Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0107 | 3 Redhat, Sgi, Sysstat | 3 Sysstat, Propack, Sysstat | 2017-10-11 | 4.6 MEDIUM | N/A |
| The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108. | |||||
| CVE-2004-0109 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry. | |||||
| CVE-2004-0110 | 2 Sgi, Xmlsoft | 3 Propack, Libxml, Libxml2 | 2017-10-11 | 7.5 HIGH | N/A |
| Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL. | |||||
| CVE-2004-0138 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 4.9 MEDIUM | N/A |
| The ELF loader in Linux kernel 2.4 before 2.4.25 allows local users to cause a denial of service (crash) via a crafted ELF file with an interpreter with an invalid arch (architecture), which triggers a BUG() when an invalid VMA is unmapped. | |||||
| CVE-2004-0176 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) NetFlow, (2) IGAP, (3) EIGRP, (4) PGM, (5) IrDA, (6) BGP, (7) ISUP, or (8) TCAP dissectors. | |||||
| CVE-2004-0177 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 5.0 MEDIUM | N/A |
| The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device. | |||||
| CVE-2004-0178 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 2.1 LOW | N/A |
| The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before 2.4.26, when operating in 16 bit mode, does not properly handle certain sample sizes, which allows local users to cause a denial of service (crash) via a sample with an odd number of bytes. | |||||
| CVE-2004-0154 | 1 Nfs | 1 Nfs-utils | 2017-10-11 | 5.0 MEDIUM | N/A |
| rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers to cause a denial of service (crash) via an NFS mount of a directory from a client whose reverse DNS lookup name is different from the forward lookup name. | |||||
| CVE-2003-0925 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 7.5 HIGH | N/A |
| Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed GTP MSISDN string. | |||||
| CVE-2003-0926 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Ethereal 0.9.15 and earlier, and Tethereal, allows remote attackers to cause a denial of service (crash) via certain malformed (1) ISAKMP or (2) MEGACO packets. | |||||
| CVE-2003-0462 | 2 Linux, Mandrakesoft | 4 Linux Kernel, Mandrake Linux, Mandrake Linux Corporate Server and 1 more | 2017-10-11 | 1.2 LOW | N/A |
| A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash). | |||||
| CVE-2003-0927 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SOCKS dissector. | |||||
| CVE-2004-0415 | 3 Linux, Redhat, Trustix | 3 Linux Kernel, Fedora Core, Secure Linux | 2017-10-11 | 2.1 LOW | N/A |
| Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory. | |||||
| CVE-2004-0181 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 2.1 LOW | N/A |
| The JFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the JFS file system, which allows local users to obtain sensitive information by reading the raw device. | |||||
| CVE-2004-0447 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 7.2 HIGH | N/A |
| Unknown vulnerability in Linux before 2.4.26 for IA64 allows local users to cause a denial of service, with unknown impact. NOTE: due to a typo, this issue was accidentally assigned CVE-2004-0477. This is the proper candidate to use for the Linux local DoS. | |||||
| CVE-2004-0183 | 1 Lbl | 1 Tcpdump | 2017-10-11 | 5.0 MEDIUM | N/A |
| TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite. | |||||
| CVE-2003-0848 | 1 Slocate | 1 Slocate | 2017-10-11 | 4.6 MEDIUM | N/A |
| Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used. | |||||
| CVE-2003-0432 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 10.0 HIGH | N/A |
| Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors. | |||||
| CVE-2003-0951 | 1 Hp | 1 Hp-ux | 2017-10-11 | 7.5 HIGH | N/A |
| Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate certificates that are provided by the cimserver, which allows attackers to obtain sensitive data or gain privileges. | |||||
| CVE-2003-0854 | 2 Gnu, Washington University | 2 Fileutils, Wu-ftpd | 2017-10-11 | 2.1 LOW | N/A |
| ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd. | |||||
| CVE-2004-0409 | 1 Xchat | 1 Xchat | 2017-10-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the Socks-5 proxy code for XChat 1.8.0 to 2.0.8, with socks5 traversal enabled, allows remote attackers to execute arbitrary code. | |||||
| CVE-2004-0084 | 2 Openbsd, Xfree86 Project | 2 Openbsd, X11r6 | 2017-10-11 | 10.0 HIGH | N/A |
| Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106. | |||||
| CVE-2004-0083 | 2 Openbsd, Xfree86 Project | 2 Openbsd, X11r6 | 2017-10-11 | 10.0 HIGH | N/A |
| Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106. | |||||
| CVE-2004-0010 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges. | |||||
| CVE-2003-0431 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 10.0 HIGH | N/A |
