.11.16, no maneja adecuadamente l\u00edneas \"Entry\" malformadas, lo que impide que un terminador NULL sea usado y puede conducir a una denegaci\u00f3n de servicio (ca\u00edda), modificaci\u00f3n de datos de programa cr\u00edticos, o ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"id": "CVE-2004-0414",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-06T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108716553923643\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200406-06.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-517"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2004-233.html"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10575"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108716553923643\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200406-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2004-233.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10575"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A993"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-0417
Vulnerability from fkie_nvd - Published: 2004-08-06 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cvs | cvs | 1.10.7 | |
| cvs | cvs | 1.10.8 | |
| cvs | cvs | 1.11 | |
| cvs | cvs | 1.11.1 | |
| cvs | cvs | 1.11.1_p1 | |
| cvs | cvs | 1.11.2 | |
| cvs | cvs | 1.11.3 | |
| cvs | cvs | 1.11.4 | |
| cvs | cvs | 1.11.5 | |
| cvs | cvs | 1.11.6 | |
| cvs | cvs | 1.11.10 | |
| cvs | cvs | 1.11.11 | |
| cvs | cvs | 1.11.14 | |
| cvs | cvs | 1.11.15 | |
| cvs | cvs | 1.11.16 | |
| cvs | cvs | 1.12.1 | |
| cvs | cvs | 1.12.2 | |
| cvs | cvs | 1.12.5 | |
| cvs | cvs | 1.12.7 | |
| cvs | cvs | 1.12.8 | |
| openpkg | openpkg | * | |
| openpkg | openpkg | 1.3 | |
| openpkg | openpkg | 2.0 | |
| sgi | propack | 2.4 | |
| sgi | propack | 3.0 | |
| gentoo | linux | 1.4 | |
| openbsd | openbsd | * | |
| openbsd | openbsd | 3.4 | |
| openbsd | openbsd | 3.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F7CA6E-7D45-46C9-A437-0D0C4D3F25CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "62135DD0-140D-42C2-9302-31B5E2DE1A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37B53C85-AA0E-40DD-B477-058586197714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1_p1:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D1234F-1BB0-432B-B7B7-A97E3ADD5561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D472B97-F7C2-4973-9D71-AB3CF1F8774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9D0DCF26-59A8-46AC-99D7-97C203A0D702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B31BAACA-7518-48D2-ADEE-F59F4569D3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2748A8-5047-4338-A08E-986497AE4B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "525C4E91-2186-4D3A-9DF0-1C6A75A3F919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EB231E7F-1A6F-4A79-8ED2-F6CAD311A5A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FF7105E4-25F8-4AE3-9EDD-D44BF3E17145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.14:*:*:*:*:*:*:*",
"matchCriteriaId": "7C22BAF3-7B9C-4B2E-B5C6-1F37B896C301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4AFFAE96-873A-4253-BCC7-1049DA81D9CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D1163535-583A-4504-BE7B-8919143CDF9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "766053F7-A174-4716-BF49-76B50FC79FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D2623F-167A-4976-B757-DAC4CCFAFE64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FAEC4477-D040-450E-A850-8B03C937A600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2848AA51-9AF1-448D-955F-50B5203F7229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7B66BE64-E340-4777-B877-483FEAA66988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F74941A0-97CA-44D4-B55B-9224F051D40F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "46B96764-9241-4586-9FA5-77D8D8EBE3BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48A4B336-2D5B-4D9B-AA87-E5266FED05BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0702A32E-E577-403C-B4D9-15037D7100A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29DC217F-C257-4A3C-9CBD-08010C30BEC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65ED9D8C-604D-4B0B-A192-C0DA4D2E9AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA3CDD3C-DBA6-4BA2-967D-AD746822F3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BDA160D4-5CAB-44E7-880A-59DD98FEAD62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the \"Max-dotdot\" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space."
},
{
"lang": "es",
"value": "Desobordamiento de enteros en la orden de protocolo CVS \"Max-dotdot\" (serve_max_dotdot) en CVS 1.12.x a 1.12.8 y 1.11.x a 1.11.16 puede permitir a atacantes remotos causar una ca\u00edda del servidor, lo que podr\u00eda hacer que datos temporales permanezcan sin detectar y consumir espacio en disco."
