Search
Total
1567 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1282 | 2 Mozilla, Redhat | 4 Seamonkey, Thunderbird, Enterprise Linux and 1 more | 2017-10-11 | 9.3 HIGH | N/A |
| Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line. | |||||
| CVE-2006-5753 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop | 2017-10-11 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges via unknown vectors. | |||||
| CVE-2007-0773 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2017-10-11 | 4.6 MEDIUM | N/A |
| The Linux kernel before 2.6.9-42.0.8 in Red Hat 4.4 allows local users to cause a denial of service (kernel OOPS from null dereference) via fput in a 32-bit ioctl on 64-bit x86 systems, an incomplete fix of CVE-2005-3044.1. | |||||
| CVE-2006-7226 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2017-10-11 | 4.3 MEDIUM | N/A |
| Perl-Compatible Regular Expression (PCRE) library before 6.7 does not properly calculate the compiled memory allocation for regular expressions that involve a quantified "subpattern containing a named recursion or subroutine reference," which allows context-dependent attackers to cause a denial of service (error or crash). | |||||
| CVE-2005-0750 | 5 Conectiva, Linux, Redhat and 2 more | 8 Linux, Linux Kernel, Enterprise Linux and 5 more | 2017-10-11 | 7.2 HIGH | N/A |
| The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value. | |||||
| CVE-2005-3631 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2017-10-11 | 4.6 MEDIUM | N/A |
| udev does not properly set permissions on certain files in /dev/input, which allows local users to obtain sensitive data that is entered at the console, such as user passwords. | |||||
| CVE-2005-1760 | 1 Redhat | 4 Enterprise Linux, Enterprise Linux Desktop, Linux Advanced Workstation and 1 more | 2017-10-11 | 7.5 HIGH | N/A |
| sysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the password for a proxy server in plaintext and allows local users to gain privileges. | |||||
| CVE-2005-1194 | 1 Redhat | 3 Enterprise Linux, Enterprise Linux Desktop, Linux Advanced Workstation | 2017-10-11 | 4.6 MEDIUM | N/A |
| Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287. | |||||
| CVE-2005-0988 | 7 Freebsd, Gentoo, Gnu and 4 more | 13 Freebsd, Linux, Gzip and 10 more | 2017-10-11 | 3.7 LOW | N/A |
| Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. | |||||
| CVE-2005-2100 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2017-10-11 | 2.1 LOW | N/A |
| The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows local users to cause a denial of service (crash). | |||||
| CVE-2005-0757 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2017-10-11 | 2.1 LOW | N/A |
| The xattr file system code, as backported in Red Hat Enterprise Linux 3 on 64-bit systems, does not properly handle certain offsets, which allows local users to cause a denial of service (system crash) via certain actions on an ext3 file system with extended attributes enabled. | |||||
| CVE-2006-2933 | 2 Kde, Redhat | 3 Kde, Enterprise Linux, Enterprise Linux Desktop | 2017-10-11 | 4.6 MEDIUM | N/A |
| kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat Enterprise Linux (RHEL) 3 does not properly terminate, which can prevent the screensaver from activating or prevent users from manually locking the desktop. | |||||
| CVE-2004-0421 | 4 Greg Roelofs, Openpkg, Redhat and 1 more | 8 Libpng, Libpng3, Openpkg and 5 more | 2017-10-11 | 5.0 MEDIUM | N/A |
| The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message. | |||||
| CVE-2005-0699 | 4 Altlinux, Conectiva, Ethereal Group and 1 more | 6 Alt Linux, Linux, Ethereal and 3 more | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (packet-3g-a11.c) for Ethereal 0.10.9 and earlier allow remote attackers to execute arbitrary code via RADIUS authentication packets with large length values. | |||||
| CVE-2005-0403 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2017-10-11 | 7.2 HIGH | N/A |
| init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat Enterprise Linux 3 does not properly clear controlling tty's in multi-threaded applications, which allows local users to cause a denial of service (crash) and possibly gain tty access via unknown attack vectors that trigger an access of a pointer to a freed structure. | |||||
