Vulnerabilites related to cvs - cvs
Vulnerability from fkie_nvd
Published
2004-08-06 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cvs | cvs | 1.10.7 | |
| cvs | cvs | 1.10.8 | |
| cvs | cvs | 1.11 | |
| cvs | cvs | 1.11.1 | |
| cvs | cvs | 1.11.1_p1 | |
| cvs | cvs | 1.11.2 | |
| cvs | cvs | 1.11.3 | |
| cvs | cvs | 1.11.4 | |
| cvs | cvs | 1.11.5 | |
| cvs | cvs | 1.11.6 | |
| cvs | cvs | 1.11.10 | |
| cvs | cvs | 1.11.11 | |
| cvs | cvs | 1.11.14 | |
| cvs | cvs | 1.11.15 | |
| cvs | cvs | 1.11.16 | |
| cvs | cvs | 1.12.1 | |
| cvs | cvs | 1.12.2 | |
| cvs | cvs | 1.12.5 | |
| cvs | cvs | 1.12.7 | |
| cvs | cvs | 1.12.8 | |
| openpkg | openpkg | * | |
| openpkg | openpkg | 1.3 | |
| openpkg | openpkg | 2.0 | |
| sgi | propack | 2.4 | |
| sgi | propack | 3.0 | |
| gentoo | linux | 1.4 | |
| openbsd | openbsd | * | |
| openbsd | openbsd | 3.4 | |
| openbsd | openbsd | 3.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F7CA6E-7D45-46C9-A437-0D0C4D3F25CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "62135DD0-140D-42C2-9302-31B5E2DE1A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37B53C85-AA0E-40DD-B477-058586197714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1_p1:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D1234F-1BB0-432B-B7B7-A97E3ADD5561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D472B97-F7C2-4973-9D71-AB3CF1F8774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9D0DCF26-59A8-46AC-99D7-97C203A0D702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B31BAACA-7518-48D2-ADEE-F59F4569D3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2748A8-5047-4338-A08E-986497AE4B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "525C4E91-2186-4D3A-9DF0-1C6A75A3F919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EB231E7F-1A6F-4A79-8ED2-F6CAD311A5A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FF7105E4-25F8-4AE3-9EDD-D44BF3E17145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.14:*:*:*:*:*:*:*",
"matchCriteriaId": "7C22BAF3-7B9C-4B2E-B5C6-1F37B896C301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4AFFAE96-873A-4253-BCC7-1049DA81D9CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D1163535-583A-4504-BE7B-8919143CDF9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "766053F7-A174-4716-BF49-76B50FC79FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D2623F-167A-4976-B757-DAC4CCFAFE64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FAEC4477-D040-450E-A850-8B03C937A600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2848AA51-9AF1-448D-955F-50B5203F7229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7B66BE64-E340-4777-B877-483FEAA66988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F74941A0-97CA-44D4-B55B-9224F051D40F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "46B96764-9241-4586-9FA5-77D8D8EBE3BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48A4B336-2D5B-4D9B-AA87-E5266FED05BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0702A32E-E577-403C-B4D9-15037D7100A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29DC217F-C257-4A3C-9CBD-08010C30BEC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65ED9D8C-604D-4B0B-A192-C0DA4D2E9AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA3CDD3C-DBA6-4BA2-967D-AD746822F3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BDA160D4-5CAB-44E7-880A-59DD98FEAD62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an \"out-of-bounds\" write for a single byte to execute arbitrary code or modify critical program data."
},
{
"lang": "es",
"value": "serve_notify en CVS 1.12.x a 1.12.8 y 1.11.x a 1.11.16 no maneja adecuadamente l\u00edneas de datos vac\u00edas, lo que puede permitir a atacantes remotos realizar una escritura \"fuera de l\u00edmites\" en un solo byte para ejecutar c\u00f3digo arbitrario o modificar datos cr\u00edticos del programa."
}
],
"id": "CVE-2004-0418",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-06T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108716553923643\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200406-06.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-519"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2004-233.html"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1003"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108716553923643\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200406-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2004-233.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11242"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-01-05 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F7CA6E-7D45-46C9-A437-0D0C4D3F25CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "62135DD0-140D-42C2-9302-31B5E2DE1A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37B53C85-AA0E-40DD-B477-058586197714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1_p1:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D1234F-1BB0-432B-B7B7-A97E3ADD5561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D472B97-F7C2-4973-9D71-AB3CF1F8774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9D0DCF26-59A8-46AC-99D7-97C203A0D702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B31BAACA-7518-48D2-ADEE-F59F4569D3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2748A8-5047-4338-A08E-986497AE4B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "525C4E91-2186-4D3A-9DF0-1C6A75A3F919",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F41B40-75E6-45C8-A5FB-8464C0B2D064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "300A6A65-05FD-401C-80F6-B5F5B1F056E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3D53C9-3806-45E6-8AE9-7D41280EF64C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests."
},
{
"lang": "es",
"value": "Vulnerabilidad desconocida en servidores CVS anteriores a 1.11.10 puede permitir a atacantes causar que el servidor CVS cree directorios y ficheros en el directorio ra\u00edz del sistema de ficheros."
}
],
"id": "CVE-2003-0977",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-01-05T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc"
},
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84\u0026JServSessionIdservlets=8u3x1myav1"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000808"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107168035515554\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107540163908129\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/10601"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-422"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:112"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2004-003.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2004-004.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13929"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84\u0026JServSessionIdservlets=8u3x1myav1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107168035515554\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107540163908129\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/10601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-422"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2004-003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2004-004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-06-01 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cvs:cvs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6FCAEE-A0CB-4D8C-A160-F7A1247E9A64",
"versionEndIncluding": "1.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405."
}
],
"id": "CVE-2004-0180",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-06-01T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc"
},
{
"source": "cve@mitre.org",
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch"
},
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108636445031613\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11368"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11371"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11374"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11375"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11377"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11380"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11391"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11400"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11405"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11548"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200404-13.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-486"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:028"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-153.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-154.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.400181"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15864"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1042"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108636445031613\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11548"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200404-13.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-486"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-153.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-154.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.400181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15864"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9462"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-05-29 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "36BFAB00-58EA-43B7-93FB-874EF4104C5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en la funcion proxy_connect en src/client.c en CVS v1.11 y v1.12 permite a los servidores proxy HTTP remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una respuesta HTTP manipulada."
}
],
"id": "CVE-2012-0804",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-05-29T20:55:06.867",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2012-02/msg00064.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0321.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47869"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48063"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48142"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/48150"
},
{
"source": "secalert@redhat.com",
"url": "http://ubuntu.com/usn/usn-1371-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2407"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:044"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/78987"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/51943"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1026719"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=784141"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73097"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/201701-44"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2012-02/msg00064.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0321.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-1371-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/78987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51943"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1026719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=784141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-44"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-06 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cvs | cvs | 1.10.7 | |
| cvs | cvs | 1.10.8 | |
| cvs | cvs | 1.11 | |
| cvs | cvs | 1.11.1 | |
| cvs | cvs | 1.11.1_p1 | |
| cvs | cvs | 1.11.2 | |
| cvs | cvs | 1.11.3 | |
| cvs | cvs | 1.11.4 | |
| cvs | cvs | 1.11.5 | |
| cvs | cvs | 1.11.6 | |
| cvs | cvs | 1.11.10 | |
| cvs | cvs | 1.11.11 | |
| cvs | cvs | 1.11.14 | |
| cvs | cvs | 1.11.15 | |
| cvs | cvs | 1.11.16 | |
| cvs | cvs | 1.12.1 | |
| cvs | cvs | 1.12.2 | |
| cvs | cvs | 1.12.5 | |
| cvs | cvs | 1.12.7 | |
| cvs | cvs | 1.12.8 | |
| openpkg | openpkg | * | |
| openpkg | openpkg | 1.3 | |
| openpkg | openpkg | 2.0 | |
| sgi | propack | 2.4 | |
| sgi | propack | 3.0 | |
| gentoo | linux | 1.4 | |
| openbsd | openbsd | * | |
| openbsd | openbsd | 3.4 | |
| openbsd | openbsd | 3.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F7CA6E-7D45-46C9-A437-0D0C4D3F25CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "62135DD0-140D-42C2-9302-31B5E2DE1A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37B53C85-AA0E-40DD-B477-058586197714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1_p1:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D1234F-1BB0-432B-B7B7-A97E3ADD5561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D472B97-F7C2-4973-9D71-AB3CF1F8774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9D0DCF26-59A8-46AC-99D7-97C203A0D702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B31BAACA-7518-48D2-ADEE-F59F4569D3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2748A8-5047-4338-A08E-986497AE4B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "525C4E91-2186-4D3A-9DF0-1C6A75A3F919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EB231E7F-1A6F-4A79-8ED2-F6CAD311A5A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FF7105E4-25F8-4AE3-9EDD-D44BF3E17145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.14:*:*:*:*:*:*:*",
"matchCriteriaId": "7C22BAF3-7B9C-4B2E-B5C6-1F37B896C301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4AFFAE96-873A-4253-BCC7-1049DA81D9CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D1163535-583A-4504-BE7B-8919143CDF9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "766053F7-A174-4716-BF49-76B50FC79FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D2623F-167A-4976-B757-DAC4CCFAFE64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FAEC4477-D040-450E-A850-8B03C937A600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2848AA51-9AF1-448D-955F-50B5203F7229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7B66BE64-E340-4777-B877-483FEAA66988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F74941A0-97CA-44D4-B55B-9224F051D40F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "46B96764-9241-4586-9FA5-77D8D8EBE3BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48A4B336-2D5B-4D9B-AA87-E5266FED05BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0702A32E-E577-403C-B4D9-15037D7100A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29DC217F-C257-4A3C-9CBD-08010C30BEC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65ED9D8C-604D-4B0B-A192-C0DA4D2E9AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA3CDD3C-DBA6-4BA2-967D-AD746822F3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BDA160D4-5CAB-44E7-880A-59DD98FEAD62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed \"Entry\" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution."