}
],
"id": "CVE-2004-0417",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-06T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108716553923643\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200406-06.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-519"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2004-233.html"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1001"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108716553923643\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200406-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2004-233.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11145"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-0418
Vulnerability from fkie_nvd - Published: 2004-08-06 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cvs | cvs | 1.10.7 | |
| cvs | cvs | 1.10.8 | |
| cvs | cvs | 1.11 | |
| cvs | cvs | 1.11.1 | |
| cvs | cvs | 1.11.1_p1 | |
| cvs | cvs | 1.11.2 | |
| cvs | cvs | 1.11.3 | |
| cvs | cvs | 1.11.4 | |
| cvs | cvs | 1.11.5 | |
| cvs | cvs | 1.11.6 | |
| cvs | cvs | 1.11.10 | |
| cvs | cvs | 1.11.11 | |
| cvs | cvs | 1.11.14 | |
| cvs | cvs | 1.11.15 | |
| cvs | cvs | 1.11.16 | |
| cvs | cvs | 1.12.1 | |
| cvs | cvs | 1.12.2 | |
| cvs | cvs | 1.12.5 | |
| cvs | cvs | 1.12.7 | |
| cvs | cvs | 1.12.8 | |
| openpkg | openpkg | * | |
| openpkg | openpkg | 1.3 | |
| openpkg | openpkg | 2.0 | |
| sgi | propack | 2.4 | |
| sgi | propack | 3.0 | |
| gentoo | linux | 1.4 | |
| openbsd | openbsd | * | |
| openbsd | openbsd | 3.4 | |
| openbsd | openbsd | 3.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F7CA6E-7D45-46C9-A437-0D0C4D3F25CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "62135DD0-140D-42C2-9302-31B5E2DE1A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37B53C85-AA0E-40DD-B477-058586197714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1_p1:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D1234F-1BB0-432B-B7B7-A97E3ADD5561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D472B97-F7C2-4973-9D71-AB3CF1F8774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9D0DCF26-59A8-46AC-99D7-97C203A0D702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B31BAACA-7518-48D2-ADEE-F59F4569D3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2748A8-5047-4338-A08E-986497AE4B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "525C4E91-2186-4D3A-9DF0-1C6A75A3F919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EB231E7F-1A6F-4A79-8ED2-F6CAD311A5A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FF7105E4-25F8-4AE3-9EDD-D44BF3E17145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.14:*:*:*:*:*:*:*",
"matchCriteriaId": "7C22BAF3-7B9C-4B2E-B5C6-1F37B896C301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4AFFAE96-873A-4253-BCC7-1049DA81D9CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D1163535-583A-4504-BE7B-8919143CDF9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "766053F7-A174-4716-BF49-76B50FC79FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D2623F-167A-4976-B757-DAC4CCFAFE64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FAEC4477-D040-450E-A850-8B03C937A600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2848AA51-9AF1-448D-955F-50B5203F7229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7B66BE64-E340-4777-B877-483FEAA66988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F74941A0-97CA-44D4-B55B-9224F051D40F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "46B96764-9241-4586-9FA5-77D8D8EBE3BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48A4B336-2D5B-4D9B-AA87-E5266FED05BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0702A32E-E577-403C-B4D9-15037D7100A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29DC217F-C257-4A3C-9CBD-08010C30BEC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65ED9D8C-604D-4B0B-A192-C0DA4D2E9AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA3CDD3C-DBA6-4BA2-967D-AD746822F3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BDA160D4-5CAB-44E7-880A-59DD98FEAD62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an \"out-of-bounds\" write for a single byte to execute arbitrary code or modify critical program data."
},
{
"lang": "es",
"value": "serve_notify en CVS 1.12.x a 1.12.8 y 1.11.x a 1.11.16 no maneja adecuadamente l\u00edneas de datos vac\u00edas, lo que puede permitir a atacantes remotos realizar una escritura \"fuera de l\u00edmites\" en un solo byte para ejecutar c\u00f3digo arbitrario o modificar datos cr\u00edticos del programa."
}
],
"id": "CVE-2004-0418",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-06T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108716553923643\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200406-06.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-519"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2004-233.html"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1003"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108716553923643\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200406-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2004-233.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11242"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-0416
Vulnerability from fkie_nvd - Published: 2004-08-06 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cvs | cvs | 1.10.7 | |
| cvs | cvs | 1.10.8 | |
| cvs | cvs | 1.11 | |
| cvs | cvs | 1.11.1 | |
| cvs | cvs | 1.11.1_p1 | |
| cvs | cvs | 1.11.2 | |
| cvs | cvs | 1.11.3 | |
| cvs | cvs | 1.11.4 | |
| cvs | cvs | 1.11.5 | |
| cvs | cvs | 1.11.6 | |
| cvs | cvs | 1.11.10 | |
| cvs | cvs | 1.11.11 | |
| cvs | cvs | 1.11.14 | |
| cvs | cvs | 1.11.15 | |
| cvs | cvs | 1.11.16 | |
| cvs | cvs | 1.12.1 | |
| cvs | cvs | 1.12.2 | |
| cvs | cvs | 1.12.5 | |
| cvs | cvs | 1.12.7 | |
| cvs | cvs | 1.12.8 | |
| openpkg | openpkg | * | |
| openpkg | openpkg | 1.3 | |
| openpkg | openpkg | 2.0 | |
| sgi | propack | 2.4 | |
| sgi | propack | 3.0 | |
| gentoo | linux | 1.4 | |
| openbsd | openbsd | * | |
| openbsd | openbsd | 3.4 | |
| openbsd | openbsd | 3.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F7CA6E-7D45-46C9-A437-0D0C4D3F25CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "62135DD0-140D-42C2-9302-31B5E2DE1A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37B53C85-AA0E-40DD-B477-058586197714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1_p1:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D1234F-1BB0-432B-B7B7-A97E3ADD5561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D472B97-F7C2-4973-9D71-AB3CF1F8774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9D0DCF26-59A8-46AC-99D7-97C203A0D702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B31BAACA-7518-48D2-ADEE-F59F4569D3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2748A8-5047-4338-A08E-986497AE4B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "525C4E91-2186-4D3A-9DF0-1C6A75A3F919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EB231E7F-1A6F-4A79-8ED2-F6CAD311A5A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FF7105E4-25F8-4AE3-9EDD-D44BF3E17145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.14:*:*:*:*:*:*:*",
"matchCriteriaId": "7C22BAF3-7B9C-4B2E-B5C6-1F37B896C301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4AFFAE96-873A-4253-BCC7-1049DA81D9CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D1163535-583A-4504-BE7B-8919143CDF9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "766053F7-A174-4716-BF49-76B50FC79FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D2623F-167A-4976-B757-DAC4CCFAFE64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FAEC4477-D040-450E-A850-8B03C937A600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2848AA51-9AF1-448D-955F-50B5203F7229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7B66BE64-E340-4777-B877-483FEAA66988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F74941A0-97CA-44D4-B55B-9224F051D40F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "46B96764-9241-4586-9FA5-77D8D8EBE3BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48A4B336-2D5B-4D9B-AA87-E5266FED05BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0702A32E-E577-403C-B4D9-15037D7100A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29DC217F-C257-4A3C-9CBD-08010C30BEC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65ED9D8C-604D-4B0B-A192-C0DA4D2E9AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA3CDD3C-DBA6-4BA2-967D-AD746822F3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BDA160D4-5CAB-44E7-880A-59DD98FEAD62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code."
