Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hp | hp-ux | 11.0.4 |
| hp | hp-ux | 11.11 |
| sun | sunos | 5.7 |
| windriver | bsdos | 4.3.1 |
| netbsd | netbsd | 1.6 |
| sun | sunos | - |
| netbsd | netbsd | 1.5 |
| hp | hp-ux | 10.10 |
| sendmail | sendmail | * |
| hp | alphaserver_sc | * |
| netbsd | netbsd | 1.5.1 |
| hp | hp-ux | 11.00 |
| netbsd | netbsd | 1.5.2 |
| gentoo | linux | 1.4 |
| oracle | solaris | 9 |
| oracle | solaris | 8 |
| netbsd | netbsd | 1.5.3 |
| hp | hp-ux | 10.20 |
| sun | sunos | 5.8 |
| hp | hp-ux | 11.22 |
| oracle | solaris | 7.0 |
| oracle | solaris | 2.6 |
| windriver | bsdos | 5.0 |
| windriver | bsdos | 4.2 |
| windriver | platform_sa | 1.0 |
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hp | hp-ux | 11.0.4 |
| netbsd | netbsd | 1.6 |
| sendmail | sendmail | 8.12.6 |
| apple | mac_os_x_server | 10.2.6 |
| sendmail | sendmail | 2.6.2 |
| sendmail | sendmail | 8.12 |
| sendmail | sendmail | 8.10 |
| gentoo | linux | 1.1a |
| netbsd | netbsd | 1.5.1 |
| turbolinux | turbolinux_server | 7.0 |
| turbolinux | turbolinux_advanced_server | 6.0 |
| sendmail | sendmail_switch | 3.0.2 |
| sendmail | sendmail | 8.12.7 |
| sendmail | sendmail | 2.6.1 |
| ibm | aix | 4.3.3 |
| sendmail | sendmail | 8.12.5 |
| sendmail | sendmail_switch | 2.1.1 |
| turbolinux | turbolinux_server | 6.5 |
| apple | mac_os_x | 10.2.2 |
| apple | mac_os_x | 10.2.6 |
| apple | mac_os_x_server | 10.2 |
| sendmail | sendmail | 3.0.3 |
| gentoo | linux | 0.7 |
| ibm | aix | 5.1 |
| apple | mac_os_x_server | 10.2.5 |
| sendmail | sendmail_switch | 3.0.1 |
| apple | mac_os_x_server | 10.2.4 |
| sendmail | sendmail_switch | 3.0 |
| sendmail | sendmail | 2.6 |
| sendmail | advanced_message_server | 1.3 |
| turbolinux | turbolinux_workstation | 6.0 |
| sendmail | sendmail | 8.11.4 |
| sendmail | sendmail | 8.9.3 |
| ibm | aix | 5.2 |
| netbsd | netbsd | 1.4.3 |
| apple | mac_os_x | 10.2.4 |
| sendmail | sendmail | 8.12.3 |
| apple | mac_os_x | 10.2.5 |
| netbsd | netbsd | 1.6.1 |
| sendmail | sendmail | 8.11.2 |
| apple | mac_os_x_server | 10.2.3 |
| openbsd | openbsd | 3.3 |
| sendmail | sendmail | 8.12.2 |
| turbolinux | turbolinux_server | 6.1 |
| gentoo | linux | 1.2 |
| sendmail | sendmail | 8.12.8 |
| sendmail | sendmail | 8.9.0 |
| hp | hp-ux | 11.11 |
| sendmail | advanced_message_server | 1.2 |
| apple | mac_os_x | 10.2 |
| apple | mac_os_x | 10.2.1 |
| sendmail | sendmail | 8.11.0 |
| sendmail | sendmail | 8.11.1 |
| sendmail | sendmail_switch | 2.1.3 |
| sendmail | sendmail | 8.11.6 |
| sendmail | sendmail | 3.0 |
| hp | hp-ux | 11.00 |
| sendmail | sendmail_switch | 2.2.4 |
| netbsd | netbsd | 1.5.2 |
| gentoo | linux | 1.4 |
| sendmail | sendmail_pro | 8.9.3 |
| netbsd | netbsd | 1.5.3 |
| sendmail | sendmail | 8.9.2 |
| gentoo | linux | 0.5 |
| apple | mac_os_x_server | 10.2.1 |
| sendmail | sendmail_switch | 2.1 |
| sendmail | sendmail | 8.12.9 |
| sendmail | sendmail | 8.8.8 |
| turbolinux | turbolinux_workstation | 8.0 |
| turbolinux | turbolinux_server | 8.0 |
| sendmail | sendmail | 8.9.1 |
| turbolinux | turbolinux_workstation | 7.0 |
| sendmail | sendmail | 3.0.1 |
| netbsd | netbsd | 1.5 |
| apple | mac_os_x_server | 10.2.2 |
| sendmail | sendmail | 3.0.2 |
| sendmail | sendmail_switch | 2.2 |
| sendmail | sendmail | 8.12.4 |
| sendmail | sendmail_switch | 2.1.2 |
