Total
8819 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-1999-1572 | 5 Debian, Freebsd, Mandrakesoft and 2 more | 6 Debian Linux, Freebsd, Mandrake Linux and 3 more | 2023-12-10 | 2.1 LOW | N/A |
cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files. | |||||
CVE-2000-0666 | 5 Conectiva, Debian, Redhat and 2 more | 5 Linux, Debian Linux, Linux and 2 more | 2023-12-10 | 10.0 HIGH | N/A |
rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges. | |||||
CVE-2001-0279 | 2 Debian, Mandrakesoft | 3 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server | 2023-12-10 | 7.2 HIGH | N/A |
Buffer overflow in sudo earlier than 1.6.3p6 allows local users to gain root privileges. | |||||
CVE-2000-1135 | 1 Debian | 1 Debian Linux | 2023-12-10 | 4.6 MEDIUM | N/A |
fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite files of other users via a symlink attack. | |||||
CVE-2001-0233 | 3 Debian, Matthew Smith, Redhat | 3 Debian Linux, Micq, Linux | 2023-12-10 | 10.0 HIGH | N/A |
Buffer overflow in micq client 0.4.6 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Description field. | |||||
CVE-2004-0455 | 2 Debian, Www-sql Project | 2 Debian Linux, Www-sql | 2023-12-10 | 7.2 HIGH | N/A |
Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to execute arbitrary code via a web page that is processed by www-sql. | |||||
CVE-1999-1565 | 2 Debian, Earl Hood | 2 Debian Linux, Man2html | 2023-12-10 | 4.6 MEDIUM | N/A |
Man2html 2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | |||||
CVE-2000-0289 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Linux | 2023-12-10 | 5.0 MEDIUM | N/A |
IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of an established connection. | |||||
CVE-2001-0112 | 2 Debian, Sam Lantinga | 2 Debian Linux, Splitvt | 2023-12-10 | 7.2 HIGH | N/A |
Multiple buffer overflows in splitvt before 1.6.5 allow local users to execute arbitrary commands. | |||||
CVE-2001-0925 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2023-12-10 | 5.0 MEDIUM | N/A |
The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex. | |||||
CVE-2004-0835 | 3 Debian, Mysql, Oracle | 3 Debian Linux, Mysql, Mysql | 2023-12-10 | 7.5 HIGH | N/A |
MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities. | |||||
CVE-2002-2185 | 6 Debian, Mandrakesoft, Microsoft and 3 more | 11 Debian Linux, Mandrake Linux, Windows 98 and 8 more | 2023-12-10 | 4.9 MEDIUM | N/A |
The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network. | |||||
CVE-1999-0769 | 4 Caldera, Debian, Paul Vixie and 1 more | 4 Openlinux, Debian Linux, Vixie Cron and 1 more | 2023-12-10 | 7.2 HIGH | N/A |
Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable. | |||||
CVE-2003-0367 | 2 Debian, Gnu | 2 Debian Linux, Gzip | 2023-12-10 | 2.1 LOW | N/A |
znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
CVE-2004-0837 | 3 Debian, Mysql, Oracle | 3 Debian Linux, Mysql, Mysql | 2023-12-10 | 2.6 LOW | N/A |
MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs. | |||||
CVE-2003-0648 | 2 Debian, Fte | 2 Debian Linux, Fte Text Editor | 2023-12-10 | 10.0 HIGH | N/A |
Multiple buffer overflows in vfte, based on FTE, before 0.50, allow local users to execute arbitrary code. | |||||
CVE-2001-0977 | 4 Debian, Mandrakesoft, Openldap and 1 more | 6 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server and 3 more | 2023-12-10 | 5.0 MEDIUM | N/A |
slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field. | |||||
CVE-2000-0314 | 5 Debian, Digital, Netbsd and 2 more | 5 Debian Linux, Unix, Netbsd and 2 more | 2023-12-10 | 5.0 MEDIUM | N/A |
traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets the time delay for sending packets to zero. | |||||
CVE-2003-0361 | 1 Debian | 1 Debian Linux | 2023-12-10 | 7.5 HIGH | N/A |
gPS before 1.1.0 does not properly follow the rgpsp connection source acceptation policy as specified in the rgpsp.conf file, which could allow unauthorized remote attackers to connect to rgpsp. | |||||
CVE-2002-0839 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2023-12-10 | 7.2 HIGH | N/A |
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard. |