},
{
"lang": "es",
"value": "Vulnerabilidad de doble liberaci\u00f3n en la cadena error_prog_name en CVS 1.12.x a 1.12.8, y 1.11.x a 1.11.16, puede permitir a atacantes remotos ejecutar c\u00f3digo arbitrario."
}
],
"id": "CVE-2004-0416",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-06T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108716553923643\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200406-06.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-519"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2004-233.html"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10070"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108716553923643\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200406-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2004-233.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A994"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-0396
Vulnerability from fkie_nvd - Published: 2004-06-14 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "36BFAB00-58EA-43B7-93FB-874EF4104C5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines."
},
{
"lang": "es",
"value": "Desbordamiento basado en la pila en CVS 1.11.X a 1.11.5 y 1.12. a 1.12.7, cuando se usa el mecanismo pserver, permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante lineas de Entradas."
}
],
"id": "CVE-2004-0396",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-06-14T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-008.txt.asc"
},
{
"source": "cve@mitre.org",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0980.html"
},
{
"source": "cve@mitre.org",
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2004/05/msg00219.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021742.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108498454829020\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108500040719512\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108636445031613\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=openbsd-security-announce\u0026m=108508894405639\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11641"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11647"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11651"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11652"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11674"
},
{
"source": "cve@mitre.org",
"url": "http://security.e-matters.de/advisories/072004.html"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200405-12.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.ciac.org/ciac/bulletins/o-147.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-505"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/192038"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:048"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/6305"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-190.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/10384"
},
{
"source": "cve@mitre.org",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.395865"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-147A.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16193"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9058"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A970"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-008.txt.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0980.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2004/05/msg00219.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021742.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108498454829020\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108500040719512\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108636445031613\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=openbsd-security-announce\u0026m=108508894405639\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.e-matters.de/advisories/072004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200405-12.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ciac.org/ciac/bulletins/o-147.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/192038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/6305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-190.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/10384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.395865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-147A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A970"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2012-0804 (GCVE-0-2012-0804)
Vulnerability from cvelistv5 – Published: 2012-05-29 20:00 – Updated: 2024-08-06 18:38
VLAI?
Summary
Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:14.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2012:0310",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-02/msg00064.html"
},
{
"name": "1026719",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026719"
},
{
"name": "48150",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48150"
},
{
"name": "cvs-proxyconnect-bo(73097)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73097"
},
{
"name": "RHSA-2012:0321",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0321.html"
},
{
"name": "MDVSA-2012:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:044"
},
{
"name": "78987",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/78987"
},
{
"name": "48142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48142"
},
{
"name": "USN-1371-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1371-1"
},
{
"name": "47869",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47869"
},
{
"name": "GLSA-201701-44",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-44"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=784141"
},
{
"name": "DSA-2407",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2407"
},
{
"name": "51943",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51943"
},
{
"name": "48063",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48063"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2012:0310",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-02/msg00064.html"
},
{
"name": "1026719",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026719"
},
{
"name": "48150",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48150"
},
{
"name": "cvs-proxyconnect-bo(73097)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73097"
},
{
"name": "RHSA-2012:0321",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0321.html"
},
{
"name": "MDVSA-2012:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:044"
},
{
"name": "78987",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/78987"
},
{
"name": "48142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48142"
},
{
"name": "USN-1371-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1371-1"
},
{
"name": "47869",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47869"
},
{
"name": "GLSA-201701-44",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-44"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=784141"
},
{
"name": "DSA-2407",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2407"
},
{
"name": "51943",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51943"
},
{
"name": "48063",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48063"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0804",
"datePublished": "2012-05-29T20:00:00",
"dateReserved": "2012-01-19T00:00:00",
"dateUpdated": "2024-08-06T18:38:14.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2693 (GCVE-0-2005-2693)
Vulnerability from cvelistv5 – Published: 2005-08-25 04:00 – Updated: 2024-08-07 22:45
VLAI?