},
{
"lang": "es",
"value": "CVS 1.12.z a 1.12.8, y 1.11.x a 1.11.16, no maneja adecuadamente l\u00edneas \"Entry\" malformadas, lo que impide que un terminador NULL sea usado y puede conducir a una denegaci\u00f3n de servicio (ca\u00edda), modificaci\u00f3n de datos de programa cr\u00edticos, o ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"id": "CVE-2004-0414",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-06T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108716553923643\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200406-06.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-517"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2004-233.html"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10575"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108716553923643\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200406-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2004-233.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10575"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A993"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-06 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cvs | cvs | 1.10.7 | |
| cvs | cvs | 1.10.8 | |
| cvs | cvs | 1.11 | |
| cvs | cvs | 1.11.1 | |
| cvs | cvs | 1.11.1_p1 | |
| cvs | cvs | 1.11.2 | |
| cvs | cvs | 1.11.3 | |
| cvs | cvs | 1.11.4 | |
| cvs | cvs | 1.11.5 | |
| cvs | cvs | 1.11.6 | |
| cvs | cvs | 1.11.10 | |
| cvs | cvs | 1.11.11 | |
| cvs | cvs | 1.11.14 | |
| cvs | cvs | 1.11.15 | |
| cvs | cvs | 1.11.16 | |
| cvs | cvs | 1.12.1 | |
| cvs | cvs | 1.12.2 | |
| cvs | cvs | 1.12.5 | |
| cvs | cvs | 1.12.7 | |
| cvs | cvs | 1.12.8 | |
| openpkg | openpkg | * | |
| openpkg | openpkg | 1.3 | |
| openpkg | openpkg | 2.0 | |
| sgi | propack | 2.4 | |
| sgi | propack | 3.0 | |
| gentoo | linux | 1.4 | |
| openbsd | openbsd | * | |
| openbsd | openbsd | 3.4 | |
| openbsd | openbsd | 3.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F7CA6E-7D45-46C9-A437-0D0C4D3F25CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "62135DD0-140D-42C2-9302-31B5E2DE1A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37B53C85-AA0E-40DD-B477-058586197714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1_p1:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D1234F-1BB0-432B-B7B7-A97E3ADD5561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D472B97-F7C2-4973-9D71-AB3CF1F8774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9D0DCF26-59A8-46AC-99D7-97C203A0D702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B31BAACA-7518-48D2-ADEE-F59F4569D3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2748A8-5047-4338-A08E-986497AE4B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "525C4E91-2186-4D3A-9DF0-1C6A75A3F919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EB231E7F-1A6F-4A79-8ED2-F6CAD311A5A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FF7105E4-25F8-4AE3-9EDD-D44BF3E17145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.14:*:*:*:*:*:*:*",
"matchCriteriaId": "7C22BAF3-7B9C-4B2E-B5C6-1F37B896C301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4AFFAE96-873A-4253-BCC7-1049DA81D9CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D1163535-583A-4504-BE7B-8919143CDF9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "766053F7-A174-4716-BF49-76B50FC79FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D2623F-167A-4976-B757-DAC4CCFAFE64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FAEC4477-D040-450E-A850-8B03C937A600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2848AA51-9AF1-448D-955F-50B5203F7229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7B66BE64-E340-4777-B877-483FEAA66988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F74941A0-97CA-44D4-B55B-9224F051D40F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "46B96764-9241-4586-9FA5-77D8D8EBE3BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48A4B336-2D5B-4D9B-AA87-E5266FED05BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0702A32E-E577-403C-B4D9-15037D7100A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29DC217F-C257-4A3C-9CBD-08010C30BEC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65ED9D8C-604D-4B0B-A192-C0DA4D2E9AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA3CDD3C-DBA6-4BA2-967D-AD746822F3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BDA160D4-5CAB-44E7-880A-59DD98FEAD62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the \"Max-dotdot\" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space."
},
{
"lang": "es",
"value": "Desobordamiento de enteros en la orden de protocolo CVS \"Max-dotdot\" (serve_max_dotdot) en CVS 1.12.x a 1.12.8 y 1.11.x a 1.11.16 puede permitir a atacantes remotos causar una ca\u00edda del servidor, lo que podr\u00eda hacer que datos temporales permanezcan sin detectar y consumir espacio en disco."
}
],
"id": "CVE-2004-0417",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-06T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108716553923643\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200406-06.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-519"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2004-233.html"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1001"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108716553923643\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200406-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2004-233.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11145"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-04-18 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in CVS before 1.11.20 allows remote attackers to execute arbitrary code.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA94DE3-B1DA-40CC-BD60-291B0563500F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A305C6F7-35DA-48E2-B345-14671629226D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F7CA6E-7D45-46C9-A437-0D0C4D3F25CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "62135DD0-140D-42C2-9302-31B5E2DE1A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37B53C85-AA0E-40DD-B477-058586197714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1_p1:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D1234F-1BB0-432B-B7B7-A97E3ADD5561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D472B97-F7C2-4973-9D71-AB3CF1F8774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9D0DCF26-59A8-46AC-99D7-97C203A0D702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B31BAACA-7518-48D2-ADEE-F59F4569D3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2748A8-5047-4338-A08E-986497AE4B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "525C4E91-2186-4D3A-9DF0-1C6A75A3F919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EB231E7F-1A6F-4A79-8ED2-F6CAD311A5A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FF7105E4-25F8-4AE3-9EDD-D44BF3E17145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.14:*:*:*:*:*:*:*",
"matchCriteriaId": "7C22BAF3-7B9C-4B2E-B5C6-1F37B896C301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4AFFAE96-873A-4253-BCC7-1049DA81D9CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D1163535-583A-4504-BE7B-8919143CDF9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in CVS before 1.11.20 allows remote attackers to execute arbitrary code."
}
],
"id": "CVE-2005-0753",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-04-18T04:00:00.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://bugs.gentoo.org/attachment.cgi?id=54352\u0026action=view"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14976/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2005/dsa-742"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200504-16.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_24_cvs.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-387.html"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20148"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://bugs.gentoo.org/attachment.cgi?id=54352\u0026action=view"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14976/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200504-16.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_24_cvs.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-387.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9688"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.debian.org/security/2005/dsa-715 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2005/dsa-715 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA94DE3-B1DA-40CC-BD60-291B0563500F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A305C6F7-35DA-48E2-B345-14671629226D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F7CA6E-7D45-46C9-A437-0D0C4D3F25CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "62135DD0-140D-42C2-9302-31B5E2DE1A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37B53C85-AA0E-40DD-B477-058586197714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1_p1:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D1234F-1BB0-432B-B7B7-A97E3ADD5561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D472B97-F7C2-4973-9D71-AB3CF1F8774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9D0DCF26-59A8-46AC-99D7-97C203A0D702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B31BAACA-7518-48D2-ADEE-F59F4569D3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2748A8-5047-4338-A08E-986497AE4B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "525C4E91-2186-4D3A-9DF0-1C6A75A3F919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EB231E7F-1A6F-4A79-8ED2-F6CAD311A5A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FF7105E4-25F8-4AE3-9EDD-D44BF3E17145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.14:*:*:*:*:*:*:*",
"matchCriteriaId": "7C22BAF3-7B9C-4B2E-B5C6-1F37B896C301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4AFFAE96-873A-4253-BCC7-1049DA81D9CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D1163535-583A-4504-BE7B-8919143CDF9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "36BFAB00-58EA-43B7-93FB-874EF4104C5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash)."
}
],
"id": "CVE-2004-1343",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-715"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-06 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cvs | cvs | 1.10.7 | |
| cvs | cvs | 1.10.8 | |
| cvs | cvs | 1.11 | |
| cvs | cvs | 1.11.1 | |
| cvs | cvs | 1.11.1_p1 | |
| cvs | cvs | 1.11.2 | |
| cvs | cvs | 1.11.3 | |
| cvs | cvs | 1.11.4 | |
| cvs | cvs | 1.11.5 | |
| cvs | cvs | 1.11.6 | |
| cvs | cvs | 1.11.10 | |
| cvs | cvs | 1.11.11 | |
| cvs | cvs | 1.11.14 | |
| cvs | cvs | 1.11.15 | |
| cvs | cvs | 1.11.16 | |
| cvs | cvs | 1.12.1 | |
| cvs | cvs | 1.12.2 | |
| cvs | cvs | 1.12.5 | |
| cvs | cvs | 1.12.7 | |
| cvs | cvs | 1.12.8 | |
| openpkg | openpkg | * | |
| openpkg | openpkg | 1.3 | |
| openpkg | openpkg | 2.0 | |
| sgi | propack | 2.4 | |
| sgi | propack | 3.0 | |
| gentoo | linux | 1.4 | |
| openbsd | openbsd | * | |
| openbsd | openbsd | 3.4 | |
| openbsd | openbsd | 3.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F7CA6E-7D45-46C9-A437-0D0C4D3F25CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "62135DD0-140D-42C2-9302-31B5E2DE1A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37B53C85-AA0E-40DD-B477-058586197714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1_p1:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D1234F-1BB0-432B-B7B7-A97E3ADD5561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D472B97-F7C2-4973-9D71-AB3CF1F8774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9D0DCF26-59A8-46AC-99D7-97C203A0D702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B31BAACA-7518-48D2-ADEE-F59F4569D3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2748A8-5047-4338-A08E-986497AE4B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "525C4E91-2186-4D3A-9DF0-1C6A75A3F919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EB231E7F-1A6F-4A79-8ED2-F6CAD311A5A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FF7105E4-25F8-4AE3-9EDD-D44BF3E17145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.14:*:*:*:*:*:*:*",
"matchCriteriaId": "7C22BAF3-7B9C-4B2E-B5C6-1F37B896C301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4AFFAE96-873A-4253-BCC7-1049DA81D9CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D1163535-583A-4504-BE7B-8919143CDF9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "766053F7-A174-4716-BF49-76B50FC79FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D2623F-167A-4976-B757-DAC4CCFAFE64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FAEC4477-D040-450E-A850-8B03C937A600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2848AA51-9AF1-448D-955F-50B5203F7229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7B66BE64-E340-4777-B877-483FEAA66988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F74941A0-97CA-44D4-B55B-9224F051D40F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "46B96764-9241-4586-9FA5-77D8D8EBE3BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48A4B336-2D5B-4D9B-AA87-E5266FED05BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0702A32E-E577-403C-B4D9-15037D7100A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29DC217F-C257-4A3C-9CBD-08010C30BEC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65ED9D8C-604D-4B0B-A192-C0DA4D2E9AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA3CDD3C-DBA6-4BA2-967D-AD746822F3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BDA160D4-5CAB-44E7-880A-59DD98FEAD62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code."
},
{
"lang": "es",
"value": "Vulnerabilidad de doble liberaci\u00f3n en la cadena error_prog_name en CVS 1.12.x a 1.12.8, y 1.11.x a 1.11.16, puede permitir a atacantes remotos ejecutar c\u00f3digo arbitrario."
}
],
"id": "CVE-2004-0416",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-06T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108716553923643\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200406-06.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-519"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2004-233.html"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10070"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108716553923643\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200406-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2004-233.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A994"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-02-07 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "55C5FC1A-1253-4390-A4FC-573BB14EA937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "44308D13-D935-4FF8-AB52-F0E115ED1AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C001822-FDF8-497C-AC2C-B59A00E9ACD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B86C77AB-B8FF-4376-9B4E-C88417396F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "61EBA52A-2D8B-4FB5-866E-AE67CE1842E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F7CA6E-7D45-46C9-A437-0D0C4D3F25CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "62135DD0-140D-42C2-9302-31B5E2DE1A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37B53C85-AA0E-40DD-B477-058586197714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "DEA5C320-0306-4A15-9AB0-4DCD01F103DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D472B97-F7C2-4973-9D71-AB3CF1F8774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9D0DCF26-59A8-46AC-99D7-97C203A0D702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B31BAACA-7518-48D2-ADEE-F59F4569D3BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands."
