Vulnerabilities > Redhat > Cygwin > 1.5.7.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-07-28 | CVE-2008-3323 | Improper Input Validation vulnerability in Redhat Cygwin 1.5.19/1.5.7/1.5.71 setup.exe before 2.573.2.3 in Cygwin does not properly verify the authenticity of packages, which allows remote Cygwin mirror servers or man-in-the-middle attackers to execute arbitrary code via a package list containing the MD5 checksum of a Trojan horse package. | 7.6 |
2007-11-30 | CVE-2007-6181 | Buffer Errors vulnerability in Redhat Cygwin 1.5.19/1.5.7/1.5.71 Heap-based buffer overflow in cygwin1.dll in Cygwin 1.5.7 and earlier allows context-dependent attackers to execute arbitrary code via a filename with a certain length, as demonstrated by a remote authenticated user who uses the SCP protocol to send a file to the Cygwin machine, and thereby causes scp.exe on this machine to execute, and then overwrite heap memory with characters from the filename. | 8.5 |