| sendmail | sendmail_switch | 2.2.2 |
| apple | mac_os_x | 10.2.3 |
| sendmail | sendmail | 8.10.2 |
| sendmail | sendmail | 8.12.1 |
| sendmail | sendmail | 8.12.0 |
| sendmail | sendmail_switch | 2.1.4 |
| openbsd | openbsd | 3.2 |
| sendmail | sendmail | 8.10.1 |
| sendmail | sendmail | 8.11.3 |
| sendmail | sendmail_pro | 8.9.2 |
| sendmail | sendmail_switch | 2.2.5 |
| sendmail | sendmail_switch | 2.2.1 |
| hp | hp-ux | 11.22 |
| sendmail | sendmail_switch | 2.1.5 |
| sendmail | sendmail_switch | 2.2.3 |
| sendmail | sendmail | 8.11.5 |
| sendmail | sendmail_switch | 3.0.3 |
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hp | hp-ux | 11.0.4 |
| freebsd | freebsd | 4.4 |
| netbsd | netbsd | 1.6 |
| sgi | irix | 6.5.16 |
| sgi | irix | 6.5.21m |
| freebsd | freebsd | 4.7 |
| compaq | tru64 | 5.1b_pk2_bl22 |
| sendmail | sendmail | 8.12.6 |
| apple | mac_os_x_server | 10.2.6 |
| sgi | irix | 6.5.21f |
| sendmail | sendmail | 2.6.2 |
| sendmail | sendmail | 8.12 |
| sendmail | sendmail | 8.10 |
| compaq | tru64 | 5.1a_pk1_bl1 |
| gentoo | linux | 1.1a |
| netbsd | netbsd | 1.5.1 |
| turbolinux | turbolinux_server | 7.0 |
| turbolinux | turbolinux_advanced_server | 6.0 |
| sendmail | sendmail_switch | 3.0.2 |
| compaq | tru64 | 5.1a |
| sgi | irix | 6.5.20m |
| freebsd | freebsd | 4.6 |
| sendmail | sendmail | 8.12.7 |
| sendmail | sendmail | 2.6.1 |
| sgi | irix | 6.5.19f |
| sun | sunos | 5.8 |
| compaq | tru64 | 4.0f_pk8_bl22 |
| freebsd | freebsd | 4.5 |
| compaq | tru64 | 5.1a_pk2_bl2 |
| freebsd | freebsd | 4.3 |
| ibm | aix | 4.3.3 |
| compaq | tru64 | 4.0f_pk7_bl18 |
| compaq | tru64 | 5.1 |
| compaq | tru64 | 4.0g_pk4_bl22 |
| sendmail | sendmail | 8.12.5 |
| sendmail | sendmail_switch | 2.1.1 |
| sun | sunos | 5.7 |
| turbolinux | turbolinux_server | 6.5 |
| apple | mac_os_x | 10.2.2 |
| apple | mac_os_x | 10.2.6 |
| sun | sunos | - |
| sun | solaris | 2.6 |
| apple | mac_os_x_server | 10.2 |
| compaq | tru64 | 4.0g |
| sendmail | sendmail | 3.0.3 |
| gentoo | linux | 0.7 |
| compaq | tru64 | 4.0g_pk3_bl17 |
| ibm | aix | 5.1 |
| apple | mac_os_x_server | 10.2.5 |
| sendmail | sendmail_switch | 3.0.1 |
| sgi | irix | 6.5.15 |
| apple | mac_os_x_server | 10.2.4 |
| sendmail | sendmail_switch | 3.0 |
| sendmail | sendmail | 2.6 |
| sendmail | advanced_message_server | 1.3 |
| turbolinux | turbolinux_workstation | 6.0 |
| sun | solaris | 9.0 |
| sendmail | sendmail | 8.11.4 |
| compaq | tru64 | 5.1_pk4_bl18 |
| sun | solaris | 7.0 |
| sendmail | sendmail | 8.9.3 |
| ibm | aix | 5.2 |
| freebsd | freebsd | 4.0 |
| netbsd | netbsd | 1.4.3 |
| apple | mac_os_x | 10.2.4 |
| sendmail | sendmail | 8.12.3 |
| apple | mac_os_x | 10.2.5 |
| netbsd | netbsd | 1.6.1 |
| sendmail | sendmail | 8.11.2 |
| apple | mac_os_x_server | 10.2.3 |
| sendmail | sendmail | 8.12.2 |
| compaq | tru64 | 5.1a_pk5_bl23 |
| turbolinux | turbolinux_server | 6.1 |
| gentoo | linux | 1.2 |
| sendmail | sendmail | 8.12.8 |
| sendmail | sendmail | 8.9.0 |
| hp | hp-ux | 11.11 |
| compaq | tru64 | 5.1_pk5_bl19 |
| sendmail | advanced_message_server | 1.2 |
| sgi | irix | 6.5.17m |
| apple | mac_os_x | 10.2 |
| apple | mac_os_x | 10.2.1 |
| sendmail | sendmail | 8.11.0 |
| sendmail | sendmail | 8.11.1 |
| sendmail | sendmail_switch | 2.1.3 |
| freebsd | freebsd | 5.0 |
| compaq | tru64 | 5.1a_pk3_bl3 |
