Page 3 of 21 results (0.008 seconds)

CVSS: 10.0EPSS: 93%CPEs: 29EXPL: 1

CVE-2004-0416 – Remote CVS 1.11.15 - 'error_prog_name' Arbitrary Code Execution

https://notcve.org/view.php?id=CVE-2004-0416

Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code. Vulnerabilidad de doble liberación en la cadena error_prog_name en CVS 1.12.x a 1.12.8, y 1.11.x a 1.11.16, puede permitir a atacantes remotos ejecutar código arbitrario. • https://www.exploit-db.com/exploits/392 ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html http://marc.info/?l=bugtraq&m=108716553923643&w=2 http://security.e-matters.de/advisories/092004.html http://security.gentoo.org/glsa/glsa-200406-06.xml http://www.debian.org/security/2004/dsa-519 http://www. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 76%CPEs: 29EXPL: 0

CVE-2004-0418

https://notcve.org/view.php?id=CVE-2004-0418

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data. serve_notify en CVS 1.12.x a 1.12.8 y 1.11.x a 1.11.16 no maneja adecuadamente líneas de datos vacías, lo que puede permitir a atacantes remotos realizar una escritura "fuera de límites" en un solo byte para ejecutar código arbitrario o modificar datos críticos del programa. • ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html http://marc.info/?l=bugtraq&m=108716553923643&w=2 http://security.e-matters.de/advisories/092004.html http://security.gentoo.org/glsa/glsa-200406-06.xml http://www.debian.org/security/2004/dsa-519 http://www.mandriva.com/security/advisories?name=MDKSA-2004: •

CVSS: 7.5EPSS: 96%CPEs: 2EXPL: 2

CVE-2004-0396 – CVS (Linux/FreeBSD) - Remote Entry Line Heap Overflow

https://notcve.org/view.php?id=CVE-2004-0396

Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines. Desbordamiento basado en la pila en CVS 1.11.X a 1.11.5 y 1.12. a 1.12.7, cuando se usa el mecanismo pserver, permite a atacantes remotos ejecutar código arbitrario mediante lineas de Entradas. • https://www.exploit-db.com/exploits/300 https://www.exploit-db.com/exploits/301 ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-008.txt.asc ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0980.html http://cert.uni-stuttgart.de/archive/bugtraq/2004/05/msg00219.html http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021742.html http://marc.info/?l=bugtraq& •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0

CVE-2004-0405

https://notcve.org/view.php?id=CVE-2004-0405

CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc http://marc.info/?l=bugtraq&m=108636445031613&w=2 http://security.gentoo.org/glsa/glsa-200404-13.xml http://www.debian.org/security/2004/dsa-486 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.400181 https://exchange.xforce.ibmcloud.com/vulnerabilities/15891 https://oval.cisecurity.org •

CVSS: 2.6EPSS: 1%CPEs: 1EXPL: 0

CVE-2004-0180

https://notcve.org/view.php?id=CVE-2004-0180

The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc http://marc.info/?l=bugtraq&m=108636445031613&w=2 http://secunia.com/advisories/11368 http://secunia.com/advisories/11371 http://secunia.com/advisories/11374 http://secunia.com/advisories/11375 http://secunia.com/advisories/11377 http://secunia.com/ •