Summary
cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:01.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2005-1667",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/1667"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166366"
},
{
"name": "FreeBSD-SA-05:20",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:20.cvsbug.asc"
},
{
"name": "RHSA-2005:756",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-756.html"
},
{
"name": "16765",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16765"
},
{
"name": "1014857",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014857"
},
{
"name": "DSA-802",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-802"
},
{
"name": "DSA-806",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-806"
},
{
"name": "oval:org.mitre.oval:def:10835",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10835"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2005-1667",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/1667"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166366"
},
{
"name": "FreeBSD-SA-05:20",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:20.cvsbug.asc"
},
{
"name": "RHSA-2005:756",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-756.html"
},
{
"name": "16765",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16765"
},
{
"name": "1014857",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014857"
},
{
"name": "DSA-802",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-802"
},
{
"name": "DSA-806",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-806"
},
{
"name": "oval:org.mitre.oval:def:10835",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10835"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-2693",
"datePublished": "2005-08-25T04:00:00",
"dateReserved": "2005-08-25T00:00:00",
"dateUpdated": "2024-08-07T22:45:01.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1343 (GCVE-0-2004-1343)
Vulnerability from cvelistv5 – Published: 2005-04-27 04:00 – Updated: 2024-09-17 02:01
VLAI?
Summary
CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-715"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-04-27T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-715"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-715",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-715"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1343",
"datePublished": "2005-04-27T04:00:00Z",
"dateReserved": "2005-01-06T00:00:00Z",
"dateUpdated": "2024-09-17T02:01:39.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1342 (GCVE-0-2004-1342)
Vulnerability from cvelistv5 – Published: 2005-04-27 04:00 – Updated: 2024-09-16 22:55
VLAI?
Summary
CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-715"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-04-27T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-715"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-715",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-715"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1342",
"datePublished": "2005-04-27T04:00:00Z",
"dateReserved": "2005-01-06T00:00:00Z",
"dateUpdated": "2024-09-16T22:55:47.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0753 (GCVE-0-2005-0753)
Vulnerability from cvelistv5 – Published: 2005-04-21 04:00 – Updated: 2024-08-07 21:28
VLAI?
Summary
Buffer overflow in CVS before 1.11.20 allows remote attackers to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:28:27.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.gentoo.org/attachment.cgi?id=54352\u0026action=view"
},
{
"name": "DSA-742",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-742"
},
{
"name": "oval:org.mitre.oval:def:9688",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9688"
},
{
"name": "cvs-bo(20148)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20148"
},
{
"name": "SUSE-SA:2005:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_24_cvs.html"
},
{
"name": "GLSA-200504-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200504-16.xml"
},
{
"name": "14976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14976/"
},
{
"name": "RHSA-2005:387",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-387.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in CVS before 1.11.20 allows remote attackers to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.gentoo.org/attachment.cgi?id=54352\u0026action=view"
},
{
"name": "DSA-742",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-742"
},
{
"name": "oval:org.mitre.oval:def:9688",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9688"
},
{
"name": "cvs-bo(20148)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20148"
},
{
"name": "SUSE-SA:2005:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_24_cvs.html"
},
{
"name": "GLSA-200504-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200504-16.xml"
},
{
"name": "14976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14976/"
},
{
"name": "RHSA-2005:387",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-387.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-0753",
"datePublished": "2005-04-21T04:00:00",
"dateReserved": "2005-03-17T00:00:00",
"dateUpdated": "2024-08-07T21:28:27.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1471 (GCVE-0-2004-1471)
Vulnerability from cvelistv5 – Published: 2005-02-13 05:00 – Updated: 2024-08-08 00:53
VLAI?
Summary
Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:23.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"name": "10499",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10499"
},
{
"name": "FreeBSD-SA-04:14",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:14.cvs.asc"
},
{
"name": "cvs-wrapper-format-string(16365)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16365"
},
{
"name": "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"name": "10499",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10499"
},
{
"name": "FreeBSD-SA-04:14",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:14.cvs.asc"
},
{
"name": "cvs-wrapper-format-string(16365)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16365"
},
{
"name": "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.e-matters.de/advisories/092004.html",
"refsource": "MISC",
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"name": "10499",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10499"
},
{
"name": "FreeBSD-SA-04:14",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:14.cvs.asc"
},
{
"name": "cvs-wrapper-format-string(16365)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16365"
},
{
"name": "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1471",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2005-02-13T00:00:00",
"dateUpdated": "2024-08-08T00:53:23.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0015 (GCVE-0-2003-0015)
Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 01:36
VLAI?
