Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0619 | 1 Redhat | 3 Fedora Core, Kernel, Linux | 2017-10-11 | 7.2 HIGH | N/A |
| Integer overflow in the ubsec_keysetup function for Linux Broadcom 5820 cryptonet driver allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a negative add_dsa_buf_bytes variable, which leads to a buffer overflow. | |||||
| CVE-2005-0207 | 4 Conectiva, Linux, Redhat and 1 more | 5 Linux, Linux Kernel, Enterprise Linux and 2 more | 2017-10-11 | 2.1 LOW | N/A |
| Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT. | |||||
| CVE-2005-0206 | 15 Ascii, Cstex, Debian and 12 more | 22 Ptex, Cstetex, Debian Linux and 19 more | 2017-10-11 | 7.5 HIGH | N/A |
| The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. | |||||
| CVE-2005-0205 | 2 Bernd Wuebben, Kde | 2 Kppp, Kde | 2017-10-11 | 4.6 MEDIUM | N/A |
| KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/resolv.conf and gain control over DNS name resolution by opening a number of file descriptors before executing kppp. | |||||
| CVE-2005-0204 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 2.1 LOW | N/A |
| Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T architectures, allows local users to write to privileged IO ports via the OUTS instruction. | |||||
| CVE-2005-0202 | 1 Gnu | 1 Mailman | 2017-10-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences. | |||||
| CVE-2004-0653 | 1 Sun | 1 Solaris | 2017-10-11 | 2.1 LOW | N/A |
| Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by reading log files. | |||||
| CVE-2005-0198 | 1 University Of Washington | 1 Uw-imap | 2017-10-11 | 7.5 HIGH | N/A |
| A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users. | |||||
| CVE-2005-0196 | 1 Cisco | 1 Ios | 2017-10-11 | 5.0 MEDIUM | N/A |
| Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp log-neighbor-changes command, allows remote attackers to cause a denial of service (device reload) via a malformed BGP packet. | |||||
| CVE-2005-0195 | 1 Cisco | 1 Ios | 2017-10-11 | 5.0 MEDIUM | N/A |
| Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a denial of service (device restart) via a crafted IPv6 packet. | |||||
| CVE-2005-0186 | 1 Cisco | 1 Ios | 2017-10-11 | 5.0 MEDIUM | N/A |
| Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS Telephony Service (ITS), CallManager Express (CME) or Survivable Remote Site Telephony (SRST), allows remote attackers to cause a denial of service (device reboot) via a malformed packet to the SCCP port. | |||||
| CVE-2005-0142 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2017-10-11 | 2.1 LOW | N/A |
| Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF. | |||||
| CVE-2005-0141 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-11 | 2.6 LOW | N/A |
| Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab. | |||||
| CVE-2005-0137 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 2.1 LOW | N/A |
| Linux kernel 2.6 on Itanium (ia64) architectures allows local users to cause a denial of service via a "missing Itanium syscall table entry." | |||||
| CVE-2005-0135 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 2.1 LOW | N/A |
| The unw_unwind_to_user function in unwind.c on Itanium (ia64) architectures in Linux kernel 2.6 allows local users to cause a denial of service (system crash). | |||||
| CVE-2004-0685 | 3 Linux, Redhat, Trustix | 4 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 1 more | 2017-10-11 | 4.6 MEDIUM | N/A |
| Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage. | |||||
| CVE-2005-0104 | 1 Squirrelmail | 1 Squirrelmail | 2017-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables. | |||||
| CVE-2005-0097 | 1 Squid | 1 Squid | 2017-10-11 | 5.0 MEDIUM | N/A |
| The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference. | |||||
| CVE-2005-0096 | 1 Squid | 1 Squid | 2017-10-11 | 5.0 MEDIUM | N/A |
| Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption). | |||||
| CVE-2004-0710 | 1 Cisco | 1 Ios | 2017-10-11 | 5.0 MEDIUM | N/A |
| IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series Switch and the Cisco 7600 Series Internet Routers running IOS before 12.2(17b)SXA, before 12.2(17d)SXB, or before 12.2(14)SY03 could allow remote attackers to cause a denial of service (device crash and reload) via a malformed Internet Key Exchange (IKE) packet. | |||||
| CVE-2005-0095 | 1 Squid | 1 Squid | 2017-10-11 | 5.0 MEDIUM | N/A |
| The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers. | |||||
| CVE-2005-0094 | 1 Squid | 1 Squid | 2017-10-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses. | |||||
| CVE-2005-0092 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2017-10-11 | 2.1 LOW | N/A |
| Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when running on x86 with the hugemem kernel, allows local users to cause a denial of service (crash). | |||||
| CVE-2005-0091 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2017-10-11 | 7.2 HIGH | N/A |
| Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when using the hugemem kernel, allows local users to read and write to arbitrary kernel memory and gain privileges via certain syscalls. | |||||
| CVE-2005-0090 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2017-10-11 | 2.1 LOW | N/A |
| A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch omits an "access check," which allows local users to cause a denial of service (crash). | |||||
| CVE-2004-1025 | 3 Enlightenment, Gentoo, Redhat | 3 Imlib, Linux, Linux | 2017-10-11 | 10.0 HIGH | N/A |
| Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files. | |||||