},
{
"lang": "es",
"value": "Vulnerabilidad de doble liberaci\u00f3n de memoria en CVS 1.11.4 y anteriores permite a atacantes remotos causar una denegaci\u00f3n de servicio y posiblemente ejecutar c\u00f3digo arbitrario mediante una petici\u00f3n de de directorio mal formada, como ha sido demostrado evitando las comprobaciones de escritura para ejecutar los comandos Update-prog y Checkin-prog."
}
],
"id": "CVE-2003-0015",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-02-07T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51\u0026JServSessionIdservlets=5of2iuhr14"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104333092200589\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104342550612736\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104428571204468\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104438807203491\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2003-013.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.e-matters.de/advisories/012003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2003-02.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.ciac.org/ciac/bulletins/n-032.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2003/dsa-233"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/650937"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-012.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6650"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51\u0026JServSessionIdservlets=5of2iuhr14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104333092200589\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104342550612736\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104428571204468\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104438807203491\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2003-013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.e-matters.de/advisories/012003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2003-02.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ciac.org/ciac/bulletins/n-032.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2003/dsa-233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/650937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11108"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-10-20 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/1524 | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/1524 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org | Exploit, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "62135DD0-140D-42C2-9302-31B5E2DE1A4A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action."
}
],
"id": "CVE-2000-0680",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-10-20T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1524"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-10-20 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/1523 | Exploit, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/1523 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org | Exploit, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "62135DD0-140D-42C2-9302-31B5E2DE1A4A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files."
}
],
"id": "CVE-2000-0679",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-10-20T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1523"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-03-15 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (server crash) via the diff capability.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cvs:cvs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8716B52E-5846-4A35-A12B-001DCFBE92A0",
"versionEndIncluding": "1.10.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (server crash) via the diff capability."
},
{
"lang": "es",
"value": "CVS anteriores a 1.10.8 no inicializa adecudamente una variable global, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda del servidor) mediante la capacidad diff."
}
],
"id": "CVE-2002-0092",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-03-15T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=vuln-dev\u0026m=101422243817321\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=vuln-dev\u0026m=101433077724524\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2002/dsa-117"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/8366.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-026.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4234"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=vuln-dev\u0026m=101422243817321\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=vuln-dev\u0026m=101433077724524\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2002/dsa-117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/8366.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4234"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-08-26 15:50
Modified
2025-04-03 01:03
Severity ?
Summary
cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.12:*:*:*:*:*:*:*",
"matchCriteriaId": "172E2DD8-4493-486E-AE72-A19ED2BE5EDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack."
}
],
"id": "CVE-2005-2693",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-08-26T15:50:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:20.cvsbug.asc"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/16765"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1014857"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2005/dsa-802"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2005/dsa-806"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2005-756.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2005/1667"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166366"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:20.cvsbug.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-756.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/1667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10835"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"lastModified": "2007-03-14T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-06-01 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cvs:cvs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6FCAEE-A0CB-4D8C-A160-F7A1247E9A64",
"versionEndIncluding": "1.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180."
}
],
"id": "CVE-2004-0405",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-06-01T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108636445031613\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200404-13.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-486"
},
{
"source": "cve@mitre.org",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.400181"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15891"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1060"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108636445031613\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200404-13.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-486"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.400181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10818"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-04-27 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.debian.org/security/2005/dsa-715 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2005/dsa-715 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA94DE3-B1DA-40CC-BD60-291B0563500F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A305C6F7-35DA-48E2-B345-14671629226D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F7CA6E-7D45-46C9-A437-0D0C4D3F25CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "62135DD0-140D-42C2-9302-31B5E2DE1A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37B53C85-AA0E-40DD-B477-058586197714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1_p1:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D1234F-1BB0-432B-B7B7-A97E3ADD5561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D472B97-F7C2-4973-9D71-AB3CF1F8774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9D0DCF26-59A8-46AC-99D7-97C203A0D702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B31BAACA-7518-48D2-ADEE-F59F4569D3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2748A8-5047-4338-A08E-986497AE4B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "525C4E91-2186-4D3A-9DF0-1C6A75A3F919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EB231E7F-1A6F-4A79-8ED2-F6CAD311A5A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FF7105E4-25F8-4AE3-9EDD-D44BF3E17145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.14:*:*:*:*:*:*:*",
"matchCriteriaId": "7C22BAF3-7B9C-4B2E-B5C6-1F37B896C301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4AFFAE96-873A-4253-BCC7-1049DA81D9CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D1163535-583A-4504-BE7B-8919143CDF9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "36BFAB00-58EA-43B7-93FB-874EF4104C5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method."
}
],
"id": "CVE-2004-1342",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-04-27T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-715"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-06-14 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "36BFAB00-58EA-43B7-93FB-874EF4104C5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines."
},
{
"lang": "es",
"value": "Desbordamiento basado en la pila en CVS 1.11.X a 1.11.5 y 1.12. a 1.12.7, cuando se usa el mecanismo pserver, permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante lineas de Entradas."
}
],
"id": "CVE-2004-0396",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-06-14T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-008.txt.asc"
},
{
"source": "cve@mitre.org",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0980.html"
},
{
"source": "cve@mitre.org",
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2004/05/msg00219.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021742.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108498454829020\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108500040719512\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108636445031613\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=openbsd-security-announce\u0026m=108508894405639\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11641"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11647"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11651"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11652"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11674"
},
{
"source": "cve@mitre.org",
"url": "http://security.e-matters.de/advisories/072004.html"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200405-12.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.ciac.org/ciac/bulletins/o-147.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-505"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/192038"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:048"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/6305"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-190.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/10384"
},
{
"source": "cve@mitre.org",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.395865"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-147A.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16193"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9058"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A970"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-008.txt.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0980.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2004/05/msg00219.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021742.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108498454829020\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108500040719512\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108636445031613\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=openbsd-security-announce\u0026m=108508894405639\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.e-matters.de/advisories/072004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200405-12.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ciac.org/ciac/bulletins/o-147.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/192038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/6305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-190.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/10384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.395865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-147A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A970"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F7CA6E-7D45-46C9-A437-0D0C4D3F25CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "62135DD0-140D-42C2-9302-31B5E2DE1A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37B53C85-AA0E-40DD-B477-058586197714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.1_p1:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D1234F-1BB0-432B-B7B7-A97E3ADD5561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D472B97-F7C2-4973-9D71-AB3CF1F8774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9D0DCF26-59A8-46AC-99D7-97C203A0D702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B31BAACA-7518-48D2-ADEE-F59F4569D3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2748A8-5047-4338-A08E-986497AE4B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "525C4E91-2186-4D3A-9DF0-1C6A75A3F919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EB231E7F-1A6F-4A79-8ED2-F6CAD311A5A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FF7105E4-25F8-4AE3-9EDD-D44BF3E17145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.14:*:*:*:*:*:*:*",
"matchCriteriaId": "7C22BAF3-7B9C-4B2E-B5C6-1F37B896C301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4AFFAE96-873A-4253-BCC7-1049DA81D9CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.11.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D1163535-583A-4504-BE7B-8919143CDF9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "766053F7-A174-4716-BF49-76B50FC79FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D2623F-167A-4976-B757-DAC4CCFAFE64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FAEC4477-D040-450E-A850-8B03C937A600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2848AA51-9AF1-448D-955F-50B5203F7229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cvs:cvs:1.12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7B66BE64-E340-4777-B877-483FEAA66988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "46B96764-9241-4586-9FA5-77D8D8EBE3BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48A4B336-2D5B-4D9B-AA87-E5266FED05BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:current:*:*:*:*:*:*:*",
"matchCriteriaId": "D342447B-5233-45FD-B1CF-8D84921402AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0702A32E-E577-403C-B4D9-15037D7100A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29DC217F-C257-4A3C-9CBD-08010C30BEC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:freebsd:freebsd:1.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C496B665-70DA-4B98-A5D1-E2935C0CE840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F098C1-D09E-49B4-9B51-E84B6C4EA6CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "34797660-41F5-4358-B70F-2A40DE48F182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "27C9E23D-AB82-4AE1-873E-C5493BB96AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4054D69F-596F-4EB4-BE9A-E2478343F55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CA26ABBE-9973-45FA-9E9B-82170B751219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7891202C-62AF-4590-9E5F-3514FDA2B38E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF8F9B2F-E898-4F87-A245-32A41748587B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "183667CA-6DF1-4BFB-AE32-9ABF55B7283A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EBDDEC3F-52EB-4E1E-84C4-B472600059EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B58E02AE-38B4-466E-BF73-2F0B80AF7BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3928D5CF-6FC0-434C-8A80-ABDBF346C2C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "314BA420-4C74-4060-8ACE-D7A7C041CF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2EAD7613-A5B3-4621-B981-290C7C6B8BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D1CA3337-9BEE-49C5-9EDE-8CDBE5580537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE38C50A-81FE-412E-9717-3672FAE6A6F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.0:releng:*:*:*:*:*:*",
"matchCriteriaId": "A0A3F7B6-2878-40C0-B59C-EBA8D171D2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "263F3734-7076-4EA8-B4C0-F37CFC4E979E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0419DD66-FF66-48BC-AD3B-F6AFD0551E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C3518628-08E5-4AD7-AAF6-A4E38F1CDE2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B982342C-1981-4C55-8044-AFE4D87623DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "47E02BE6-4800-4940-B269-385B66AC5077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.5:stable:*:*:*:*:*:*",