Summary
Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2003:012",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-012.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51\u0026JServSessionIdservlets=5of2iuhr14"
},
{
"name": "20030124 Test program for CVS double-free.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104342550612736\u0026w=2"
},
{
"name": "MDKSA-2003:009",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009"
},
{
"name": "FreeBSD-SA-03:01",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104438807203491\u0026w=2"
},
{
"name": "6650",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6650"
},
{
"name": "cvs-doublefree-memory-corruption(11108)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11108"
},
{
"name": "20030122 [security@slackware.com: [slackware-security] New CVS packages available]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104333092200589\u0026w=2"
},
{
"name": "RHSA-2003:013",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2003-013.html"
},
{
"name": "20030202 Exploit for CVS double free() for Linux pserver",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104428571204468\u0026w=2"
},
{
"name": "DSA-233",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-233"
},
{
"name": "VU#650937",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/650937"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.e-matters.de/advisories/012003.html"
},
{
"name": "CA-2003-02",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2003-02.html"
},
{
"name": "N-032",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/n-032.shtml"
},
{
"name": "20030120 Advisory 01/2003: CVS remote vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-29T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2003:012",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-012.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51\u0026JServSessionIdservlets=5of2iuhr14"
},
{
"name": "20030124 Test program for CVS double-free.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104342550612736\u0026w=2"
},
{
"name": "MDKSA-2003:009",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009"
},
{
"name": "FreeBSD-SA-03:01",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104438807203491\u0026w=2"
},
{
"name": "6650",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6650"
},
{
"name": "cvs-doublefree-memory-corruption(11108)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11108"
},
{
"name": "20030122 [security@slackware.com: [slackware-security] New CVS packages available]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104333092200589\u0026w=2"
},
{
"name": "RHSA-2003:013",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2003-013.html"
},
{
"name": "20030202 Exploit for CVS double free() for Linux pserver",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104428571204468\u0026w=2"
},
{
"name": "DSA-233",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-233"
},
{
"name": "VU#650937",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/650937"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.e-matters.de/advisories/012003.html"
},
{
"name": "CA-2003-02",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2003-02.html"
},
{
"name": "N-032",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/n-032.shtml"
},
{
"name": "20030120 Advisory 01/2003: CVS remote vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2003:012",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-012.html"
},
{
"name": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51\u0026JServSessionIdservlets=5of2iuhr14",
"refsource": "CONFIRM",
"url": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51\u0026JServSessionIdservlets=5of2iuhr14"
},
{
"name": "20030124 Test program for CVS double-free.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104342550612736\u0026w=2"
},
{
"name": "MDKSA-2003:009",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009"
},
{
"name": "FreeBSD-SA-03:01",
"refsource": "FREEBSD",
"url": "http://marc.info/?l=bugtraq\u0026m=104438807203491\u0026w=2"
},
{
"name": "6650",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6650"
},
{
"name": "cvs-doublefree-memory-corruption(11108)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11108"
},
{
"name": "20030122 [security@slackware.com: [slackware-security] New CVS packages available]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104333092200589\u0026w=2"
},
{
"name": "RHSA-2003:013",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2003-013.html"
},
{
"name": "20030202 Exploit for CVS double free() for Linux pserver",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104428571204468\u0026w=2"
},
{
"name": "DSA-233",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-233"
},
{
"name": "VU#650937",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/650937"
},
{
"name": "http://security.e-matters.de/advisories/012003.html",
"refsource": "MISC",
"url": "http://security.e-matters.de/advisories/012003.html"
},
{
"name": "CA-2003-02",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2003-02.html"
},
{
"name": "N-032",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/n-032.shtml"
},
{
"name": "20030120 Advisory 01/2003: CVS remote vulnerability",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0015",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2003-01-07T00:00:00",
"dateUpdated": "2024-08-08T01:36:25.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0778 (GCVE-0-2004-0778)
Vulnerability from cvelistv5 – Published: 2004-08-18 04:00 – Updated: 2024-08-08 00:31
VLAI?
Summary
CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:47.840Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10955",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10955"
},
{
"name": "MDKSA-2004:108",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:108"
},
{
"name": "oval:org.mitre.oval:def:10688",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10688"
},
{
"name": "20040816 CVS Undocumented Flag Information Disclosure Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=130\u0026type=vulnerabilities"
},
{
"name": "cvs-history-info-disclosure(17001)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17001"
},
{
"name": "VU#579225",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/579225"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10955",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10955"
},
{
"name": "MDKSA-2004:108",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:108"
},
{
"name": "oval:org.mitre.oval:def:10688",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10688"
},
{
"name": "20040816 CVS Undocumented Flag Information Disclosure Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=130\u0026type=vulnerabilities"
},
{
"name": "cvs-history-info-disclosure(17001)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17001"
},
{
"name": "VU#579225",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/579225"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10955",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10955"
},
{
"name": "MDKSA-2004:108",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:108"
},
{
"name": "oval:org.mitre.oval:def:10688",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10688"
},
{
"name": "20040816 CVS Undocumented Flag Information Disclosure Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=130\u0026type=vulnerabilities"
},
{
"name": "cvs-history-info-disclosure(17001)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17001"
},
{
"name": "VU#579225",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/579225"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0778",
"datePublished": "2004-08-18T04:00:00",
"dateReserved": "2004-08-11T00:00:00",
"dateUpdated": "2024-08-08T00:31:47.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0418 (GCVE-0-2004-0418)
Vulnerability from cvelistv5 – Published: 2004-06-11 04:00 – Updated: 2024-08-08 00:17
VLAI?
