Cfengine
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-55958 | Med | 0.31 | 4.8 | 0.00 | Jan 21, 2025 | Northern.tech CFEngine Enterprise Mission Portal 3.24.0, 3.21.5, and below allows XSS. The fixed versions are 3.24.1 and 3.21.6. | ||
| CVE-2004-1701 | 0.08 | — | 0.57 | Aug 9, 2004 | Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication. | |||
| CVE-2003-0849 | 0.04 | — | 0.08 | Nov 17, 2003 | Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function. | |||
| CVE-2005-3137 | 0.00 | — | 0.00 | Oct 5, 2005 | The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960. | |||
| CVE-1999-0374 | 0.00 | — | 0.00 | Feb 16, 1999 | Debian GNU/Linux cfengine package is susceptible to a symlink attack. |
- risk 0.31cvss 4.8epss 0.00
Northern.tech CFEngine Enterprise Mission Portal 3.24.0, 3.21.5, and below allows XSS. The fixed versions are 3.24.1 and 3.21.6.
- CVE-2004-1701Aug 9, 2004risk 0.08cvss —epss 0.57
Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication.
- CVE-2003-0849Nov 17, 2003risk 0.04cvss —epss 0.08
Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function.
- CVE-2005-3137Oct 5, 2005risk 0.00cvss —epss 0.00
The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960.
- CVE-1999-0374Feb 16, 1999risk 0.00cvss —epss 0.00
Debian GNU/Linux cfengine package is susceptible to a symlink attack.