"matchCriteriaId": "0EB09993-B837-4352-B09D-3656F62638A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C283AD7-1C58-4CE8-A6CD-502FFE0B18BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.5.1:release:*:*:*:*:*:*",
"matchCriteriaId": "0361EA35-FBD7-4E8F-8625-C8100ED7BB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.5.1:stable:*:*:*:*:*:*",
"matchCriteriaId": "29EAA113-2404-4ABB-826B-3AA2AA858D02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A585A1-FF82-418F-90F8-072458DB7816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "E3F7EB61-55A5-4776-B0E7-3508920A6CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.0:releng:*:*:*:*:*:*",
"matchCriteriaId": "A442DE97-4485-4D95-B95D-58947585E455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE31DFF8-06AB-489D-A0C5-509C090283B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE1E3D8-2BB1-4FFA-9BC9-7AF347D26190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.1.1:release:*:*:*:*:*:*",
"matchCriteriaId": "1E8A6564-129A-4555-A5ED-6F65C56AE7B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.1.1:stable:*:*:*:*:*:*",
"matchCriteriaId": "237174A4-E030-4A0B-AD0B-5C463603EAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF49BF03-C25E-4737-84D5-892895C86C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.2:stable:*:*:*:*:*:*",
"matchCriteriaId": "5D7F8F11-1869-40E2-8478-28B4E946D3CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2019E0E-426B-43AF-8904-1B811AE171E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.3:release:*:*:*:*:*:*",
"matchCriteriaId": "9062BAB5-D437-49BE-A384-39F62434B70B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.3:release_p38:*:*:*:*:*:*",
"matchCriteriaId": "3BA1504C-14FE-4C21-A801-944041F2946F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.3:releng:*:*:*:*:*:*",
"matchCriteriaId": "21B69535-4FB6-4FAD-AAA6-C790FF82EFAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.3:stable:*:*:*:*:*:*",
"matchCriteriaId": "6E53C673-9D6D-42C8-A502-033E1FC28D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "55C5FC1A-1253-4390-A4FC-573BB14EA937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.4:release_p42:*:*:*:*:*:*",
"matchCriteriaId": "6F4AC452-6042-409D-8673-ACAD108EE3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.4:releng:*:*:*:*:*:*",
"matchCriteriaId": "2FE1009B-371A-48E2-A456-935A1F0B7D0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.4:stable:*:*:*:*:*:*",
"matchCriteriaId": "C844A170-B5A7-4703-AF3B-67366D44EA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "44308D13-D935-4FF8-AB52-F0E115ED1AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.5:release:*:*:*:*:*:*",
"matchCriteriaId": "3D41CB12-7894-4D25-80EC-23C56171D973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.5:release_p32:*:*:*:*:*:*",
"matchCriteriaId": "9BCD9C12-EDAB-473F-9CC5-04F06B413720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.5:releng:*:*:*:*:*:*",
"matchCriteriaId": "58EBC5C8-5CA8-4881-A036-179FDEBA3CA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.5:stable:*:*:*:*:*:*",
"matchCriteriaId": "09789843-6A1A-4CDB-97E8-89E82B79DDB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C001822-FDF8-497C-AC2C-B59A00E9ACD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.6:release:*:*:*:*:*:*",
"matchCriteriaId": "118211EF-CED7-4EB5-9669-F54C8169D4AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.6:release_p20:*:*:*:*:*:*",
"matchCriteriaId": "58288F0F-B4CE-445C-AD93-DA73E3AD6FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.6:releng:*:*:*:*:*:*",
"matchCriteriaId": "CC96FBA9-6A65-4CC7-BE68-ADAF450ABE21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.6:stable:*:*:*:*:*:*",
"matchCriteriaId": "9A405AE2-ECC4-4BB0-80DD-4736394FB217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4AB4AD26-6AF2-4F3A-B602-F231FAABA73E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B86C77AB-B8FF-4376-9B4E-C88417396F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.7:release:*:*:*:*:*:*",
"matchCriteriaId": "E5612FB0-8403-4A7E-B89A-D7BDFAC00078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.7:release_p17:*:*:*:*:*:*",
"matchCriteriaId": "FA699BB4-94AA-40E6-A6B6-33E3D416CDA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.7:releng:*:*:*:*:*:*",
"matchCriteriaId": "AFDA151E-E614-4A24-A34D-B6D5309110CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.7:stable:*:*:*:*:*:*",
"matchCriteriaId": "A7818E11-1BEB-4DAA-BA7A-A278454BA4B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "441BE3A0-20F4-4972-B279-19B3DB5FA14D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.8:pre-release:*:*:*:*:*:*",
"matchCriteriaId": "09BFA20B-2F31-4246-8F74-63DF1DB884EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.8:release_p6:*:*:*:*:*:*",
"matchCriteriaId": "5F3B4BA2-8A61-4F9A-8E46-7FA80E7F5514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.8:releng:*:*:*:*:*:*",
"matchCriteriaId": "2D33C6EF-DBE1-4943-83E4-1F10670DAC6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "00EAEA17-033A-4A50-8E39-D61154876D2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.9:pre-release:*:*:*:*:*:*",
"matchCriteriaId": "4AE93D3D-34B4-47B7-A784-61F4479FF5A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.9:releng:*:*:*:*:*:*",
"matchCriteriaId": "E6288144-0CD7-45B6-B5A7-09B1DF14FBE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9FFD9D1C-A459-47AD-BC62-15631417A32F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.10:release:*:*:*:*:*:*",
"matchCriteriaId": "4ECDEC87-0132-46B6-BD9B-A94F9B669EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.10:releng:*:*:*:*:*:*",
"matchCriteriaId": "43E84296-9B5C-4623-A2C4-431D76FC2765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "61EBA52A-2D8B-4FB5-866E-AE67CE1842E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "3B13D898-C1B6-44B9-8432-7DDB8A380E9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.0:release_p14:*:*:*:*:*:*",
"matchCriteriaId": "51A612F6-E4EB-4E34-8F55-79E16C74758E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.0:releng:*:*:*:*:*:*",
"matchCriteriaId": "5C19B266-8FE7-49ED-8678-2D522257491D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EE93350-92E6-4F5C-A14C-9993CFFDBCD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.1:alpha:*:*:*:*:*:*",
"matchCriteriaId": "15C4D826-A419-45F5-B91C-1445DB480916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.1:release:*:*:*:*:*:*",
"matchCriteriaId": "0D9F2B04-A1F2-4788-A53D-C8274A758DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.1:release_p5:*:*:*:*:*:*",
"matchCriteriaId": "FEC7B38F-C6FB-4213-AE18-2D039A4D8E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.1:releng:*:*:*:*:*:*",
"matchCriteriaId": "9A5309ED-D84F-4F52-9864-5B0FEEEE5022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7C441E-444B-4DF5-8491-86805C70FB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.2.1:release:*:*:*:*:*:*",
"matchCriteriaId": "C9CCE8F3-84EE-4571-8AAA-BF2D132E9BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.2.1:releng:*:*:*:*:*:*",
"matchCriteriaId": "8E4BC012-ADE4-468F-9A25-261CD8055694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65ED9D8C-604D-4B0B-A192-C0DA4D2E9AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BDA160D4-5CAB-44E7-880A-59DD98FEAD62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:current:*:*:*:*:*:*:*",
"matchCriteriaId": "0370727F-1E37-4B82-8969-A2AC644632E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line."
}
],
"evaluatorImpact": "Failed exploit attempts will likely cause a denial of service condition.",
"id": "CVE-2004-1471",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:14.cvs.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
},
{
"source": "cve@mitre.org",
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10499"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:14.cvs.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16365"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2002-0092 (GCVE-0-2002-0092)
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 02:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (server crash) via the diff capability.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/4234 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=vuln-dev&m=101422243817321&w=2 | mailing-list, x_refsource_VULN-DEV | |
| http://marc.info/?l=vuln-dev&m=101433077724524&w=2 | mailing-list, x_refsource_VULN-DEV | |
| http://www.redhat.com/support/errata/RHSA-2002-026.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.iss.net/security_center/static/8366.php | vdb-entry, x_refsource_XF | |
| http://www.debian.org/security/2002/dsa-117 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4234",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4234"
},
{
"name": "20020220 Help needed with bufferoverflow in cvs",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV",
"x_transferred"
],
"url": "http://marc.info/?l=vuln-dev\u0026m=101422243817321\u0026w=2"
},
{
"name": "20020220 Re: [Fwd: Help needed with bufferoverflow in cvs]",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV",
"x_transferred"
],
"url": "http://marc.info/?l=vuln-dev\u0026m=101433077724524\u0026w=2"
},
{
"name": "RHSA-2002:026",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-026.html"
},
{
"name": "cvs-global-var-dos(8366)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8366.php"
},
{
"name": "DSA-117",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-117"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (server crash) via the diff capability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-06-16T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4234",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4234"
},
{
"name": "20020220 Help needed with bufferoverflow in cvs",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV"
],
"url": "http://marc.info/?l=vuln-dev\u0026m=101422243817321\u0026w=2"
},
{
"name": "20020220 Re: [Fwd: Help needed with bufferoverflow in cvs]",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV"
],
"url": "http://marc.info/?l=vuln-dev\u0026m=101433077724524\u0026w=2"
},
{
"name": "RHSA-2002:026",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-026.html"
},
{
"name": "cvs-global-var-dos(8366)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8366.php"
},
{
"name": "DSA-117",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-117"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (server crash) via the diff capability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4234",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4234"
},
{
"name": "20020220 Help needed with bufferoverflow in cvs",
"refsource": "VULN-DEV",
"url": "http://marc.info/?l=vuln-dev\u0026m=101422243817321\u0026w=2"
},
{
"name": "20020220 Re: [Fwd: Help needed with bufferoverflow in cvs]",
"refsource": "VULN-DEV",
"url": "http://marc.info/?l=vuln-dev\u0026m=101433077724524\u0026w=2"
},
{
"name": "RHSA-2002:026",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-026.html"
},
{
"name": "cvs-global-var-dos(8366)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8366.php"
},
{
"name": "DSA-117",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-117"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0092",
"datePublished": "2002-06-25T04:00:00",
"dateReserved": "2002-03-08T00:00:00",
"dateUpdated": "2024-08-08T02:35:17.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1471 (GCVE-0-2004-1471)
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.e-matters.de/advisories/092004.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/10499 | vdb-entry, x_refsource_BID | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:14.cvs.asc | vendor-advisory, x_refsource_FREEBSD | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16365 | vdb-entry, x_refsource_XF | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:23.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"name": "10499",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10499"
},
{
"name": "FreeBSD-SA-04:14",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:14.cvs.asc"
},
{
"name": "cvs-wrapper-format-string(16365)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16365"
},
{
"name": "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"name": "10499",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10499"
},
{
"name": "FreeBSD-SA-04:14",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:14.cvs.asc"
},
{
"name": "cvs-wrapper-format-string(16365)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16365"
},
{
"name": "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.e-matters.de/advisories/092004.html",
"refsource": "MISC",
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"name": "10499",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10499"
},
{
"name": "FreeBSD-SA-04:14",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:14.cvs.asc"
},
{
"name": "cvs-wrapper-format-string(16365)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16365"
},
{
"name": "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1471",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2005-02-13T00:00:00",
"dateUpdated": "2024-08-08T00:53:23.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0680 (GCVE-0-2000-0680)
Vulnerability from cvelistv5
Published
2000-09-21 04:00
Modified
2024-08-08 05:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/1524 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:28:40.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20000728 cvs security problem",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org"
},
{
"name": "1524",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20000728 cvs security problem",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org"
},
{
"name": "1524",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0680",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000728 cvs security problem",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org"
},
{
"name": "1524",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0680",
"datePublished": "2000-09-21T04:00:00",
"dateReserved": "2000-09-19T00:00:00",
"dateUpdated": "2024-08-08T05:28:40.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0416 (GCVE-0-2004-0416)
Vulnerability from cvelistv5
Published
2004-06-11 04:00
Modified
2024-08-08 00:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:14.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-519"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"name": "20040605-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"name": "20040611 [OpenPKG-SA-2004.027] OpenPKG Security Advisory (cvs)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108716553923643\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:10070",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10070"
},
{
"name": "RHSA-2004:233",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-233.html"
},
{
"name": "MDKSA-2004:058",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058"
},
{
"name": "GLSA-200406-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200406-06.xml"
},
{
"name": "20040604-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"name": "oval:org.mitre.oval:def:994",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A994"
},
{
"name": "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-519"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"name": "20040605-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"name": "20040611 [OpenPKG-SA-2004.027] OpenPKG Security Advisory (cvs)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108716553923643\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:10070",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10070"
},
{
"name": "RHSA-2004:233",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-233.html"
},
{
"name": "MDKSA-2004:058",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058"
},
{
"name": "GLSA-200406-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200406-06.xml"
},
{
"name": "20040604-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"name": "oval:org.mitre.oval:def:994",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A994"
},
{
"name": "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-519",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-519"
},
{
"name": "http://security.e-matters.de/advisories/092004.html",
"refsource": "MISC",
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"name": "20040605-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"name": "20040611 [OpenPKG-SA-2004.027] OpenPKG Security Advisory (cvs)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108716553923643\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:10070",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10070"
},
{
"name": "RHSA-2004:233",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-233.html"
},
{