Summary
serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:14.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-519"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"name": "oval:org.mitre.oval:def:11242",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11242"
},
{
"name": "20040605-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"name": "oval:org.mitre.oval:def:1003",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1003"
},
{
"name": "20040611 [OpenPKG-SA-2004.027] OpenPKG Security Advisory (cvs)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108716553923643\u0026w=2"
},
{
"name": "RHSA-2004:233",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-233.html"
},
{
"name": "MDKSA-2004:058",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058"
},
{
"name": "GLSA-200406-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200406-06.xml"
},
{
"name": "20040604-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"name": "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an \"out-of-bounds\" write for a single byte to execute arbitrary code or modify critical program data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-519"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"name": "oval:org.mitre.oval:def:11242",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11242"
},
{
"name": "20040605-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"name": "oval:org.mitre.oval:def:1003",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1003"
},
{
"name": "20040611 [OpenPKG-SA-2004.027] OpenPKG Security Advisory (cvs)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108716553923643\u0026w=2"
},
{
"name": "RHSA-2004:233",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-233.html"
},
{
"name": "MDKSA-2004:058",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058"
},
{
"name": "GLSA-200406-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200406-06.xml"
},
{
"name": "20040604-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"name": "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an \"out-of-bounds\" write for a single byte to execute arbitrary code or modify critical program data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-519",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-519"
},
{
"name": "http://security.e-matters.de/advisories/092004.html",
"refsource": "MISC",
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"name": "oval:org.mitre.oval:def:11242",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11242"
},
{
"name": "20040605-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"name": "oval:org.mitre.oval:def:1003",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1003"
},
{
"name": "20040611 [OpenPKG-SA-2004.027] OpenPKG Security Advisory (cvs)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108716553923643\u0026w=2"
},
{
"name": "RHSA-2004:233",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-233.html"
},
{
"name": "MDKSA-2004:058",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058"
},
{
"name": "GLSA-200406-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200406-06.xml"
},
{
"name": "20040604-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"name": "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0418",
"datePublished": "2004-06-11T04:00:00",
"dateReserved": "2004-04-16T00:00:00",
"dateUpdated": "2024-08-08T00:17:14.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0804 (GCVE-0-2012-0804)
Vulnerability from nvd – Published: 2012-05-29 20:00 – Updated: 2024-08-06 18:38
VLAI?
Summary
Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:14.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2012:0310",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-02/msg00064.html"
},
{
"name": "1026719",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026719"
},
{
"name": "48150",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48150"
},
{
"name": "cvs-proxyconnect-bo(73097)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73097"
},
{
"name": "RHSA-2012:0321",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0321.html"
},
{
"name": "MDVSA-2012:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:044"
},
{
"name": "78987",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/78987"
},
{
"name": "48142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48142"
},
{
"name": "USN-1371-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1371-1"
},
{
"name": "47869",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47869"
},
{
"name": "GLSA-201701-44",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-44"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=784141"
},
{
"name": "DSA-2407",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2407"
},
{
"name": "51943",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51943"
},
{
"name": "48063",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48063"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2012:0310",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-02/msg00064.html"
},
{
"name": "1026719",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026719"
},
{
"name": "48150",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48150"
},
{
"name": "cvs-proxyconnect-bo(73097)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73097"
},
{
"name": "RHSA-2012:0321",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0321.html"
},
{
"name": "MDVSA-2012:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:044"
},
{
"name": "78987",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/78987"
},
{
"name": "48142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48142"
},
{
"name": "USN-1371-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1371-1"
},
{
"name": "47869",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47869"
},
{
"name": "GLSA-201701-44",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-44"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=784141"
},
{
"name": "DSA-2407",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2407"
},
{
"name": "51943",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51943"
},
{
"name": "48063",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48063"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0804",
"datePublished": "2012-05-29T20:00:00",
"dateReserved": "2012-01-19T00:00:00",
"dateUpdated": "2024-08-06T18:38:14.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2693 (GCVE-0-2005-2693)
Vulnerability from nvd – Published: 2005-08-25 04:00 – Updated: 2024-08-07 22:45
VLAI?
Summary
cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:01.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2005-1667",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/1667"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166366"
},
{
"name": "FreeBSD-SA-05:20",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:20.cvsbug.asc"
},
{
"name": "RHSA-2005:756",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-756.html"
},
{
"name": "16765",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16765"
},
{
"name": "1014857",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014857"
},
{
"name": "DSA-802",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-802"
},
{
"name": "DSA-806",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-806"
},
{
"name": "oval:org.mitre.oval:def:10835",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10835"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2005-1667",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/1667"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166366"
},
{
"name": "FreeBSD-SA-05:20",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:20.cvsbug.asc"
},
{
"name": "RHSA-2005:756",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-756.html"
},
{
"name": "16765",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16765"
},
{
"name": "1014857",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014857"
},
{
"name": "DSA-802",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-802"
},
{
"name": "DSA-806",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-806"
},
{
"name": "oval:org.mitre.oval:def:10835",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10835"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-2693",
"datePublished": "2005-08-25T04:00:00",
"dateReserved": "2005-08-25T00:00:00",
"dateUpdated": "2024-08-07T22:45:01.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1343 (GCVE-0-2004-1343)
Vulnerability from nvd – Published: 2005-04-27 04:00 – Updated: 2024-09-17 02:01
VLAI?
Summary
CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-715"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-04-27T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-715"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-715",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-715"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1343",
"datePublished": "2005-04-27T04:00:00Z",
"dateReserved": "2005-01-06T00:00:00Z",
"dateUpdated": "2024-09-17T02:01:39.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1342 (GCVE-0-2004-1342)
Vulnerability from nvd – Published: 2005-04-27 04:00 – Updated: 2024-09-16 22:55
VLAI?
