Aggregates CVE and security vulnerability intelligence across all samhain_labs-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk input validation, vendor risk buffer overflow, and vendor risk denial of service and related problems; some flaws may lead to vendor impact unexpected behavior.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2009-4810 | The Secure Remote Password (SRP) implementation in Samhain before 2.5.4 does not check for a certain zero value where required by the protocol, which allows remote attackers to bypass authentication via crafted input. | [email protected] | 7.5 | 2.56% | 2010-04-23 | 2026-06-16 |
| CVE-2004-2410 | Unknown vulnerability in sh_hash_compdata for Samhain 1.8.9 through 2.0.1 might allow attackers to cause a denial of service (null pointer dereference). | [email protected] | 2.1 | 0.36% | 2004-12-31 | 2026-06-16 |
| CVE-2004-2409 | Buffer overflow in the sh_hash_compdata function for Samhain 1.8.9 through 2.0.1, when running in update mode ("-t update"), might allow attackers to execute arbitrary code. | [email protected] | 7.2 | 0.53% | 2004-12-31 | 2026-06-16 |
| CVE-2004-0159 | Format string vulnerability in hsftp 1.11 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via file names containing format string characters that are not properly handled when executing an "ls" command. | [email protected] | 7.5 | 9.02% | 2004-03-15 | 2026-06-16 |