CVE-2004-1185

8 documents8 sources

Severity

7.5HIGH

EPSS

7.4%

top 8.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJan 21

Latest updateApr 29

Description

Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames.

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

▶Debianenscript< 1.6.4-6+3

▶NVDgnu/enscript7 versions+6

GHSA

GHSA-8xcw-4f7q-cw3g: Enscript 1↗2022-04-29

▶

CVEList

CVE-2004-1185: Enscript 1↗2005-01-29

▶

OSV

CVE-2004-1185: Enscript 1↗2005-01-21

▶

Ubuntu

enscript vulnerabilities↗2005-01-24

▶

Red Hat

security flaw↗2005-01-20

▶

Debian

CVE-2004-1185: enscript - Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or loc...↗2004

▶

Bugzilla

CVE-2004-1185 security flaw↗2018-08-16

▶