| compaq | tru64 | 5.1a_pk4_bl21 |
| sendmail | sendmail | 8.11.6 |
| sgi | irix | 6.5.18m |
| sendmail | sendmail | 3.0 |
| hp | hp-ux | 11.00 |
| sendmail | sendmail_switch | 2.2.4 |
| netbsd | netbsd | 1.5.2 |
| gentoo | linux | 1.4 |
| freebsd | freebsd | 5.1 |
| sgi | irix | 6.5.19m |
| sendmail | sendmail_pro | 8.9.3 |
| compaq | tru64 | 5.1b_pk1_bl1 |
| sgi | irix | 6.5.18f |
| freebsd | freebsd | 4.8 |
| netbsd | netbsd | 1.5.3 |
| sendmail | sendmail | 8.9.2 |
| compaq | tru64 | 5.1_pk6_bl20 |
| gentoo | linux | 0.5 |
| apple | mac_os_x_server | 10.2.1 |
| sendmail | sendmail_switch | 2.1 |
| sendmail | sendmail | 8.12.9 |
| sendmail | sendmail | 8.8.8 |
| turbolinux | turbolinux_workstation | 8.0 |
| turbolinux | turbolinux_server | 8.0 |
| sgi | irix | 6.5.17f |
| compaq | tru64 | 4.0f_pk6_bl17 |
| sendmail | sendmail | 8.9.1 |
| turbolinux | turbolinux_workstation | 7.0 |
| sendmail | sendmail | 3.0.1 |
| netbsd | netbsd | 1.5 |
| apple | mac_os_x_server | 10.2.2 |
| sendmail | sendmail | 3.0.2 |
| sendmail | sendmail_switch | 2.2 |
| compaq | tru64 | 5.1b |
| sendmail | sendmail | 8.12.4 |
| sendmail | sendmail_switch | 2.1.2 |
| sendmail | sendmail_switch | 2.2.2 |
| apple | mac_os_x | 10.2.3 |
| sendmail | sendmail | 8.10.2 |
| sgi | irix | 6.5.20f |
| sendmail | sendmail | 8.12.1 |
| sendmail | sendmail | 8.12.0 |
| sendmail | sendmail_switch | 2.1.4 |
| sendmail | sendmail | 8.10.1 |
| sendmail | sendmail | 8.11.3 |
| freebsd | freebsd | 4.9 |
| sendmail | sendmail_pro | 8.9.2 |
| sun | solaris | 8.0 |
| sendmail | sendmail_switch | 2.2.5 |
| sendmail | sendmail_switch | 2.2.1 |
| hp | hp-ux | 11.22 |
| compaq | tru64 | 5.1_pk3_bl17 |
| sendmail | sendmail_switch | 2.1.5 |
| freebsd | freebsd | 3.0 |
| sendmail | sendmail_switch | 2.2.3 |
| sendmail | sendmail | 8.11.5 |
| sendmail | sendmail_switch | 3.0.3 |
| compaq | tru64 | 4.0f |
Multiple unspecified vulnerabilities in the installer for SYSLINUX 2.01, when running setuid root, allow local users to gain privileges via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-16,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | syslinux | 2.0.1 |
Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| inter7 | courier-imap | 2.1.2 |
| double_precision_incorporated | sqwebmail | 3.6_.0 |
| gentoo | linux | 1.4 |
| inter7 | courier-imap | 1.6 |
| double_precision_incorporated | courier_mta | 0.44 |
| double_precision_incorporated | courier_mta | 0.43.1 |
| double_precision_incorporated | sqwebmail | 3.6.1 |
| double_precision_incorporated | courier_mta | 0.44.2 |
| inter7 | courier-imap | 2.1 |
| double_precision_incorporated | courier_mta | 0.43 |
| double_precision_incorporated | sqwebmail | 3.6.2 |
| inter7 | courier-imap | 2.1.1 |
| double_precision_incorporated | courier_mta | 0.43.2 |
| inter7 | courier-imap | 2.2.0 |
| double_precision_incorporated | sqwebmail | 3.5.2 |
| inter7 | courier-imap | 2.0.0 |
| double_precision_incorporated | sqwebmail | 3.5.3 |
| inter7 | courier-imap | 1.7 |
| inter7 | courier-imap | 2.2.1 |
Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| midnight_commander | midnight_commander | 4.5.49 |
| midnight_commander | midnight_commander | 4.5.45 |
| midnight_commander | midnight_commander | 4.5.47 |
| gentoo | linux | 0.7 |
| midnight_commander | midnight_commander | 4.5.43 |
