Total
72 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-0930 | 5 Conectiva, Gentoo, Redhat and 2 more | 8 Linux, Linux, Enterprise Linux and 5 more | 2024-02-04 | 5.0 MEDIUM | N/A |
The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters. | |||||
CVE-2004-0883 | 5 Linux, Redhat, Suse and 2 more | 8 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2024-02-04 | 6.4 MEDIUM | N/A |
Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returning a data offset from outside the samba packet to the smb_proc_readX function, (3) sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function, (4) sending a samba packet with a certain header size to the smb_proc_readX_data function, or (5) sending a certain packet based offset for the data in a packet to the smb_receive_trans2 function. | |||||
CVE-2004-0903 | 4 Conectiva, Mozilla, Redhat and 1 more | 9 Linux, Mozilla, Thunderbird and 6 more | 2024-02-04 | 10.0 HIGH | N/A |
Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message. | |||||
CVE-2004-1009 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2024-02-04 | 5.0 MEDIUM | N/A |
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors. | |||||
CVE-2005-3626 | 18 Conectiva, Debian, Easy Software Products and 15 more | 33 Linux, Debian Linux, Cups and 30 more | 2024-02-04 | 5.0 MEDIUM | N/A |
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. | |||||
CVE-2004-0886 | 9 Apple, Kde, Libtiff and 6 more | 13 Mac Os X, Mac Os X Server, Kde and 10 more | 2024-02-04 | 5.0 MEDIUM | N/A |
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls. | |||||
CVE-2005-3625 | 18 Conectiva, Debian, Easy Software Products and 15 more | 33 Linux, Debian Linux, Cups and 30 more | 2024-02-04 | 10.0 HIGH | N/A |
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." | |||||
CVE-2004-1092 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2024-02-04 | 5.0 MEDIUM | N/A |
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory. | |||||
CVE-2005-1918 | 2 Gnu, Redhat | 4 Tar, Enterprise Linux, Enterprise Linux Desktop and 1 more | 2024-02-04 | 2.6 LOW | N/A |
The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/". | |||||
CVE-2004-1068 | 3 Linux, Redhat, Ubuntu | 5 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 2 more | 2024-02-04 | 6.2 MEDIUM | N/A |
A "missing serialization" error in the unix_dgram_recvmsg function in Linux 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain privileges via a race condition. | |||||
CVE-2004-1090 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2024-02-04 | 5.0 MEDIUM | N/A |
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header." | |||||
CVE-2004-1005 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2024-02-04 | 7.5 HIGH | N/A |
Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact. | |||||
CVE-2004-1074 | 5 Linux, Redhat, Suse and 2 more | 8 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2024-02-04 | 2.1 LOW | N/A |
The binfmt functionality in the Linux kernel, when "memory overcommit" is enabled, allows local users to cause a denial of service (kernel oops) via a malformed a.out binary. | |||||
CVE-2005-1760 | 1 Redhat | 4 Enterprise Linux, Enterprise Linux Desktop, Linux Advanced Workstation and 1 more | 2024-02-04 | 7.5 HIGH | N/A |
sysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the password for a proxy server in plaintext and allows local users to gain privileges. | |||||
CVE-2004-1091 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2024-02-04 | 5.0 MEDIUM | N/A |
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference. | |||||
CVE-2005-0078 | 3 Debian, Kde, Redhat | 5 Debian Linux, Kde, Enterprise Linux and 2 more | 2024-02-04 | 4.6 MEDIUM | N/A |
The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session. | |||||
CVE-2005-0206 | 15 Ascii, Cstex, Debian and 12 more | 22 Ptex, Cstetex, Debian Linux and 19 more | 2024-02-04 | 7.5 HIGH | N/A |
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. | |||||
CVE-2004-1073 | 5 Linux, Redhat, Suse and 2 more | 8 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2024-02-04 | 2.1 LOW | N/A |
The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality. | |||||
CVE-2004-1070 | 5 Linux, Redhat, Suse and 2 more | 8 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2024-02-04 | 7.2 HIGH | N/A |
The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary code. | |||||
CVE-2004-0949 | 5 Linux, Redhat, Suse and 2 more | 8 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2024-02-04 | 6.4 MEDIUM | N/A |
The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to an arbitrary number by sending the first part of the fragmented packet multiple times. |