| CVE-2005-0398 | 6 Altlinux, Ipsec-tools, Kame and 3 more | 7 Alt Linux, Ipsec-tools, Racoon and 4 more | 2017-10-11 | 5.0 MEDIUM | N/A |
| The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets. | |||||
| CVE-2005-0337 | 3 Redhat, Suse, Wietse Venema | 4 Enterprise Linux, Enterprise Linux Desktop, Suse Linux and 1 more | 2017-10-11 | 7.5 HIGH | N/A |
| Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname. | |||||
| CVE-2005-0207 | 4 Conectiva, Linux, Redhat and 1 more | 5 Linux, Linux Kernel, Enterprise Linux and 2 more | 2017-10-11 | 2.1 LOW | N/A |
| Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT. | |||||
| CVE-2005-0206 | 15 Ascii, Cstex, Debian and 12 more | 22 Ptex, Cstetex, Debian Linux and 19 more | 2017-10-11 | 7.5 HIGH | N/A |
| The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. | |||||
| CVE-2005-0092 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2017-10-11 | 2.1 LOW | N/A |
| Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when running on x86 with the hugemem kernel, allows local users to cause a denial of service (crash). | |||||
| CVE-2005-0091 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2017-10-11 | 7.2 HIGH | N/A |
| Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when using the hugemem kernel, allows local users to read and write to arbitrary kernel memory and gain privileges via certain syscalls. | |||||
| CVE-2005-0090 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2017-10-11 | 2.1 LOW | N/A |
| A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch omits an "access check," which allows local users to cause a denial of service (crash). | |||||
| CVE-2005-0086 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2017-10-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file, as demonstrated using the UTF-8 locale. | |||||
| CVE-2005-0078 | 3 Debian, Kde, Redhat | 5 Debian Linux, Kde, Enterprise Linux and 2 more | 2017-10-11 | 4.6 MEDIUM | N/A |
| The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session. | |||||
| CVE-2005-0003 | 4 Avaya, Linux, Mandrakesoft and 1 more | 15 Converged Communications Server, Intuity Audix, Mn100 and 12 more | 2017-10-11 | 2.1 LOW | N/A |
| The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file. | |||||
| CVE-2005-0001 | 3 Linux, Redhat, Trustix | 4 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 1 more | 2017-10-11 | 6.9 MEDIUM | N/A |
| Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor machines, allows local users to execute arbitrary code via concurrent threads that share the same virtual memory space and simultaneously request stack expansion. | |||||
| CVE-2004-1613 | 3 Mozilla, Redhat, Sgi | 7 Mozilla, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2017-10-11 | 5.0 MEDIUM | N/A |
| Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme. | |||||
| CVE-2004-1237 | 3 Linux, Redhat, Suse | 4 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 1 more | 2017-10-11 | 2.1 LOW | N/A |
| Unknown vulnerability in the system call filtering code in the audit subsystem for Red Hat Enterprise Linux 3 allows local users to cause a denial of service (system crash) via unknown vectors. | |||||
| CVE-2004-1235 | 7 Avaya, Conectiva, Linux and 4 more | 20 Converged Communications Server, Intuity Audix, Mn100 and 17 more | 2017-10-11 | 6.2 MEDIUM | N/A |
| Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor. | |||||
| CVE-2004-1145 | 7 Altlinux, Conectiva, Debian and 4 more | 9 Alt Linux, Linux, Debian Linux and 6 more | 2017-10-11 | 5.0 MEDIUM | N/A |
| Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files. | |||||
| CVE-2004-1139 | 7 Altlinux, Conectiva, Debian and 4 more | 9 Alt Linux, Linux, Debian Linux and 6 more | 2017-10-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service (application crash). | |||||
| CVE-2004-1072 | 5 Linux, Redhat, Suse and 2 more | 8 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2017-10-11 | 7.2 HIGH | N/A |
| The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to cause a denial of service (hang) and possibly execute arbitrary code. | |||||
