Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0452 | 1 Larry Wall | 1 Perl | 2017-10-11 | 2.6 LOW | N/A |
| Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack. | |||||
| CVE-2004-2259 | 1 Beasts | 1 Vsftpd | 2017-10-11 | 5.0 MEDIUM | N/A |
| vsftpd before 1.2.2, when under heavy load, allows attackers to cause a denial of service (crash) via a SIGCHLD signal during a malloc or free call, which is not re-entrant. | |||||
| CVE-2004-0784 | 1 Rob Flynn | 1 Gaim | 2017-10-11 | 7.5 HIGH | N/A |
| The smiley theme functionality in Gaim before 0.82 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of the tar file that is dragged to the smiley selector. | |||||
| CVE-2005-0402 | 1 Mozilla | 1 Firefox | 2017-10-11 | 2.6 LOW | N/A |
| Firefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page. | |||||
| CVE-2005-0403 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2017-10-11 | 7.2 HIGH | N/A |
| init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat Enterprise Linux 3 does not properly clear controlling tty's in multi-threaded applications, which allows local users to cause a denial of service (crash) and possibly gain tty access via unknown attack vectors that trigger an access of a pointer to a freed structure. | |||||
| CVE-2004-1773 | 1 Gnu | 1 Sharutils | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar. | |||||
| CVE-2004-1772 | 1 Gnu | 1 Sharutils | 2017-10-11 | 4.6 MEDIUM | N/A |
| Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument. | |||||
| CVE-2004-2479 | 1 National Science Foundation | 1 Squid Web Proxy Cache | 2017-10-11 | 5.0 MEDIUM | N/A |
| Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensitive information via URLs containing invalid hostnames that cause DNS operations to fail, which results in references to previously used error messages. | |||||
| CVE-2004-1764 | 1 Hp | 1 Hp-ux | 2017-10-11 | 7.2 HIGH | N/A |
| Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows local users to gain root privileges via unknown vectors. | |||||
| CVE-2004-1761 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 allows attackers to cause a denial of service (segmentation fault) via a malformed color filter file. | |||||
| CVE-2005-0069 | 1 Vim Development Group | 1 Vim | 2017-10-11 | 4.6 MEDIUM | N/A |
| The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2005-0446 | 1 Squid | 1 Squid | 2017-10-11 | 5.0 MEDIUM | N/A |
| Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure. | |||||
| CVE-2004-1183 | 1 Libtiff | 1 Libtiff | 2017-10-11 | 5.1 MEDIUM | N/A |
| Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF file. | |||||
| CVE-2004-0491 | 1 Redhat | 1 Enterprise Linux | 2017-10-11 | 2.1 LOW | N/A |
| The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly maintain the mlock page count when one process unlocks pages that belong to another process, which allows local users to mlock more memory than specified by the rlimit. | |||||
| CVE-2004-0494 | 2 Avaya, Redhat | 4 Cvlan, Enterprise Linux, Enterprise Linux Desktop and 1 more | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple extfs backend scripts for GNOME virtual file system (VFS) before 1.0.1 may allow remote attackers to perform certain unauthorized actions via a gnome-vfs URI. | |||||
| CVE-2004-0495 | 6 Avaya, Conectiva, Gentoo and 3 more | 18 Converged Communications Server, Intuity Audix, Modular Messaging Message Storage Server and 15 more | 2017-10-11 | 7.2 HIGH | N/A |
| Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool. | |||||
| CVE-2004-0497 | 7 Conectiva, Gentoo, Linux and 4 more | 9 Linux, Linux, Linux Kernel and 6 more | 2017-10-11 | 2.1 LOW | N/A |
| Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4. | |||||
| CVE-2004-0990 | 5 Gd Graphics Library, Gentoo, Openpkg and 2 more | 5 Gdlib, Linux, Openpkg and 2 more | 2017-10-11 | 10.0 HIGH | N/A |
| Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941. | |||||
| CVE-2005-0455 | 1 Realnetworks | 2 Realone Player, Realplayer | 2017-10-11 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed function in smlparse.cpp for RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1 allows remote attackers to execute arbitrary code via a .SMIL file with a large system-screen-size value. | |||||
| CVE-2004-1177 | 1 Gnu | 1 Mailman | 2017-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page. | |||||
| CVE-2004-0500 | 3 Gentoo, Mandrakesoft, Rob Flynn | 3 Linux, Mandrake Linux, Gaim | 2017-10-11 | 7.5 HIGH | N/A |
| Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via MSNSLP protocol messages that are not properly handled in a strncpy call. | |||||
| CVE-2004-1165 | 1 Kde | 2 Kdelibs, Konqueror | 2017-10-11 | 7.5 HIGH | N/A |
| Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command. | |||||
| CVE-2004-0504 | 2 Ethereal Group, Sgi | 2 Ethereal, Propack | 2017-10-11 | 5.0 MEDIUM | N/A |
| Ethereal 0.10.3 allows remote attackers to cause a denial of service (crash) via certain SIP messages between Hotsip servers and clients. | |||||
| CVE-2004-0505 | 2 Ethereal Group, Sgi | 2 Ethereal, Propack | 2017-10-11 | 5.0 MEDIUM | N/A |
| The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause a denial of service (assert error) via unknown attack vectors. | |||||
| CVE-2004-0506 | 2 Ethereal Group, Sgi | 2 Ethereal, Propack | 2017-10-11 | 5.0 MEDIUM | N/A |
| The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote attackers to cause a denial of service (crash) via unknown attack vectors that cause a null pointer dereference. | |||||
| CVE-2004-0507 | 2 Ethereal Group, Sgi | 2 Ethereal, Propack | 2017-10-11 | 10.0 HIGH | N/A |
| Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code. | |||||