"name": "MDKSA-2004:058",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058"
},
{
"name": "GLSA-200406-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200406-06.xml"
},
{
"name": "20040604-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"name": "oval:org.mitre.oval:def:994",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A994"
},
{
"name": "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0416",
"datePublished": "2004-06-11T04:00:00",
"dateReserved": "2004-04-16T00:00:00",
"dateUpdated": "2024-08-08T00:17:14.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0396 (GCVE-0-2004-0396)
Vulnerability from cvelistv5
Published
2004-05-20 04:00
Modified
2024-08-08 00:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:14.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11641",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11641"
},
{
"name": "11652",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11652"
},
{
"name": "oval:org.mitre.oval:def:970",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A970"
},
{
"name": "20040519 [OpenPKG-SA-2004.022] OpenPKG Security Advisory (cvs)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108500040719512\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:9058",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9058"
},
{
"name": "MDKSA-2004:048",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:048"
},
{
"name": "20040519 Advisory 07/2004: CVS remote vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2004/05/msg00219.html"
},
{
"name": "20040520 cvs server buffer overflow vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD",
"x_transferred"
],
"url": "http://marc.info/?l=openbsd-security-announce\u0026m=108508894405639\u0026w=2"
},
{
"name": "FreeBSD-SA-04:10",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc"
},
{
"name": "RHSA-2004:190",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-190.html"
},
{
"name": "11674",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11674"
},
{
"name": "GLSA-200405-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200405-12.xml"
},
{
"name": "11651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11651"
},
{
"name": "6305",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6305"
},
{
"name": "TA04-147A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-147A.html"
},
{
"name": "O-147",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/o-147.shtml"
},
{
"name": "20040519 Advisory 07/2004: CVS remote vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108498454829020\u0026w=2"
},
{
"name": "11647",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11647"
},
{
"name": "FEDORA-2004-1620",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108636445031613\u0026w=2"
},
{
"name": "VU#192038",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/192038"
},
{
"name": "20040519 Advisory 07/2004: CVS remote vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0980.html"
},
{
"name": "DSA-505",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-505"
},
{
"name": "cvs-entry-line-bo(16193)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16193"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.e-matters.de/advisories/072004.html"
},
{
"name": "SSA:2004-140-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.395865"
},
{
"name": "NetBSD-SA2004-008",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-008.txt.asc"
},
{
"name": "10384",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10384"
},
{
"name": "SuSE-SA:2004:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021742.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11641",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11641"
},
{
"name": "11652",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11652"
},
{
"name": "oval:org.mitre.oval:def:970",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A970"
},
{
"name": "20040519 [OpenPKG-SA-2004.022] OpenPKG Security Advisory (cvs)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108500040719512\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:9058",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9058"
},
{
"name": "MDKSA-2004:048",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:048"
},
{
"name": "20040519 Advisory 07/2004: CVS remote vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2004/05/msg00219.html"
},
{
"name": "20040520 cvs server buffer overflow vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD"
],
"url": "http://marc.info/?l=openbsd-security-announce\u0026m=108508894405639\u0026w=2"
},
{
"name": "FreeBSD-SA-04:10",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc"
},
{
"name": "RHSA-2004:190",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-190.html"
},
{
"name": "11674",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11674"
},
{
"name": "GLSA-200405-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200405-12.xml"
},
{
"name": "11651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11651"
},
{
"name": "6305",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6305"
},
{
"name": "TA04-147A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-147A.html"
},
{
"name": "O-147",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/o-147.shtml"
},
{
"name": "20040519 Advisory 07/2004: CVS remote vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108498454829020\u0026w=2"
},
{
"name": "11647",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11647"
},
{
"name": "FEDORA-2004-1620",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108636445031613\u0026w=2"
},
{
"name": "VU#192038",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/192038"
},
{
"name": "20040519 Advisory 07/2004: CVS remote vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0980.html"
},
{
"name": "DSA-505",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-505"
},
{
"name": "cvs-entry-line-bo(16193)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16193"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.e-matters.de/advisories/072004.html"
},
{
"name": "SSA:2004-140-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.395865"
},
{
"name": "NetBSD-SA2004-008",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-008.txt.asc"
},
{
"name": "10384",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10384"
},
{
"name": "SuSE-SA:2004:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021742.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11641",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11641"
},
{
"name": "11652",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11652"
},
{
"name": "oval:org.mitre.oval:def:970",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A970"
},
{
"name": "20040519 [OpenPKG-SA-2004.022] OpenPKG Security Advisory (cvs)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108500040719512\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:9058",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9058"
},
{
"name": "MDKSA-2004:048",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:048"
},
{
"name": "20040519 Advisory 07/2004: CVS remote vulnerability",
"refsource": "BUGTRAQ",
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2004/05/msg00219.html"
},
{
"name": "20040520 cvs server buffer overflow vulnerability",
"refsource": "OPENBSD",
"url": "http://marc.info/?l=openbsd-security-announce\u0026m=108508894405639\u0026w=2"
},
{
"name": "FreeBSD-SA-04:10",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc"
},
{
"name": "RHSA-2004:190",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-190.html"
},
{
"name": "11674",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11674"
},
{
"name": "GLSA-200405-12",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200405-12.xml"
},
{
"name": "11651",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11651"
},
{
"name": "6305",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6305"
},
{
"name": "TA04-147A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-147A.html"
},
{
"name": "O-147",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-147.shtml"
},
{
"name": "20040519 Advisory 07/2004: CVS remote vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108498454829020\u0026w=2"
},
{
"name": "11647",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11647"
},
{
"name": "FEDORA-2004-1620",
"refsource": "FEDORA",
"url": "http://marc.info/?l=bugtraq\u0026m=108636445031613\u0026w=2"
},
{
"name": "VU#192038",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/192038"
},
{
"name": "20040519 Advisory 07/2004: CVS remote vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0980.html"
},
{
"name": "DSA-505",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-505"
},
{
"name": "cvs-entry-line-bo(16193)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16193"
},
{
"name": "http://security.e-matters.de/advisories/072004.html",
"refsource": "MISC",
"url": "http://security.e-matters.de/advisories/072004.html"
},
{
"name": "SSA:2004-140-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.395865"
},
{
"name": "NetBSD-SA2004-008",
"refsource": "NETBSD",
"url": "ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-008.txt.asc"
},
{
"name": "10384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10384"
},
{
"name": "SuSE-SA:2004:013",
"refsource": "SUSE",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021742.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0396",
"datePublished": "2004-05-20T04:00:00",
"dateReserved": "2004-04-13T00:00:00",
"dateUpdated": "2024-08-08T00:17:14.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0977 (GCVE-0-2003-0977)
Vulnerability from cvelistv5
Published
2003-12-10 05:00
Modified
2024-08-08 02:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:12:35.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:855",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855"
},
{
"name": "20040202-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc"
},
{
"name": "20040129 [FLSA-2004:1207] Updated cvs resolves security vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107540163908129\u0026w=2"
},
{
"name": "MDKSA-2003:112",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:112"
},
{
"name": "oval:org.mitre.oval:def:866",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866"
},
{
"name": "DSA-422",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-422"
},
{
"name": "RHSA-2004:003",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-003.html"
},
{
"name": "10601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10601"
},
{
"name": "oval:org.mitre.oval:def:11528",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528"
},
{
"name": "20031217 [OpenPKG-SA-2003.052] OpenPKG Security Advisory (cvs)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107168035515554\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84\u0026JServSessionIdservlets=8u3x1myav1"
},
{
"name": "20040103-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc"
},
{
"name": "CLA-2004:808",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000808"
},
{
"name": "RHSA-2004:004",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-004.html"
},
{
"name": "cvs-module-file-manipulation(13929)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13929"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-12-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:855",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855"
},
{
"name": "20040202-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc"
},
{
"name": "20040129 [FLSA-2004:1207] Updated cvs resolves security vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107540163908129\u0026w=2"
},
{
"name": "MDKSA-2003:112",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:112"
},
{
"name": "oval:org.mitre.oval:def:866",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866"
},
{
"name": "DSA-422",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-422"
},
{
"name": "RHSA-2004:003",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-003.html"
},
{
"name": "10601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10601"
},
{
"name": "oval:org.mitre.oval:def:11528",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528"
},
{
"name": "20031217 [OpenPKG-SA-2003.052] OpenPKG Security Advisory (cvs)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107168035515554\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84\u0026JServSessionIdservlets=8u3x1myav1"
},
{
"name": "20040103-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc"
},
{
"name": "CLA-2004:808",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000808"
},
{
"name": "RHSA-2004:004",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-004.html"
},
{
"name": "cvs-module-file-manipulation(13929)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13929"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:855",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855"
},
{
"name": "20040202-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc"
},
{
"name": "20040129 [FLSA-2004:1207] Updated cvs resolves security vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107540163908129\u0026w=2"
},
{
"name": "MDKSA-2003:112",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:112"
},
{
"name": "oval:org.mitre.oval:def:866",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866"
},
{
"name": "DSA-422",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-422"
},
{
"name": "RHSA-2004:003",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-003.html"
},
{
"name": "10601",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10601"
},
{
"name": "oval:org.mitre.oval:def:11528",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528"
},
{
"name": "20031217 [OpenPKG-SA-2003.052] OpenPKG Security Advisory (cvs)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107168035515554\u0026w=2"
},
{
"name": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84\u0026JServSessionIdservlets=8u3x1myav1",
"refsource": "CONFIRM",
"url": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84\u0026JServSessionIdservlets=8u3x1myav1"
},
{
"name": "20040103-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc"
},
{
"name": "CLA-2004:808",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000808"
},
{
"name": "RHSA-2004:004",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-004.html"
},
{
"name": "cvs-module-file-manipulation(13929)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13929"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0977",
"datePublished": "2003-12-10T05:00:00",
"dateReserved": "2003-12-09T00:00:00",
"dateUpdated": "2024-08-08T02:12:35.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2693 (GCVE-0-2005-2693)
Vulnerability from cvelistv5
Published
2005-08-25 04:00
Modified
2024-08-07 22:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2005/1667 | vdb-entry, x_refsource_VUPEN | |
| https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166366 | x_refsource_CONFIRM | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:20.cvsbug.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.redhat.com/support/errata/RHSA-2005-756.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/16765 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1014857 | vdb-entry, x_refsource_SECTRACK | |
| http://www.debian.org/security/2005/dsa-802 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.debian.org/security/2005/dsa-806 | vendor-advisory, x_refsource_DEBIAN | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10835 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:01.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2005-1667",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/1667"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166366"
},
{
"name": "FreeBSD-SA-05:20",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:20.cvsbug.asc"
},
{
"name": "RHSA-2005:756",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-756.html"
},
{
"name": "16765",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16765"
},
{
"name": "1014857",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014857"
},
{
"name": "DSA-802",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-802"
},
{
"name": "DSA-806",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-806"
},
{
"name": "oval:org.mitre.oval:def:10835",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10835"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2005-1667",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/1667"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166366"
},
{
"name": "FreeBSD-SA-05:20",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:20.cvsbug.asc"
},
{
"name": "RHSA-2005:756",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-756.html"
},
{
"name": "16765",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16765"
},
{
"name": "1014857",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014857"
},
{
"name": "DSA-802",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-802"
},
{
