Page 3 of 13 results (0.011 seconds)

CVSS: 10.0EPSS: 93%CPEs: 29EXPL: 1

Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code. Vulnerabilidad de doble liberación en la cadena error_prog_name en CVS 1.12.x a 1.12.8, y 1.11.x a 1.11.16, puede permitir a atacantes remotos ejecutar código arbitrario. • https://www.exploit-db.com/exploits/392 ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html http://marc.info/?l=bugtraq&m=108716553923643&w=2 http://security.e-matters.de/advisories/092004.html http://security.gentoo.org/glsa/glsa-200406-06.xml http://www.debian.org/security/2004/dsa-519 http://www. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 76%CPEs: 29EXPL: 0

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data. serve_notify en CVS 1.12.x a 1.12.8 y 1.11.x a 1.11.16 no maneja adecuadamente líneas de datos vacías, lo que puede permitir a atacantes remotos realizar una escritura "fuera de límites" en un solo byte para ejecutar código arbitrario o modificar datos críticos del programa. • ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html http://marc.info/?l=bugtraq&m=108716553923643&w=2 http://security.e-matters.de/advisories/092004.html http://security.gentoo.org/glsa/glsa-200406-06.xml http://www.debian.org/security/2004/dsa-519 http://www.mandriva.com/security/advisories?name=MDKSA-2004: •

CVSS: 7.5EPSS: 96%CPEs: 2EXPL: 2

Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines. Desbordamiento basado en la pila en CVS 1.11.X a 1.11.5 y 1.12. a 1.12.7, cuando se usa el mecanismo pserver, permite a atacantes remotos ejecutar código arbitrario mediante lineas de Entradas. • https://www.exploit-db.com/exploits/300 https://www.exploit-db.com/exploits/301 ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-008.txt.asc ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0980.html http://cert.uni-stuttgart.de/archive/bugtraq/2004/05/msg00219.html http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021742.html http://marc.info/?l=bugtraq& •