Summary
CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-715"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-04-27T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-715"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-715",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-715"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1342",
"datePublished": "2005-04-27T04:00:00Z",
"dateReserved": "2005-01-06T00:00:00Z",
"dateUpdated": "2024-09-16T22:55:47.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0753 (GCVE-0-2005-0753)
Vulnerability from nvd – Published: 2005-04-21 04:00 – Updated: 2024-08-07 21:28
VLAI?
Summary
Buffer overflow in CVS before 1.11.20 allows remote attackers to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:28:27.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.gentoo.org/attachment.cgi?id=54352\u0026action=view"
},
{
"name": "DSA-742",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-742"
},
{
"name": "oval:org.mitre.oval:def:9688",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9688"
},
{
"name": "cvs-bo(20148)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20148"
},
{
"name": "SUSE-SA:2005:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_24_cvs.html"
},
{
"name": "GLSA-200504-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200504-16.xml"
},
{
"name": "14976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14976/"
},
{
"name": "RHSA-2005:387",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-387.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in CVS before 1.11.20 allows remote attackers to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.gentoo.org/attachment.cgi?id=54352\u0026action=view"
},
{
"name": "DSA-742",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-742"
},
{
"name": "oval:org.mitre.oval:def:9688",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9688"
},
{
"name": "cvs-bo(20148)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20148"
},
{
"name": "SUSE-SA:2005:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_24_cvs.html"
},
{
"name": "GLSA-200504-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200504-16.xml"
},
{
"name": "14976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14976/"
},
{
"name": "RHSA-2005:387",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-387.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-0753",
"datePublished": "2005-04-21T04:00:00",
"dateReserved": "2005-03-17T00:00:00",
"dateUpdated": "2024-08-07T21:28:27.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1471 (GCVE-0-2004-1471)
Vulnerability from nvd – Published: 2005-02-13 05:00 – Updated: 2024-08-08 00:53
VLAI?
Summary
Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:23.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"name": "10499",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10499"
},
{
"name": "FreeBSD-SA-04:14",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:14.cvs.asc"
},
{
"name": "cvs-wrapper-format-string(16365)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16365"
},
{
"name": "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"name": "10499",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10499"
},
{
"name": "FreeBSD-SA-04:14",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:14.cvs.asc"
},
{
"name": "cvs-wrapper-format-string(16365)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16365"
},
{
"name": "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.e-matters.de/advisories/092004.html",
"refsource": "MISC",
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"name": "10499",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10499"
},
{
"name": "FreeBSD-SA-04:14",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:14.cvs.asc"
},
{
"name": "cvs-wrapper-format-string(16365)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16365"
},
{
"name": "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1471",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2005-02-13T00:00:00",
"dateUpdated": "2024-08-08T00:53:23.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0015 (GCVE-0-2003-0015)
Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 01:36
VLAI?
Summary
Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2003:012",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-012.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51\u0026JServSessionIdservlets=5of2iuhr14"
},
{
"name": "20030124 Test program for CVS double-free.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104342550612736\u0026w=2"
},
{
"name": "MDKSA-2003:009",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009"
},
{
"name": "FreeBSD-SA-03:01",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104438807203491\u0026w=2"
},
{
"name": "6650",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6650"
},
{
"name": "cvs-doublefree-memory-corruption(11108)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11108"
},
{
"name": "20030122 [security@slackware.com: [slackware-security] New CVS packages available]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104333092200589\u0026w=2"
},
{
"name": "RHSA-2003:013",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2003-013.html"
},
{
"name": "20030202 Exploit for CVS double free() for Linux pserver",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104428571204468\u0026w=2"
},
{
"name": "DSA-233",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-233"
},
{
"name": "VU#650937",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/650937"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.e-matters.de/advisories/012003.html"
},
{
"name": "CA-2003-02",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2003-02.html"
},
{
"name": "N-032",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/n-032.shtml"
},
{
"name": "20030120 Advisory 01/2003: CVS remote vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-29T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2003:012",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-012.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51\u0026JServSessionIdservlets=5of2iuhr14"
},
{
"name": "20030124 Test program for CVS double-free.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104342550612736\u0026w=2"
},
{
"name": "MDKSA-2003:009",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009"
},
{
"name": "FreeBSD-SA-03:01",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104438807203491\u0026w=2"
},
{
"name": "6650",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6650"
},
{
"name": "cvs-doublefree-memory-corruption(11108)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11108"
},
{
"name": "20030122 [security@slackware.com: [slackware-security] New CVS packages available]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104333092200589\u0026w=2"
},
{
"name": "RHSA-2003:013",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2003-013.html"
},
{
"name": "20030202 Exploit for CVS double free() for Linux pserver",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104428571204468\u0026w=2"
},
{
"name": "DSA-233",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-233"
},
{
"name": "VU#650937",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/650937"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.e-matters.de/advisories/012003.html"
},
{
"name": "CA-2003-02",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2003-02.html"
},
{
"name": "N-032",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/n-032.shtml"
},
{
"name": "20030120 Advisory 01/2003: CVS remote vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2003:012",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-012.html"
},
{
"name": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51\u0026JServSessionIdservlets=5of2iuhr14",
"refsource": "CONFIRM",
"url": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51\u0026JServSessionIdservlets=5of2iuhr14"
},
{
"name": "20030124 Test program for CVS double-free.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104342550612736\u0026w=2"
},
{
"name": "MDKSA-2003:009",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009"
},
{
"name": "FreeBSD-SA-03:01",
"refsource": "FREEBSD",
"url": "http://marc.info/?l=bugtraq\u0026m=104438807203491\u0026w=2"
},
{
"name": "6650",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6650"
},
{
"name": "cvs-doublefree-memory-corruption(11108)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11108"
},
{
"name": "20030122 [security@slackware.com: [slackware-security] New CVS packages available]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104333092200589\u0026w=2"
},
{
"name": "RHSA-2003:013",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2003-013.html"
},
{
"name": "20030202 Exploit for CVS double free() for Linux pserver",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104428571204468\u0026w=2"
},
{
"name": "DSA-233",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-233"
},
{
"name": "VU#650937",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/650937"
},
{
"name": "http://security.e-matters.de/advisories/012003.html",
"refsource": "MISC",
"url": "http://security.e-matters.de/advisories/012003.html"
},
{
"name": "CA-2003-02",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2003-02.html"
},
{
"name": "N-032",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/n-032.shtml"
},
{
"name": "20030120 Advisory 01/2003: CVS remote vulnerability",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0015",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2003-01-07T00:00:00",
"dateUpdated": "2024-08-08T01:36:25.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0778 (GCVE-0-2004-0778)
Vulnerability from nvd – Published: 2004-08-18 04:00 – Updated: 2024-08-08 00:31
VLAI?
