CVSS: 7.1EPSS: 1%CPEs: 111EXPL: 1CVE-2004-1471 – CVS 1.11.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-1471
Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line. • https://www.exploit-db.com/exploits/24182 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:14.cvs.asc http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html http://security.e-matters.de/advisories/092004.html http://www.securityfocus.com/bid/10499 https://exchange.xforce.ibmcloud.com/vulnerabilities/16365 •
CVSS: 5.0EPSS: 0%CPEs: 18EXPL: 0CVE-2004-1343
https://notcve.org/view.php?id=CVE-2004-1343
CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash). • http://www.debian.org/security/2005/dsa-715 •
CVSS: 5.0EPSS: 5%CPEs: 2EXPL: 0CVE-2004-0778
https://notcve.org/view.php?id=CVE-2004-0778
CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned. CVS 1.11.x anteriores a 1.11.17 y 1.12.x anteriores a 1.12.9 permite a atacantes remotos determinar la existencia de ficheros y directorios de su elección mediante el comando -X de un fichero de historia alternativo, lo que hace que devuelve diferentes mensajes de error. • http://www.idefense.com/application/poi/display?id=130&type=vulnerabilities http://www.kb.cert.org/vuls/id/579225 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:108 http://www.securityfocus.com/bid/10955 https://exchange.xforce.ibmcloud.com/vulnerabilities/17001 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10688 https://access.redhat.com/security/cve/CVE-2004-0778 https://bugzilla.redhat.com/show_bug.cgi?id=1617282 • CWE-203: Observable Discrepancy •
CVSS: 10.0EPSS: 1%CPEs: 29EXPL: 0CVE-2004-0414
https://notcve.org/view.php?id=CVE-2004-0414
CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution. CVS 1.12.z a 1.12.8, y 1.11.x a 1.11.16, no maneja adecuadamente líneas "Entry" malformadas, lo que impide que un terminador NULL sea usado y puede conducir a una denegación de servicio (caída), modificación de datos de programa críticos, o ejecución de código arbitrario. • ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html http://marc.info/?l=bugtraq&m=108716553923643&w=2 http://security.e-matters.de/advisories/092004.html http://security.gentoo.org/glsa/glsa-200406-06.xml http://www.debian.org/security/2004/dsa-517 http://www.mandriva.com/security/advisories?name=MDKSA-2004: •
CVSS: 10.0EPSS: 93%CPEs: 29EXPL: 1CVE-2004-0416 – Remote CVS 1.11.15 - 'error_prog_name' Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2004-0416
Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code. Vulnerabilidad de doble liberación en la cadena error_prog_name en CVS 1.12.x a 1.12.8, y 1.11.x a 1.11.16, puede permitir a atacantes remotos ejecutar código arbitrario. • https://www.exploit-db.com/exploits/392 ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html http://marc.info/?l=bugtraq&m=108716553923643&w=2 http://security.e-matters.de/advisories/092004.html http://security.gentoo.org/glsa/glsa-200406-06.xml http://www.debian.org/security/2004/dsa-519 http://www. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •