Total
154 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-1030 | 2 Gentoo, Thibault Godouet | 2 Linux, Fcron | 2023-12-10 | 2.1 LOW | N/A |
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to gain sensitive information by calling fcronsighup with an arbitrary file, which reveals the contents of the file that can not be parsed in an error message. | |||||
CVE-2004-1117 | 1 Gentoo | 1 Linux | 2023-12-10 | 7.2 HIGH | N/A |
The init scripts in ChessBrain 20407 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs. | |||||
CVE-2004-1107 | 1 Gentoo | 1 Linux | 2023-12-10 | 2.1 LOW | N/A |
dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
CVE-2004-1091 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2023-12-10 | 5.0 MEDIUM | N/A |
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference. | |||||
CVE-2004-1116 | 1 Gentoo | 1 Linux | 2023-12-10 | 7.2 HIGH | N/A |
The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs. | |||||
CVE-2004-1036 | 2 Gentoo, Squirrelmail | 2 Linux, Squirrelmail | 2023-12-10 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML. | |||||
CVE-2004-0888 | 11 Debian, Easy Software Products, Gentoo and 8 more | 16 Debian Linux, Cups, Linux and 13 more | 2023-12-10 | 10.0 HIGH | N/A |
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889. | |||||
CVE-2004-1161 | 2 Gentoo, Rssh | 2 Linux, Rssh | 2023-12-10 | 7.5 HIGH | N/A |
rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S. | |||||
CVE-2004-1110 | 2 Gentoo, Jean-jacques Sarton | 2 Linux, Mtink | 2023-12-10 | 2.1 LOW | N/A |
The mtink status monitor before 1.0.5 for Epson printers allows local users to overwrite arbitrary files via a symlink attack on the epson temporary file. | |||||
CVE-2004-1004 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2023-12-10 | 7.5 HIGH | N/A |
Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact. | |||||
CVE-2006-3005 | 1 Gentoo | 2 Linux, Media-libs Jpeg | 2023-12-10 | 5.0 MEDIUM | N/A |
The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted JPEG file that exceeds the intended memory limits. | |||||
CVE-2004-0972 | 2 Gentoo, Lvm | 2 Linux, Logical Volume Management Utilities | 2023-12-10 | 2.1 LOW | N/A |
The lvmcreate_initrd script in the lvm package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. | |||||
CVE-2005-1121 | 2 Gentoo, Igor Khasilev | 2 Linux, Oops Proxy Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Format string vulnerability in the my_xlog function in lib.c for Oops! Proxy Server 1.5.23 and earlier, as called by the auth functions in the passwd_mysql and passwd_pgsql modules, may allow attackers to execute arbitrary code via a URL. | |||||
CVE-2005-0988 | 7 Freebsd, Gentoo, Gnu and 4 more | 13 Freebsd, Linux, Gzip and 10 more | 2023-12-10 | 3.7 LOW | N/A |
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. | |||||
CVE-2004-0934 | 11 Archive Zip, Broadcom, Ca and 8 more | 23 Archive Zip, Brightstor Arcserve Backup, Etrust Antivirus and 20 more | 2023-12-10 | 7.5 HIGH | N/A |
Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. | |||||
CVE-2004-0935 | 11 Archive Zip, Broadcom, Ca and 8 more | 23 Archive Zip, Brightstor Arcserve Backup, Etrust Antivirus and 20 more | 2023-12-10 | 7.5 HIGH | N/A |
Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. | |||||
CVE-2004-0933 | 11 Archive Zip, Broadcom, Ca and 8 more | 23 Archive Zip, Brightstor Arcserve Backup, Etrust Antivirus and 20 more | 2023-12-10 | 7.5 HIGH | N/A |
Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor 2.0 through 2.4, and EZ-Antivirus 6.1 through 6.3 allow remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. | |||||
CVE-2005-0535 | 2 Gentoo, Mediawiki | 2 Linux, Mediawiki | 2023-12-10 | 7.5 HIGH | N/A |
Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users. | |||||
CVE-2005-0667 | 5 Altlinux, Gentoo, Redhat and 2 more | 7 Alt Linux, Linux, Enterprise Linux and 4 more | 2023-12-10 | 5.1 MEDIUM | N/A |
Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message. | |||||
CVE-2005-3626 | 18 Conectiva, Debian, Easy Software Products and 15 more | 33 Linux, Debian Linux, Cups and 30 more | 2023-12-10 | 5.0 MEDIUM | N/A |
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. |