| The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not properly handle a zero-length buffer size, with unknown consequences. | |||||
| CVE-2003-0461 | 1 Redhat | 1 Linux | 2017-10-11 | 2.1 LOW | N/A |
| /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords. | |||||
| CVE-2001-0607 | 1 Hp | 1 Hp-ux | 2017-10-11 | 4.6 MEDIUM | N/A |
| asecure as included with HP-UX 10.01 through 11.00 can allow a local attacker to create a denial of service and gain additional privileges via unsafe permissions on the asecure program, a different vulnerability than CVE-2000-0083. | |||||
| CVE-2003-0430 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (crash) via an invalid ASN.1 value. | |||||
| CVE-2004-1056 | 2 Linux, Ubuntu | 2 Linux Kernel, Ubuntu Linux | 2017-10-11 | 6.4 MEDIUM | N/A |
| Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not properly check the DMA lock, which could allow remote attackers or local users to cause a denial of service (X Server crash) and possibly modify the video output. | |||||
| CVE-2004-0184 | 1 Lbl | 1 Tcpdump | 2017-10-11 | 5.0 MEDIUM | N/A |
| Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite. | |||||
| CVE-2004-0055 | 1 Lbl | 1 Tcpdump | 2017-10-11 | 5.0 MEDIUM | N/A |
| The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value. | |||||
| CVE-2004-1057 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2017-10-11 | 7.2 HIGH | N/A |
| Multiple drivers in Linux kernel 2.4.19 and earlier do not properly mark memory with the VM_IO flag, which causes incorrect reference counts and may lead to a denial of service (kernel panic) when accessing freed kernel pages. | |||||
| CVE-2004-0054 | 1 Cisco | 1 Ios | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple vulnerabilities in the H.323 protocol implementation for Cisco IOS 11.3T through 12.2T allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. | |||||
| CVE-2004-1036 | 2 Gentoo, Squirrelmail | 2 Linux, Squirrelmail | 2017-10-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML. | |||||
| CVE-2004-0421 | 4 Greg Roelofs, Openpkg, Redhat and 1 more | 8 Libpng, Libpng3, Openpkg and 5 more | 2017-10-11 | 5.0 MEDIUM | N/A |
| The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message. | |||||
| CVE-2004-0419 | 3 Gentoo, X.org, Xfree86 Project | 3 Linux, X11r6, Xdm | 2017-10-11 | 7.5 HIGH | N/A |
| XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions. | |||||
| CVE-2004-0832 | 1 Squid | 1 Squid | 2017-10-11 | 5.0 MEDIUM | N/A |
| The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be passed to memcpy. | |||||
| CVE-2004-1392 | 1 Php | 1 Php | 2017-10-11 | 5.0 MEDIUM | N/A |
| PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function. | |||||
| CVE-2004-0975 | 3 Gentoo, Mandrakesoft, Openssl | 5 Linux, Mandrake Linux, Mandrake Linux Corporate Server and 2 more | 2017-10-11 | 2.1 LOW | N/A |
| The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. | |||||
| CVE-2005-0592 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value. | |||||
| CVE-2004-0976 | 1 Larry Wall | 1 Perl | 2017-10-11 | 2.1 LOW | N/A |
| Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. | |||||
| CVE-2004-0977 | 4 Mandrakesoft, Postgresql, Redhat and 1 more | 6 Mandrake Linux, Mandrake Linux Corporate Server, Postgresql and 3 more | 2017-10-11 | 2.1 LOW | N/A |
| The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files. | |||||
| CVE-2005-0591 | 1 Mozilla | 1 Firefox | 2017-10-11 | 2.6 LOW | N/A |
| Firefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka "Firespoofing." | |||||
| CVE-2005-0590 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2017-10-11 | 5.0 MEDIUM | N/A |
| The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real hostname. | |||||
| CVE-2005-0589 | 1 Mozilla | 1 Firefox | 2017-10-11 | 5.0 MEDIUM | N/A |
| The Form Fill feature in Firefox before 1.0.1 allows remote attackers to steal potentially sensitive information via an input control that monitors the values that are generated by the autocomplete capability. | |||||
| CVE-2005-0588 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-11 | 5.0 MEDIUM | N/A |
| Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system. | |||||
| CVE-2004-0233 | 3 Sgi, Slackware, Utempter | 3 Propack, Slackware Linux, Utempter | 2017-10-11 | 2.1 LOW | N/A |
| Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files. | |||||
| CVE-2004-0235 | 8 Clearswift, F-secure, Rarlab and 5 more | 13 Mailsweeper, F-secure Anti-virus, F-secure For Firewalls and 10 more | 2017-10-11 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path"). | |||||
| CVE-2005-0587 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-11 | 2.6 LOW | N/A |
| Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file. | |||||
| CVE-2005-0586 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-11 | 2.6 LOW | N/A |
| Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content. | |||||