| CVE-2004-1071 | 5 Linux, Redhat, Suse and 2 more | 8 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2017-10-11 | 7.2 HIGH | N/A |
| The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code. | |||||
| CVE-2004-1070 | 5 Linux, Redhat, Suse and 2 more | 8 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2017-10-11 | 7.2 HIGH | N/A |
| The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary code. | |||||
| CVE-2004-1068 | 3 Linux, Redhat, Ubuntu | 5 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 2 more | 2017-10-11 | 6.2 MEDIUM | N/A |
| A "missing serialization" error in the unix_dgram_recvmsg function in Linux 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain privileges via a race condition. | |||||
| CVE-2004-0949 | 5 Linux, Redhat, Suse and 2 more | 8 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2017-10-11 | 6.4 MEDIUM | N/A |
| The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to an arbitrary number by sending the first part of the fragmented packet multiple times. | |||||
| CVE-2004-0930 | 5 Conectiva, Gentoo, Redhat and 2 more | 8 Linux, Linux, Enterprise Linux and 5 more | 2017-10-11 | 5.0 MEDIUM | N/A |
| The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters. | |||||
| CVE-2004-0883 | 5 Linux, Redhat, Suse and 2 more | 8 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2017-10-11 | 6.4 MEDIUM | N/A |
| Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returning a data offset from outside the samba packet to the smb_proc_readX function, (3) sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function, (4) sending a samba packet with a certain header size to the smb_proc_readX_data function, or (5) sending a certain packet based offset for the data in a packet to the smb_receive_trans2 function. | |||||
| CVE-2004-0827 | 9 Conectiva, Enlightenment, Imagemagick and 6 more | 14 Linux, Imlib, Imlib2 and 11 more | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files. | |||||
| CVE-2004-0803 | 9 Apple, Kde, Libtiff and 6 more | 13 Mac Os X, Mac Os X Server, Kde and 10 more | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files. | |||||
| CVE-2004-0685 | 3 Linux, Redhat, Trustix | 4 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 1 more | 2017-10-11 | 4.6 MEDIUM | N/A |
| Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage. | |||||
| CVE-2004-0607 | 3 Ipsec-tools, Kame, Redhat | 4 Ipsec-tools, Racoon, Enterprise Linux and 1 more | 2017-10-11 | 10.0 HIGH | N/A |
| The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication. | |||||
| CVE-2004-0557 | 4 Conectiva, Gentoo, Redhat and 1 more | 6 Linux, Linux, Enterprise Linux and 3 more | 2017-10-11 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields. | |||||
| CVE-2004-0494 | 2 Avaya, Redhat | 4 Cvlan, Enterprise Linux, Enterprise Linux Desktop and 1 more | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple extfs backend scripts for GNOME virtual file system (VFS) before 1.0.1 may allow remote attackers to perform certain unauthorized actions via a gnome-vfs URI. | |||||
| CVE-2004-0977 | 4 Mandrakesoft, Postgresql, Redhat and 1 more | 6 Mandrake Linux, Mandrake Linux Corporate Server, Postgresql and 3 more | 2017-10-11 | 2.1 LOW | N/A |
| The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files. | |||||
| CVE-2004-0968 | 2 Gnu, Redhat | 3 Glibc, Enterprise Linux, Enterprise Linux Desktop | 2017-10-11 | 2.1 LOW | N/A |
| The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files. | |||||
| CVE-2004-0905 | 5 Conectiva, Mozilla, Netscape and 2 more | 10 Linux, Firefox, Mozilla and 7 more | 2017-10-11 | 4.6 MEDIUM | N/A |
| Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain. | |||||
| CVE-2004-0904 | 4 Conectiva, Mozilla, Netscape and 1 more | 10 Linux, Firefox, Mozilla and 7 more | 2017-10-11 | 10.0 HIGH | N/A |
| Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows. | |||||
| CVE-2004-0903 | 4 Conectiva, Mozilla, Redhat and 1 more | 9 Linux, Mozilla, Thunderbird and 6 more | 2017-10-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message. | |||||
| CVE-2004-0888 | 11 Debian, Easy Software Products, Gentoo and 8 more | 16 Debian Linux, Cups, Linux and 13 more | 2017-10-11 | 10.0 HIGH | N/A |
| Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889. | |||||