"name": "DSA-806",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-806"
},
{
"name": "oval:org.mitre.oval:def:10835",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10835"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-2693",
"datePublished": "2005-08-25T04:00:00",
"dateReserved": "2005-08-25T00:00:00",
"dateUpdated": "2024-08-07T22:45:01.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0015 (GCVE-0-2003-0015)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 01:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2003:012",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-012.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51\u0026JServSessionIdservlets=5of2iuhr14"
},
{
"name": "20030124 Test program for CVS double-free.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104342550612736\u0026w=2"
},
{
"name": "MDKSA-2003:009",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009"
},
{
"name": "FreeBSD-SA-03:01",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104438807203491\u0026w=2"
},
{
"name": "6650",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6650"
},
{
"name": "cvs-doublefree-memory-corruption(11108)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11108"
},
{
"name": "20030122 [security@slackware.com: [slackware-security] New CVS packages available]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104333092200589\u0026w=2"
},
{
"name": "RHSA-2003:013",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2003-013.html"
},
{
"name": "20030202 Exploit for CVS double free() for Linux pserver",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104428571204468\u0026w=2"
},
{
"name": "DSA-233",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-233"
},
{
"name": "VU#650937",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/650937"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.e-matters.de/advisories/012003.html"
},
{
"name": "CA-2003-02",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2003-02.html"
},
{
"name": "N-032",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/n-032.shtml"
},
{
"name": "20030120 Advisory 01/2003: CVS remote vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-29T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2003:012",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-012.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51\u0026JServSessionIdservlets=5of2iuhr14"
},
{
"name": "20030124 Test program for CVS double-free.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104342550612736\u0026w=2"
},
{
"name": "MDKSA-2003:009",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009"
},
{
"name": "FreeBSD-SA-03:01",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104438807203491\u0026w=2"
},
{
"name": "6650",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6650"
},
{
"name": "cvs-doublefree-memory-corruption(11108)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11108"
},
{
"name": "20030122 [security@slackware.com: [slackware-security] New CVS packages available]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104333092200589\u0026w=2"
},
{
"name": "RHSA-2003:013",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2003-013.html"
},
{
"name": "20030202 Exploit for CVS double free() for Linux pserver",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104428571204468\u0026w=2"
},
{
"name": "DSA-233",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-233"
},
{
"name": "VU#650937",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/650937"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.e-matters.de/advisories/012003.html"
},
{
"name": "CA-2003-02",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2003-02.html"
},
{
"name": "N-032",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/n-032.shtml"
},
{
"name": "20030120 Advisory 01/2003: CVS remote vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2003:012",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-012.html"
},
{
"name": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51\u0026JServSessionIdservlets=5of2iuhr14",
"refsource": "CONFIRM",
"url": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51\u0026JServSessionIdservlets=5of2iuhr14"
},
{
"name": "20030124 Test program for CVS double-free.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104342550612736\u0026w=2"
},
{
"name": "MDKSA-2003:009",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009"
},
{
"name": "FreeBSD-SA-03:01",
"refsource": "FREEBSD",
"url": "http://marc.info/?l=bugtraq\u0026m=104438807203491\u0026w=2"
},
{
"name": "6650",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6650"
},
{
"name": "cvs-doublefree-memory-corruption(11108)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11108"
},
{
"name": "20030122 [security@slackware.com: [slackware-security] New CVS packages available]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104333092200589\u0026w=2"
},
{
"name": "RHSA-2003:013",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2003-013.html"
},
{
"name": "20030202 Exploit for CVS double free() for Linux pserver",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104428571204468\u0026w=2"
},
{
"name": "DSA-233",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-233"
},
{
"name": "VU#650937",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/650937"
},
{
"name": "http://security.e-matters.de/advisories/012003.html",
"refsource": "MISC",
"url": "http://security.e-matters.de/advisories/012003.html"
},
{
"name": "CA-2003-02",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2003-02.html"
},
{
"name": "N-032",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/n-032.shtml"
},
{
"name": "20030120 Advisory 01/2003: CVS remote vulnerability",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0015",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2003-01-07T00:00:00",
"dateUpdated": "2024-08-08T01:36:25.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0804 (GCVE-0-2012-0804)
Vulnerability from cvelistv5
Published
2012-05-29 20:00
Modified
2024-08-06 18:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:14.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2012:0310",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-02/msg00064.html"
},
{
"name": "1026719",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026719"
},
{
"name": "48150",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48150"
},
{
"name": "cvs-proxyconnect-bo(73097)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73097"
},
{
"name": "RHSA-2012:0321",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0321.html"
},
{
"name": "MDVSA-2012:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:044"
},
{
"name": "78987",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/78987"
},
{
"name": "48142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48142"
},
{
"name": "USN-1371-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1371-1"
},
{
"name": "47869",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47869"
},
{
"name": "GLSA-201701-44",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-44"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=784141"
},
{
"name": "DSA-2407",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2407"
},
{
"name": "51943",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51943"
},
{
"name": "48063",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48063"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2012:0310",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-02/msg00064.html"
},
{
"name": "1026719",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026719"
},
{
"name": "48150",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48150"
},
{
"name": "cvs-proxyconnect-bo(73097)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73097"
},
{
"name": "RHSA-2012:0321",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0321.html"
},
{
"name": "MDVSA-2012:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:044"
},
{
"name": "78987",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/78987"
},
{
"name": "48142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48142"
},
{
"name": "USN-1371-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1371-1"
},
{
"name": "47869",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47869"
},
{
"name": "GLSA-201701-44",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-44"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=784141"
},
{
"name": "DSA-2407",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2407"
},
{
"name": "51943",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51943"
},
{
"name": "48063",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48063"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0804",
"datePublished": "2012-05-29T20:00:00",
"dateReserved": "2012-01-19T00:00:00",
"dateUpdated": "2024-08-06T18:38:14.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0679 (GCVE-0-2000-0679)
Vulnerability from cvelistv5
Published
2001-01-22 05:00
Modified
2024-08-08 05:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/1523 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:28:41.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20000728 cvs security problem",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org"
},
{
"name": "1523",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1523"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20000728 cvs security problem",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org"
},
{
"name": "1523",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1523"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000728 cvs security problem",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org"
},
{
"name": "1523",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1523"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0679",
"datePublished": "2001-01-22T05:00:00",
"dateReserved": "2000-09-19T00:00:00",
"dateUpdated": "2024-08-08T05:28:41.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0753 (GCVE-0-2005-0753)
Vulnerability from cvelistv5
Published
2005-04-21 04:00
Modified
2024-08-07 21:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in CVS before 1.11.20 allows remote attackers to execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| http://bugs.gentoo.org/attachment.cgi?id=54352&action=view | x_refsource_MISC | |
| http://www.debian.org/security/2005/dsa-742 | vendor-advisory, x_refsource_DEBIAN | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9688 | vdb-entry, signature, x_refsource_OVAL | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/20148 | vdb-entry, x_refsource_XF | |
| http://www.novell.com/linux/security/advisories/2005_24_cvs.html | vendor-advisory, x_refsource_SUSE | |
| http://www.gentoo.org/security/en/glsa/glsa-200504-16.xml | vendor-advisory, x_refsource_GENTOO | |
| http://secunia.com/advisories/14976/ | third-party-advisory, x_refsource_SECUNIA | |
| http://www.redhat.com/support/errata/RHSA-2005-387.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:28:27.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.gentoo.org/attachment.cgi?id=54352\u0026action=view"
},
{
"name": "DSA-742",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-742"
},
{
"name": "oval:org.mitre.oval:def:9688",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9688"
},
{
"name": "cvs-bo(20148)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20148"
},
{
"name": "SUSE-SA:2005:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_24_cvs.html"
},
{
"name": "GLSA-200504-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200504-16.xml"
},
{
"name": "14976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14976/"
},
{
"name": "RHSA-2005:387",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-387.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in CVS before 1.11.20 allows remote attackers to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.gentoo.org/attachment.cgi?id=54352\u0026action=view"
},
{
"name": "DSA-742",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-742"
},
{
"name": "oval:org.mitre.oval:def:9688",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9688"
},
{
"name": "cvs-bo(20148)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20148"
},
{
"name": "SUSE-SA:2005:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_24_cvs.html"
},
{
"name": "GLSA-200504-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200504-16.xml"
},
{
"name": "14976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14976/"
},
{
"name": "RHSA-2005:387",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-387.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-0753",
"datePublished": "2005-04-21T04:00:00",
"dateReserved": "2005-03-17T00:00:00",
"dateUpdated": "2024-08-07T21:28:27.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0417 (GCVE-0-2004-0417)
Vulnerability from cvelistv5
Published
2004-06-11 04:00
Modified
2024-08-08 00:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11145 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.debian.org/security/2004/dsa-519 | vendor-advisory, x_refsource_DEBIAN | |
| http://security.e-matters.de/advisories/092004.html | x_refsource_MISC | |
| ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc | vendor-advisory, x_refsource_SGI | |
| http://marc.info/?l=bugtraq&m=108716553923643&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.redhat.com/support/errata/RHSA-2004-233.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2004:058 | vendor-advisory, x_refsource_MANDRAKE | |
| http://security.gentoo.org/glsa/glsa-200406-06.xml | vendor-advisory, x_refsource_GENTOO | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1001 | vdb-entry, signature, x_refsource_OVAL | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:14.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:11145",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11145"
},
{
"name": "DSA-519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-519"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"name": "20040605-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"name": "20040611 [OpenPKG-SA-2004.027] OpenPKG Security Advisory (cvs)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108716553923643\u0026w=2"
},
{
"name": "RHSA-2004:233",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-233.html"
},
{
"name": "MDKSA-2004:058",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058"
},
{
"name": "GLSA-200406-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200406-06.xml"
},
{
"name": "oval:org.mitre.oval:def:1001",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1001"
},
{
"name": "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the \"Max-dotdot\" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:11145",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11145"
},
{
"name": "DSA-519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-519"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"name": "20040605-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"name": "20040611 [OpenPKG-SA-2004.027] OpenPKG Security Advisory (cvs)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108716553923643\u0026w=2"
},
{
"name": "RHSA-2004:233",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-233.html"
},
{
"name": "MDKSA-2004:058",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058"
},
{
"name": "GLSA-200406-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200406-06.xml"
},
{
"name": "oval:org.mitre.oval:def:1001",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1001"
},
{
"name": "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the \"Max-dotdot\" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:11145",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11145"
},
{
"name": "DSA-519",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-519"
},
{
"name": "http://security.e-matters.de/advisories/092004.html",
"refsource": "MISC",
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"name": "20040605-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"name": "20040611 [OpenPKG-SA-2004.027] OpenPKG Security Advisory (cvs)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108716553923643\u0026w=2"
},
{
"name": "RHSA-2004:233",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-233.html"
},
{
"name": "MDKSA-2004:058",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058"
},
{
"name": "GLSA-200406-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200406-06.xml"
},
{
"name": "oval:org.mitre.oval:def:1001",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1001"
},
{
"name": "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0417",
"datePublished": "2004-06-11T04:00:00",
"dateReserved": "2004-04-16T00:00:00",
"dateUpdated": "2024-08-08T00:17:14.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0405 (GCVE-0-2004-0405)
Vulnerability from cvelistv5
Published
2004-04-17 04:00
Modified
2024-08-08 00:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180.
