CVE-2004-1951
published 2004-12-31CVE-2004-1951: xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1)…
PriorityP433medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
8.10%
94.1th percentile
xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link.
Affected
32 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | xine-ui | < xine-ui 0.99.1 (bookworm) | xine-ui 0.99.1 (bookworm) |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv5.0MEDIUM
vendor_debian5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2004-1951: xine-ui - xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.2...
vendor_debian·2004·CVSS 5.0
CVE-2004-1951 [MEDIUM] CVE-2004-1951: xine-ui - xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.2...
xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link.
Scope: local
bookworm: resolved (fixed in 0.99.1)
bullseye: resolved (fixed in 0.99.1)
forky: resolved (fixed in 0.99.1)
sid: resolved (fixed in 0.99.1)
trixie: resolved (fixed in 0.99.1)
GHSA
GHSA-w95m-6gwv-7rhp: xine 1
ghsa_unreviewed·2022-04-29
CVE-2004-1951 [MEDIUM] GHSA-w95m-6gwv-7rhp: xine 1
xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link.
OSV
CVE-2004-1951: xine 1
osv·2004-12-31·CVSS 5.0
CVE-2004-1951 [MEDIUM] CVE-2004-1951: xine 1
xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link.
No detection rules found.
http://secunia.com/advisories/11433http://security.gentoo.org/glsa/glsa-200404-20.xmlhttp://www.osvdb.org/5594http://www.osvdb.org/5739http://www.securityfocus.com/bid/10193http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.372791http://www.xinehq.de/index.php/security/XSA-2004-1http://www.xinehq.de/index.php/security/XSA-2004-2https://exchange.xforce.ibmcloud.com/vulnerabilities/15939http://secunia.com/advisories/11433http://security.gentoo.org/glsa/glsa-200404-20.xmlhttp://www.osvdb.org/5594http://www.osvdb.org/5739http://www.securityfocus.com/bid/10193http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.372791http://www.xinehq.de/index.php/security/XSA-2004-1http://www.xinehq.de/index.php/security/XSA-2004-2https://exchange.xforce.ibmcloud.com/vulnerabilities/15939
2004-12-31
Published