Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Cygwin
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-3323 1 Redhat 1 Cygwin 2024-02-04 7.6 HIGH N/A
setup.exe before 2.573.2.3 in Cygwin does not properly verify the authenticity of packages, which allows remote Cygwin mirror servers or man-in-the-middle attackers to execute arbitrary code via a package list containing the MD5 checksum of a Trojan horse package.
CVE-2007-6181 1 Redhat 1 Cygwin 2024-02-04 8.5 HIGH N/A
Heap-based buffer overflow in cygwin1.dll in Cygwin 1.5.7 and earlier allows context-dependent attackers to execute arbitrary code via a filename with a certain length, as demonstrated by a remote authenticated user who uses the SCP protocol to send a file to the Cygwin machine, and thereby causes scp.exe on this machine to execute, and then overwrite heap memory with characters from the filename. NOTE: it is also reported that a related issue might exist in 1.5.7 through 1.5.19.