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1060 | vdb-entry, signature, x_refsource_OVAL | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15891 | vdb-entry, x_refsource_XF | |
| http://www.debian.org/security/2004/dsa-486 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.400181 | vendor-advisory, x_refsource_SLACKWARE | |
| ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc | vendor-advisory, x_refsource_SGI | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://security.gentoo.org/glsa/glsa-200404-13.xml | vendor-advisory, x_refsource_GENTOO | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10818 | vdb-entry, signature, x_refsource_OVAL | |
| http://marc.info/?l=bugtraq&m=108636445031613&w=2 | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:14.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:1060",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1060"
},
{
"name": "cvs-dotdot-directory-traversal(15891)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15891"
},
{
"name": "DSA-486",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-486"
},
{
"name": "SSA:2004-108-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.400181"
},
{
"name": "20040404-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc"
},
{
"name": "FreeBSD-SA-04:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc"
},
{
"name": "GLSA-200404-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200404-13.xml"
},
{
"name": "oval:org.mitre.oval:def:10818",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10818"
},
{
"name": "FEDORA-2004-1620",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108636445031613\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:1060",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1060"
},
{
"name": "cvs-dotdot-directory-traversal(15891)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15891"
},
{
"name": "DSA-486",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-486"
},
{
"name": "SSA:2004-108-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.400181"
},
{
"name": "20040404-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc"
},
{
"name": "FreeBSD-SA-04:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc"
},
{
"name": "GLSA-200404-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200404-13.xml"
},
{
"name": "oval:org.mitre.oval:def:10818",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10818"
},
{
"name": "FEDORA-2004-1620",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108636445031613\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:1060",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1060"
},
{
"name": "cvs-dotdot-directory-traversal(15891)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15891"
},
{
"name": "DSA-486",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-486"
},
{
"name": "SSA:2004-108-02",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.400181"
},
{
"name": "20040404-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc"
},
{
"name": "FreeBSD-SA-04:07",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc"
},
{
"name": "GLSA-200404-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200404-13.xml"
},
{
"name": "oval:org.mitre.oval:def:10818",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10818"
},
{
"name": "FEDORA-2004-1620",
"refsource": "FEDORA",
"url": "http://marc.info/?l=bugtraq\u0026m=108636445031613\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0405",
"datePublished": "2004-04-17T04:00:00",
"dateReserved": "2004-04-16T00:00:00",
"dateUpdated": "2024-08-08T00:17:14.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0414 (GCVE-0-2004-0414)
Vulnerability from cvelistv5
Published
2004-06-11 04:00
Modified
2024-08-08 00:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:14.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:10575",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10575"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"name": "20040605-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"name": "DSA-517",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-517"
},
{
"name": "oval:org.mitre.oval:def:993",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A993"
},
{
"name": "20040611 [OpenPKG-SA-2004.027] OpenPKG Security Advisory (cvs)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108716553923643\u0026w=2"
},
{
"name": "RHSA-2004:233",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-233.html"
},
{
"name": "MDKSA-2004:058",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058"
},
{
"name": "GLSA-200406-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200406-06.xml"
},
{
"name": "20040604-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"name": "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed \"Entry\" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:10575",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10575"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"name": "20040605-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"name": "DSA-517",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-517"
},
{
"name": "oval:org.mitre.oval:def:993",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A993"
},
{
"name": "20040611 [OpenPKG-SA-2004.027] OpenPKG Security Advisory (cvs)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108716553923643\u0026w=2"
},
{
"name": "RHSA-2004:233",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-233.html"
},
{
"name": "MDKSA-2004:058",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058"
},
{
"name": "GLSA-200406-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200406-06.xml"
},
{
"name": "20040604-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"name": "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed \"Entry\" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:10575",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10575"
},
{
"name": "http://security.e-matters.de/advisories/092004.html",
"refsource": "MISC",
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"name": "20040605-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"name": "DSA-517",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-517"
},
{
"name": "oval:org.mitre.oval:def:993",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A993"
},
{
"name": "20040611 [OpenPKG-SA-2004.027] OpenPKG Security Advisory (cvs)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108716553923643\u0026w=2"
},
{
"name": "RHSA-2004:233",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-233.html"
},
{
"name": "MDKSA-2004:058",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058"
},
{
"name": "GLSA-200406-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200406-06.xml"
},
{
"name": "20040604-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"name": "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0414",
"datePublished": "2004-06-11T04:00:00",
"dateReserved": "2004-04-16T00:00:00",
"dateUpdated": "2024-08-08T00:17:14.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0180 (GCVE-0-2004-0180)
Vulnerability from cvelistv5
Published
2004-04-16 04:00
Modified
2024-08-08 00:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11548"
},
{
"name": "oval:org.mitre.oval:def:1042",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1042"
},
{
"name": "oval:org.mitre.oval:def:9462",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9462"
},
{
"name": "11400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11400"
},
{
"name": "11375",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11375"
},
{
"name": "DSA-486",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-486"
},
{
"name": "MDKSA-2004:028",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:028"
},
{
"name": "11368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11368"
},
{
"name": "11380",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11380"
},
{
"name": "cvs-rcs-create-files(15864)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15864"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch"
},
{
"name": "SSA:2004-108-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.400181"
},
{
"name": "20040404-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc"
},
{
"name": "FreeBSD-SA-04:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc"
},
{
"name": "11374",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11374"
},
{
"name": "11377",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11377"
},
{
"name": "GLSA-200404-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200404-13.xml"
},
{
"name": "11371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11371"
},
{
"name": "RHSA-2004:153",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-153.html"
},
{
"name": "FEDORA-2004-1620",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108636445031613\u0026w=2"
},
{
"name": "11405",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11405"
},
{
"name": "RHSA-2004:154",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-154.html"
},
{
"name": "11391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11391"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11548"
},
{
"name": "oval:org.mitre.oval:def:1042",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1042"
},
{
"name": "oval:org.mitre.oval:def:9462",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9462"
},
{
"name": "11400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11400"
},
{
"name": "11375",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11375"
},
{
"name": "DSA-486",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-486"
},
{
"name": "MDKSA-2004:028",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:028"
},
{
"name": "11368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11368"
},
{
"name": "11380",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11380"
},
{
"name": "cvs-rcs-create-files(15864)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15864"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch"
},
{
"name": "SSA:2004-108-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.400181"
},
{
"name": "20040404-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc"
},
{
"name": "FreeBSD-SA-04:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc"
},
{
"name": "11374",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11374"
},
{
"name": "11377",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11377"
},
{
"name": "GLSA-200404-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200404-13.xml"
},
{
"name": "11371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11371"
},
{
"name": "RHSA-2004:153",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-153.html"
},
{
"name": "FEDORA-2004-1620",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108636445031613\u0026w=2"
},
{
"name": "11405",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11405"
},
{
"name": "RHSA-2004:154",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-154.html"
},
{
"name": "11391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11391"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11548",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11548"
},
{
"name": "oval:org.mitre.oval:def:1042",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1042"
},
{
"name": "oval:org.mitre.oval:def:9462",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9462"
},
{
"name": "11400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11400"
},
{
"name": "11375",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11375"
},
{
"name": "DSA-486",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-486"
},
{
"name": "MDKSA-2004:028",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:028"
},
{
"name": "11368",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11368"
},
{
"name": "11380",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11380"
},
{
"name": "cvs-rcs-create-files(15864)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15864"
},
{
"name": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch",
"refsource": "CONFIRM",
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch"
},
{
"name": "SSA:2004-108-02",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.400181"
},
{
"name": "20040404-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc"
},
{
"name": "FreeBSD-SA-04:07",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc"
},
{
"name": "11374",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11374"
},
{
"name": "11377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11377"
},
{
"name": "GLSA-200404-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200404-13.xml"
},
{
"name": "11371",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11371"
},
{
"name": "RHSA-2004:153",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-153.html"
},
{
"name": "FEDORA-2004-1620",
"refsource": "FEDORA",
"url": "http://marc.info/?l=bugtraq\u0026m=108636445031613\u0026w=2"
},
{
"name": "11405",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11405"
},
{
"name": "RHSA-2004:154",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-154.html"
},
{
"name": "11391",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11391"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0180",
"datePublished": "2004-04-16T04:00:00",
"dateReserved": "2004-02-25T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1342 (GCVE-0-2004-1342)
Vulnerability from cvelistv5
Published
2005-04-27 04:00
Modified
2024-09-16 22:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2005/dsa-715 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-715"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-04-27T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-715"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-715",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-715"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1342",
"datePublished": "2005-04-27T04:00:00Z",
"dateReserved": "2005-01-06T00:00:00Z",
"dateUpdated": "2024-09-16T22:55:47.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0418 (GCVE-0-2004-0418)
Vulnerability from cvelistv5
Published
2004-06-11 04:00
Modified
2024-08-08 00:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:14.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-519"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"name": "oval:org.mitre.oval:def:11242",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11242"
},
{
"name": "20040605-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"name": "oval:org.mitre.oval:def:1003",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1003"
},
{
"name": "20040611 [OpenPKG-SA-2004.027] OpenPKG Security Advisory (cvs)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108716553923643\u0026w=2"
},
{
"name": "RHSA-2004:233",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-233.html"
},
{
"name": "MDKSA-2004:058",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058"
},
{
"name": "GLSA-200406-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200406-06.xml"
},
{
"name": "20040604-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"name": "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an \"out-of-bounds\" write for a single byte to execute arbitrary code or modify critical program data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-519"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"name": "oval:org.mitre.oval:def:11242",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11242"
},
{
"name": "20040605-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"name": "oval:org.mitre.oval:def:1003",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1003"
},
{
"name": "20040611 [OpenPKG-SA-2004.027] OpenPKG Security Advisory (cvs)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108716553923643\u0026w=2"
},
{
"name": "RHSA-2004:233",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-233.html"
},
{
"name": "MDKSA-2004:058",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058"
},
{
"name": "GLSA-200406-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200406-06.xml"
},
{
"name": "20040604-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"name": "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an \"out-of-bounds\" write for a single byte to execute arbitrary code or modify critical program data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-519",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-519"
},
{
"name": "http://security.e-matters.de/advisories/092004.html",
"refsource": "MISC",
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"name": "oval:org.mitre.oval:def:11242",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11242"
},
{
"name": "20040605-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"name": "oval:org.mitre.oval:def:1003",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1003"
},
{
"name": "20040611 [OpenPKG-SA-2004.027] OpenPKG Security Advisory (cvs)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108716553923643\u0026w=2"
},
{
"name": "RHSA-2004:233",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-233.html"
},
{
"name": "MDKSA-2004:058",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058"
},
{
"name": "GLSA-200406-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200406-06.xml"
},
{
"name": "20040604-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"name": "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0418",
"datePublished": "2004-06-11T04:00:00",
"dateReserved": "2004-04-16T00:00:00",
"dateUpdated": "2024-08-08T00:17:14.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1343 (GCVE-0-2004-1343)
Vulnerability from cvelistv5
Published
2005-04-27 04:00
Modified
2024-09-17 02:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2005/dsa-715 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-715"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-04-27T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-715"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-715",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-715"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1343",
"datePublished": "2005-04-27T04:00:00Z",
"dateReserved": "2005-01-06T00:00:00Z",
"dateUpdated": "2024-09-17T02:01:39.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201011-0260
Vulnerability from variot
Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow. Concurrent Versions System is an open source version control system. Enticing users to examine specially constructed files can trigger a heap-based buffer overflow. CVS is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer. A local attacker can exploit this issue by storing a malicious RCS file in the CVS repository, and enticing an unsuspecting user to update their CVS repository tree with the file. Successful exploitation allows the attacker to execute arbitrary code with the privileges of the user running the vulnerable application. Failed attempts will result in denial-of-service conditions. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta: http://secunia.com/products/corporate/vim/
TITLE: CVS Delta Fragment Array Indexing Vulnerability
SECUNIA ADVISORY ID: SA41079
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41079/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41079
RELEASE DATE: 2010-10-29
DISCUSS ADVISORY: http://secunia.com/advisories/41079/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/41079/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41079
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in CVS, which can be exploited by malicious, local users to gain escalated privileges.
