Every CVE whose affected-product data names Gnu Cfengine, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2000-0947 — CVSS 10.0 (critical): Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format…
CVE-2004-1701 — CVSS 10.0 (critical): Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to…
CVE-2003-0849 — CVSS 7.5 (high): Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified…
CVE-2004-1702 — CVSS 5.0 (medium): The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 does not properly check the return value of the…
CVE-2005-2960 — CVSS 2.1 (low): cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a…
CVE-2005-3137 — CVSS 2.1 (low): The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on…