Vulnerabilities > Openpkg
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-1471 | Multiple vulnerability in CVS Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line. | 7.1 |
| 2004-11-23 | CVE-2004-0333 | Buffer Overrun vulnerability in UUDeview MIME Archive Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters. | 10.0 |
| 2004-10-20 | CVE-2004-0772 | Double Free vulnerability in multiple products Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code. | 9.8 |
| 2004-10-07 | CVE-2005-0373 | Remote And Local vulnerability in Cyrus SASL Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code. | 7.5 |
| 2004-08-06 | CVE-2004-0418 | serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data. | 10.0 |
| 2004-08-06 | CVE-2004-0417 | Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space. | 5.0 |
| 2004-08-06 | CVE-2004-0416 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code. | 10.0 |
| 2004-08-06 | CVE-2004-0414 | CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution. | 10.0 |
| 2004-08-06 | CVE-2004-0413 | Remote Integer Overflow vulnerability in Subversion SVN Protocol Parser libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) svn://, (2) svn+ssh://, and (3) other svn protocol URL strings, which allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via an integer overflow that leads to a heap-based buffer overflow. | 10.0 |
| 2004-05-05 | CVE-2004-1997 | Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, which may be installed world-readable, which allows local users to gain privileges. | 4.6 |