The vulnerability is reported in version 1.11.23. Other versions may also be affected.
SOLUTION: Fixed in the CVS repository.
PROVIDED AND/OR DISCOVERED BY: Red Hat credits Ralph Loader
ORIGINAL ADVISORY: CVS: http://cvs.savannah.gnu.org/viewvc/cvs/ccvs/src/rcs.c?r1=1.262.4.65&r2=1.262.4.66&sortby=rev
Red Hat: https://bugzilla.redhat.com/show_bug.cgi?id=642146
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
For more information: SA41079
SOLUTION: Apply updated packages via the yum utility ("yum update cvs")
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201011-0260",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cvs",
"scope": "eq",
"trust": 1.7,
"vendor": "cvs",
"version": "1.11.23"
},
{
"model": "cvs",
"scope": "eq",
"trust": 1.6,
"vendor": "nongnu",
"version": "1.11.23"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-2595"
},
{
"db": "BID",
"id": "44528"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002534"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-046"
},
{
"db": "NVD",
"id": "CVE-2010-3846"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cvs:cvs",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_hpc_node",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_workstation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002534"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jan Lieskovsky",
"sources": [
{
"db": "BID",
"id": "44528"
}
],
"trust": 0.3
},
"cve": "CVE-2010-3846",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2010-3846",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-3846",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2010-3846",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201011-046",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002534"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-046"
},
{
"db": "NVD",
"id": "CVE-2010-3846"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow. Concurrent Versions System is an open source version control system. Enticing users to examine specially constructed files can trigger a heap-based buffer overflow. CVS is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer. \nA local attacker can exploit this issue by storing a malicious RCS file in the CVS repository, and enticing an unsuspecting user to update their CVS repository tree with the file. \nSuccessful exploitation allows the attacker to execute arbitrary code with the privileges of the user running the vulnerable application. Failed attempts will result in denial-of-service conditions. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. \n\nJoin the beta: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nCVS Delta Fragment Array Indexing Vulnerability\n\nSECUNIA ADVISORY ID:\nSA41079\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/41079/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41079\n\nRELEASE DATE:\n2010-10-29\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/41079/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/41079/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41079\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in CVS, which can be exploited by\nmalicious, local users to gain escalated privileges. \n\nThe vulnerability is reported in version 1.11.23. Other versions may\nalso be affected. \n\nSOLUTION:\nFixed in the CVS repository. \n\nPROVIDED AND/OR DISCOVERED BY:\nRed Hat credits Ralph Loader\n\nORIGINAL ADVISORY:\nCVS:\nhttp://cvs.savannah.gnu.org/viewvc/cvs/ccvs/src/rcs.c?r1=1.262.4.65\u0026r2=1.262.4.66\u0026sortby=rev\n\nRed Hat:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=642146\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. This fixes a vulnerability,\nwhich can be exploited by malicious, local users to gain escalated\nprivileges. \n\nFor more information:\nSA41079\n\nSOLUTION:\nApply updated packages via the yum utility (\"yum update cvs\")",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-3846"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002534"
},
{
"db": "CNVD",
"id": "CNVD-2010-2595"
},
{
"db": "BID",
"id": "44528"
},
{
"db": "PACKETSTORM",
"id": "95293"
},
{
"db": "PACKETSTORM",
"id": "96222"
},
{
"db": "PACKETSTORM",
"id": "95295"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-3846",
"trust": 3.3
},
{
"db": "SECUNIA",
"id": "41079",
"trust": 3.1
},
{
"db": "BID",
"id": "44528",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "42409",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1024795",
"trust": 2.4
},
{
"db": "VUPEN",
"id": "ADV-2010-2845",
"trust": 2.4
},
{
"db": "VUPEN",
"id": "ADV-2010-3080",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "68952",
"trust": 2.4
},
{
"db": "SECUNIA",
"id": "42041",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-2869",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2010-2846",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2010-2899",
"trust": 1.6
},
{
"db": "XF",
"id": "62858",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002534",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2010-2595",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201011-046",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "95293",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "96222",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "95295",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-2595"
},
{
"db": "BID",
"id": "44528"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002534"
},
{
"db": "PACKETSTORM",
"id": "95293"
},
{
"db": "PACKETSTORM",
"id": "96222"
},
{
"db": "PACKETSTORM",
"id": "95295"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-046"
},
{
"db": "NVD",
"id": "CVE-2010-3846"
}
]
},
"id": "VAR-201011-0260",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-2595"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-2595"
}
]
},
"last_update_date": "2024-11-23T22:59:57.490000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://savannah.nongnu.org/projects/cvs/"
},
{
"title": "RHSA-2010:0918",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2010-0918.html"
},
{
"title": "Patch for CVS Delta Fragment Array Indexing Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/1552"
},
{
"title": "FreeBSD CVSweb Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=234755"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-2595"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002534"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-046"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002534"
},
{
"db": "NVD",
"id": "CVE-2010-3846"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.osvdb.org/68952"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/41079"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/42409"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/44528"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1024795"
},
{
"trust": 2.4,
"url": "http://www.vupen.com/english/advisories/2010/2845"
},
{
"trust": 2.4,
"url": "http://www.vupen.com/english/advisories/2010/3080"
},
{
"trust": 2.0,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=642146"
},
{
"trust": 1.7,
"url": "http://cvs.savannah.gnu.org/viewvc/cvs/ccvs/src/rcs.c?r1=1.262.4.65\u0026r2=1.262.4.66\u0026sortby=rev"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-october/050090.html"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2010/2899"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0918.html"
},
{
"trust": 1.6,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-november/050287.html"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2010/2846"
},
{
"trust": 1.6,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-november/050212.html"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2010/2869"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/42041"
},
{
"trust": 1.6,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62858"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3846"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/62858"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3846"
},
{
"trust": 0.7,
"url": "http://secunia.com/advisories/41079/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0918"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2010-3846"
},
{
"trust": 0.3,
"url": "http://www.cvshome.org/eng/"
},
{
"trust": 0.3,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.3,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.3,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.3,
"url": "http://secunia.com/products/corporate/vim/"
},
{
"trust": 0.3,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.3,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.3,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/41079/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41079"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2010-0918.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42409/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42409"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42409/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42041/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42041/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42041"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-2595"
},
{
"db": "BID",
"id": "44528"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002534"
},
{
"db": "PACKETSTORM",
"id": "95293"
},
{
"db": "PACKETSTORM",
"id": "96222"
},
{
"db": "PACKETSTORM",
"id": "95295"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-046"
},
{
"db": "NVD",
"id": "CVE-2010-3846"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-2595"
},
{
"db": "BID",
"id": "44528"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002534"
},
{
"db": "PACKETSTORM",
"id": "95293"
},
{
"db": "PACKETSTORM",
"id": "96222"
},
{
"db": "PACKETSTORM",
"id": "95295"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-046"
},
{
"db": "NVD",
"id": "CVE-2010-3846"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-11-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-2595"
},
{
"date": "2010-10-28T00:00:00",
"db": "BID",
"id": "44528"
},
{
"date": "2010-12-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002534"
},
{
"date": "2010-11-01T01:34:47",
"db": "PACKETSTORM",
"id": "95293"
},
{
"date": "2010-11-30T05:50:29",
"db": "PACKETSTORM",
"id": "96222"
},
{
"date": "2010-11-01T01:34:52",
"db": "PACKETSTORM",
"id": "95295"
},
{
"date": "2010-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201011-046"
},
{
"date": "2010-11-05T17:00:02.530000",
"db": "NVD",
"id": "CVE-2010-3846"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-11-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-2595"
},
{
"date": "2015-04-13T21:59:00",
"db": "BID",
"id": "44528"
},
{
"date": "2010-12-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002534"
},
{
"date": "2023-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201011-046"
},
{
"date": "2024-11-21T01:19:44.607000",
"db": "NVD",
"id": "CVE-2010-3846"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "PACKETSTORM",
"id": "95293"
},
{
"db": "PACKETSTORM",
"id": "96222"
},
{
"db": "PACKETSTORM",
"id": "95295"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-046"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CVS of rcs.c Is in apply_rcs_change Elevation of privilege vulnerability in functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002534"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201011-046"
}
],
"trust": 0.6
}
}