Page 2 of 9 results (0.001 seconds)

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0

CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc http://marc.info/?l=bugtraq&m=108636445031613&w=2 http://security.gentoo.org/glsa/glsa-200404-13.xml http://www.debian.org/security/2004/dsa-486 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.400181 https://exchange.xforce.ibmcloud.com/vulnerabilities/15891 https://oval.cisecurity.org •

CVSS: 2.6EPSS: 1%CPEs: 1EXPL: 0

The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc http://marc.info/?l=bugtraq&m=108636445031613&w=2 http://secunia.com/advisories/11368 http://secunia.com/advisories/11371 http://secunia.com/advisories/11374 http://secunia.com/advisories/11375 http://secunia.com/advisories/11377 http://secunia.com/ •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code. • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-035.0.txt ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0081.html http://marc.info/?l=bugtraq&m=102233767925177&w=2 http://www.redhat.com/support/errata/RHSA-2004-004.html http://www.securityfocus.com/bid/4829 https://exchange.xforce.ibmcloud.com/vulnerabilities/9175 https://access.redhat.com/security/cve/CVE-2002-0844 https://bugzilla&# • CWE-193: Off-by-one Error •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0

CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (server crash) via the diff capability. CVS anteriores a 1.10.8 no inicializa adecudamente una variable global, lo que permite a atacantes remotos causar una denegación de servicio (caída del servidor) mediante la capacidad diff. • http://marc.info/?l=vuln-dev&m=101422243817321&w=2 http://marc.info/?l=vuln-dev&m=101433077724524&w=2 http://www.debian.org/security/2002/dsa-117 http://www.iss.net/security_center/static/8366.php http://www.redhat.com/support/errata/RHSA-2002-026.html http://www.securityfocus.com/bid/4234 https://access.redhat.com/security/cve/CVE-2002-0092 https://bugzilla.redhat.com/show_bug.cgi?id=1616742 •