| CVE-2005-0468 | 1 Ncsa | 1 Telnet | 2017-10-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the env_opt_add function in telnet.c for various BSD-based Telnet clients allows remote attackers to execute arbitrary code via responses that contain a large number of characters that require escaping, which consumers more memory than allocated. | |||||
| CVE-2004-1145 | 7 Altlinux, Conectiva, Debian and 4 more | 9 Alt Linux, Linux, Debian Linux and 6 more | 2017-10-11 | 5.0 MEDIUM | N/A |
| Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files. | |||||
| CVE-2004-1144 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 7.2 HIGH | N/A |
| Unknown vulnerability in the 32bit emulation code in Linux 2.4 on AMD64 systems allows local users to gain privileges. | |||||
| CVE-2004-1139 | 7 Altlinux, Conectiva, Debian and 4 more | 9 Alt Linux, Linux, Debian Linux and 6 more | 2017-10-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service (application crash). | |||||
| CVE-2004-1138 | 1 Vim Development Group | 1 Vim | 2017-10-11 | 7.2 HIGH | N/A |
| VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7) keymap, (8) patchmode, or (9) langmenu. | |||||
| CVE-2005-0529 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 2.1 LOW | N/A |
| Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for offset arguments to the proc_file_read and locks_read_proc functions, which leads to a heap-based buffer overflow when a signed comparison causes negative integers to be used in a positive context. | |||||
| CVE-2005-0469 | 1 Ncsa | 1 Telnet | 2017-10-11 | 7.5 HIGH | N/A |
| Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands. | |||||
| CVE-2004-0519 | 2 Sgi, Squirrelmail | 2 Propack, Squirrelmail | 2017-10-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php. | |||||
| CVE-2004-0520 | 3 Open Webmail, Sgi, Squirrelmail | 3 Open Webmail, Propack, Squirrelmail | 2017-10-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php. | |||||
| CVE-2004-0521 | 2 Sgi, Squirrelmail | 2 Propack, Squirrelmail | 2017-10-11 | 10.0 HIGH | N/A |
| SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php. | |||||
| CVE-2004-1111 | 1 Cisco | 10 7200 Router, 7300 Router, 7500 Router and 7 more | 2017-10-11 | 5.0 MEDIUM | N/A |
| Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, 12.2(18)SV, 12.2(18)SW, and other versions without the "no service dhcp" command, keep undeliverable DHCP packets in the queue instead of dropping them, which allows remote attackers to cause a denial of service (dropped traffic) via multiple undeliverable DHCP packets that exceed the input queue size. | |||||
| CVE-2005-0180 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 3.6 LOW | N/A |
| Multiple integer signedness errors in the sg_scsi_ioctl function in scsi_ioctl.c for Linux 2.6.x allow local users to read or modify kernel memory via negative integers in arguments to the scsi ioctl, which bypass a maximum length check before calling the copy_from_user and copy_to_user functions. | |||||
| CVE-2004-1072 | 5 Linux, Redhat, Suse and 2 more | 8 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2017-10-11 | 7.2 HIGH | N/A |
| The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to cause a denial of service (hang) and possibly execute arbitrary code. | |||||
| CVE-2004-1071 | 5 Linux, Redhat, Suse and 2 more | 8 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2017-10-11 | 7.2 HIGH | N/A |
| The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code. | |||||
| CVE-2004-1070 | 5 Linux, Redhat, Suse and 2 more | 8 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2017-10-11 | 7.2 HIGH | N/A |
| The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary code. | |||||
| CVE-2005-0531 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 2.1 LOW | N/A |
| The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4 may allow local users to trigger a buffer overflow via negative arguments. | |||||
| CVE-2004-0557 | 4 Conectiva, Gentoo, Redhat and 1 more | 6 Linux, Linux, Enterprise Linux and 3 more | 2017-10-11 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields. | |||||
| CVE-2004-1068 | 3 Linux, Redhat, Ubuntu | 5 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 2 more | 2017-10-11 | 6.2 MEDIUM | N/A |
| A "missing serialization" error in the unix_dgram_recvmsg function in Linux 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain privileges via a race condition. | |||||
| CVE-2005-0179 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 2.1 LOW | N/A |
| Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of service (CPU and memory consumption) and bypass RLIM_MEMLOCK limits via the mlockall call. | |||||
| CVE-2005-0178 | 3 Linux, Netkit, Vserver | 3 Linux Kernel, Linux Netkit, Linux-vserver | 2017-10-11 | 6.2 MEDIUM | N/A |
| Race condition in the setsid function in Linux before 2.6.8.1 allows local users to cause a denial of service (crash) and possibly access portions of kernel memory, related to TTY changes, locking, and semaphores. | |||||
| CVE-2005-0150 | 1 Mozilla | 1 Firefox | 2017-10-11 | 5.0 MEDIUM | N/A |
| Firefox before 1.0 allows the user to store a (1) javascript: or (2) data: URLs as a Livefeed bookmark, then executes it in the security context of the currently loaded page when the user later accesses the bookmark, which could allow remote attackers to execute arbitrary code. | |||||
| CVE-2005-0078 | 3 Debian, Kde, Redhat | 5 Debian Linux, Kde, Enterprise Linux and 2 more | 2017-10-11 | 4.6 MEDIUM | N/A |
| The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session. | |||||
| CVE-2004-1380 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-11 | 5.0 MEDIUM | N/A |
| Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability." | |||||
| CVE-2004-0733 | 1 Ollydbg | 1 Ollydbg | 2017-10-11 | 7.5 HIGH | N/A |
| Format string vulnerability in OllyDbg 1.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are directly provided to the OutputDebugString function call. | |||||