Cfengine
Products
4- 3 CVEs
- 2 CVEs
- 1 CVE
- 0 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-36756 | Med | 0.42 | 6.5 | 0.00 | Oct 27, 2021 | CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate Validation. | ||
| CVE-2021-38379 | Med | 0.36 | 5.5 | 0.00 | Oct 27, 2021 | The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permissions that allow local Information Disclosure. | ||
| CVE-2004-1701 | 0.05 | — | 0.20 | Aug 9, 2004 | Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication. | |||
| CVE-2005-2960 | 0.00 | — | 0.00 | Oct 5, 2005 | cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137. | |||
| CVE-2004-1702 | 0.00 | — | 0.02 | Aug 9, 2004 | The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 does not properly check the return value of the ReceiveTransaction function, which leads to a failed malloc call and triggers to a null dereference, which allows remote attackers to cause a denial of… |
- risk 0.42cvss 6.5epss 0.00
CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate Validation.
- risk 0.36cvss 5.5epss 0.00
The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permissions that allow local Information Disclosure.
- CVE-2004-1701Aug 9, 2004risk 0.05cvss —epss 0.20
Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication.
- CVE-2005-2960Oct 5, 2005risk 0.00cvss —epss 0.00
cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.
- CVE-2004-1702Aug 9, 2004risk 0.00cvss —epss 0.02
The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 does not properly check the return value of the ReceiveTransaction function, which leads to a failed malloc call and triggers to a null dereference, which allows remote attackers to cause a denial of…