| CVE-2004-0718 | 3 Firebirdsql, Mozilla, Netscape | 3 Firebird, Mozilla, Navigator | 2017-10-11 | 7.5 HIGH | N/A |
| The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. | |||||
| CVE-2004-0721 | 1 Kde | 1 Konqueror | 2017-10-11 | 7.5 HIGH | N/A |
| Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. | |||||
| CVE-2004-0722 | 2 Mozilla, Netscape | 2 Mozilla, Navigator | 2017-10-11 | 10.0 HIGH | N/A |
| Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code. | |||||
| CVE-2005-0086 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2017-10-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file, as demonstrated using the UTF-8 locale. | |||||
| CVE-2005-0085 | 4 Htdig, Mandrakesoft, Redhat and 1 more | 5 Htdig, Mandrake Linux, Mandrake Linux Corporate Server and 2 more | 2017-10-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message. | |||||
| CVE-2005-0084 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 7.5 HIGH | N/A |
| Buffer overflow in the X11 dissector in Ethereal 0.8.10 through 0.10.8 allows remote attackers to execute arbitrary code via a crafted packet. | |||||
| CVE-2005-0150 | 1 Mozilla | 1 Firefox | 2017-10-11 | 5.0 MEDIUM | N/A |
| Firefox before 1.0 allows the user to store a (1) javascript: or (2) data: URLs as a Livefeed bookmark, then executes it in the security context of the currently loaded page when the user later accesses the bookmark, which could allow remote attackers to execute arbitrary code. | |||||
| CVE-2005-0078 | 3 Debian, Kde, Redhat | 5 Debian Linux, Kde, Enterprise Linux and 2 more | 2017-10-11 | 4.6 MEDIUM | N/A |
| The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session. | |||||
| CVE-2004-0733 | 1 Ollydbg | 1 Ollydbg | 2017-10-11 | 7.5 HIGH | N/A |
| Format string vulnerability in OllyDbg 1.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are directly provided to the OutputDebugString function call. | |||||
| CVE-2004-1026 | 3 Enlightenment, Gentoo, Redhat | 3 Imlib, Linux, Linux | 2017-10-11 | 10.0 HIGH | N/A |
| Multiple integer overflows in the image handler for imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files. | |||||
| CVE-2005-0149 | 1 Mozilla | 2 Mozilla, Thunderbird | 2017-10-11 | 5.0 MEDIUM | N/A |
| Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages. | |||||
| CVE-2004-0745 | 1 Tsugio Okamoto | 1 Lha | 2017-10-11 | 10.0 HIGH | N/A |
| LHA 1.14 and earlier allows attackers to execute arbitrary commands via a directory with shell metacharacters in its name. | |||||
| CVE-2004-0746 | 4 Gentoo, Kde, Mandrakesoft and 1 more | 5 Linux, Kde, Konqueror and 2 more | 2017-10-11 | 7.5 HIGH | N/A |
| Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. | |||||
| CVE-2004-0752 | 1 Openoffice | 1 Openoffice | 2017-10-11 | 2.1 LOW | N/A |
| OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or list files of other users. | |||||
| CVE-2005-0148 | 1 Mozilla | 1 Thunderbird | 2017-10-11 | 5.0 MEDIUM | N/A |
| Thunderbird before 0.9, when running on Windows systems, uses the default handler when processing javascript: links, which invokes Internet Explorer and may expose the Thunderbird user to vulnerabilities in the version of Internet Explorer that is installed on the user's system. NOTE: since the invocation between multiple products is a common practice, and the vulnerabilities inherent in multi-product interactions are not easily enumerable, this issue might be REJECTED in the future. | |||||
| CVE-2004-0769 | 1 Mozilla | 1 Bugzilla | 2017-10-11 | 10.0 HIGH | N/A |
| Buffer overflow in LHA allows remote attackers to execute arbitrary code via long pathnames in LHarc format 2 headers for a .LHZ archive, as originally demonstrated using the "x" option but also exploitable through "l" and "v", and fixed in header.c, a different issue than CVE-2004-0771. | |||||
| CVE-2004-0771 | 1 Tsugio Okamoto | 1 Lha | 2017-10-11 | 10.0 HIGH | N/A |
| Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries. | |||||
| CVE-2005-0022 | 1 University Of Cambridge | 1 Exim | 2017-10-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication. | |||||
| CVE-2005-0021 | 1 University Of Cambridge | 1 Exim | 2017-10-11 | 7.2 HIGH | N/A |
| Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function. | |||||
| CVE-2004-0784 | 1 Rob Flynn | 1 Gaim | 2017-10-11 | 7.5 HIGH | N/A |
| The smiley theme functionality in Gaim before 0.82 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of the tar file that is dragged to the smiley selector. | |||||
| CVE-2004-0785 | 1 Rob Flynn | 1 Gaim | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Gaim before 0.82 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) Rich Text Format (RTF) messages, (2) a long hostname for the local system as obtained from DNS, or (3) a long URL that is not properly handled by the URL decoder. | |||||
| CVE-2004-0796 | 1 Spamassassin | 1 Spamassassin | 2017-10-11 | 5.0 MEDIUM | N/A |
| SpamAssassin 2.5x, and 2.6x before 2.64, allows remote attackers to cause a denial of service via certain malformed messages. | |||||
| CVE-2005-0147 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-11 | 7.5 HIGH | N/A |
| Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials. | |||||
| CVE-2005-0146 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-11 | 5.0 MEDIUM | N/A |
| Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to obtain sensitive data from the clipboard via Javascript that generates a middle-click event on systems for which a middle-click performs a paste operation. | |||||