Summary
CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:47.840Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10955",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10955"
},
{
"name": "MDKSA-2004:108",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:108"
},
{
"name": "oval:org.mitre.oval:def:10688",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10688"
},
{
"name": "20040816 CVS Undocumented Flag Information Disclosure Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=130\u0026type=vulnerabilities"
},
{
"name": "cvs-history-info-disclosure(17001)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17001"
},
{
"name": "VU#579225",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/579225"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10955",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10955"
},
{
"name": "MDKSA-2004:108",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:108"
},
{
"name": "oval:org.mitre.oval:def:10688",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10688"
},
{
"name": "20040816 CVS Undocumented Flag Information Disclosure Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=130\u0026type=vulnerabilities"
},
{
"name": "cvs-history-info-disclosure(17001)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17001"
},
{
"name": "VU#579225",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/579225"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10955",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10955"
},
{
"name": "MDKSA-2004:108",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:108"
},
{
"name": "oval:org.mitre.oval:def:10688",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10688"
},
{
"name": "20040816 CVS Undocumented Flag Information Disclosure Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=130\u0026type=vulnerabilities"
},
{
"name": "cvs-history-info-disclosure(17001)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17001"
},
{
"name": "VU#579225",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/579225"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0778",
"datePublished": "2004-08-18T04:00:00",
"dateReserved": "2004-08-11T00:00:00",
"dateUpdated": "2024-08-08T00:31:47.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0418 (GCVE-0-2004-0418)
Vulnerability from nvd – Published: 2004-06-11 04:00 – Updated: 2024-08-08 00:17
VLAI?
Summary
serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:14.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-519"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"name": "oval:org.mitre.oval:def:11242",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11242"
},
{
"name": "20040605-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"name": "oval:org.mitre.oval:def:1003",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1003"
},
{
"name": "20040611 [OpenPKG-SA-2004.027] OpenPKG Security Advisory (cvs)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108716553923643\u0026w=2"
},
{
"name": "RHSA-2004:233",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-233.html"
},
{
"name": "MDKSA-2004:058",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058"
},
{
"name": "GLSA-200406-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200406-06.xml"
},
{
"name": "20040604-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"name": "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an \"out-of-bounds\" write for a single byte to execute arbitrary code or modify critical program data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-519"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"name": "oval:org.mitre.oval:def:11242",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11242"
},
{
"name": "20040605-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"name": "oval:org.mitre.oval:def:1003",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1003"
},
{
"name": "20040611 [OpenPKG-SA-2004.027] OpenPKG Security Advisory (cvs)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108716553923643\u0026w=2"
},
{
"name": "RHSA-2004:233",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-233.html"
},
{
"name": "MDKSA-2004:058",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058"
},
{
"name": "GLSA-200406-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200406-06.xml"
},
{
"name": "20040604-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"name": "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an \"out-of-bounds\" write for a single byte to execute arbitrary code or modify critical program data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-519",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-519"
},
{
"name": "http://security.e-matters.de/advisories/092004.html",
"refsource": "MISC",
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"name": "oval:org.mitre.oval:def:11242",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11242"
},
{
"name": "20040605-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"name": "oval:org.mitre.oval:def:1003",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1003"
},
{
"name": "20040611 [OpenPKG-SA-2004.027] OpenPKG Security Advisory (cvs)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108716553923643\u0026w=2"
},
{
"name": "RHSA-2004:233",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-233.html"
},
{
"name": "MDKSA-2004:058",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058"
},
{
"name": "GLSA-200406-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200406-06.xml"
},
{
"name": "20040604-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"name": "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0418",
"datePublished": "2004-06-11T04:00:00",
"dateReserved": "2004-04-16T00:00:00",
"dateUpdated": "2024-08-08T00:17:14.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}