| midnight_commander | midnight_commander | 4.5.52 |
| slackware | slackware_linux | 9.1 |
| slackware | slackware_linux | * |
| midnight_commander | midnight_commander | 4.5.40 |
| midnight_commander | midnight_commander | 4.5.46 |
| gentoo | linux | 1.1a |
| midnight_commander | midnight_commander | 4.6 |
| midnight_commander | midnight_commander | 4.5.48 |
| midnight_commander | midnight_commander | 4.5.50 |
| midnight_commander | midnight_commander | 4.5.51 |
| gentoo | linux | 1.4 |
| slackware | slackware_linux | 9.0 |
| midnight_commander | midnight_commander | 4.5.44 |
| gentoo | linux | 0.5 |
| midnight_commander | midnight_commander | 4.5.42 |
| sgi | propack | 2.4 |
| midnight_commander | midnight_commander | 4.5.41 |
| midnight_commander | midnight_commander | 4.5.55 |
| gentoo | linux | 1.2 |
| sgi | propack | 2.3 |
The framebuffer driver in Linux kernel 2.6.x does not properly use the fb_copy_cmap function, with unknown impact.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 2.4.24_ow1 |
| gentoo | linux | 1.4 |
| linux | linux_kernel | 2.4.22 |
| linux | linux_kernel | 2.6.4 |
| linux | linux_kernel | 2.6.1 |
| linux | linux_kernel | 2.4.21 |
| linux | linux_kernel | 2.4.25 |
| linux | linux_kernel | 2.6_test9_cvs |
| linux | linux_kernel | 2.4.23_ow2 |
| linux | linux_kernel | 2.6.0 |
| linux | linux_kernel | 2.4.26 |
| linux | linux_kernel | 2.6.3 |
| linux | linux_kernel | 2.4.23 |
| linux | linux_kernel | 2.4.20 |
| linux | linux_kernel | 2.6.5 |
| linux | linux_kernel | 2.4.24 |
| linux | linux_kernel | 2.6.2 |
Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and directory creations."
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| midnight_commander | midnight_commander | 4.5.49 |
| midnight_commander | midnight_commander | 4.5.45 |
| midnight_commander | midnight_commander | 4.5.47 |
| gentoo | linux | 0.7 |
| midnight_commander | midnight_commander | 4.5.43 |
| midnight_commander | midnight_commander | 4.5.52 |
| slackware | slackware_linux | 9.1 |
| slackware | slackware_linux | * |
| midnight_commander | midnight_commander | 4.5.40 |
| midnight_commander | midnight_commander | 4.5.46 |
| gentoo | linux | 1.1a |
| midnight_commander | midnight_commander | 4.6 |
| midnight_commander | midnight_commander | 4.5.48 |
| midnight_commander | midnight_commander | 4.5.50 |
| midnight_commander | midnight_commander | 4.5.51 |
| gentoo | linux | 1.4 |
| slackware | slackware_linux | 9.0 |
| midnight_commander | midnight_commander | 4.5.44 |
| gentoo | linux | 0.5 |
| midnight_commander | midnight_commander | 4.5.42 |
| sgi | propack | 2.4 |
| midnight_commander | midnight_commander | 4.5.41 |
| midnight_commander | midnight_commander | 4.5.55 |
| gentoo | linux | 1.2 |
| sgi | propack | 2.3 |
Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| midnight_commander | midnight_commander | 4.5.49 |
| midnight_commander | midnight_commander | 4.5.45 |
| midnight_commander | midnight_commander | 4.5.47 |
| gentoo | linux | 0.7 |
| midnight_commander | midnight_commander | 4.5.43 |
| midnight_commander | midnight_commander | 4.5.52 |
| slackware | slackware_linux | 9.1 |
| slackware | slackware_linux | * |
| midnight_commander | midnight_commander | 4.5.40 |
| midnight_commander | midnight_commander | 4.5.46 |
| gentoo | linux | 1.1a |
| midnight_commander | midnight_commander | 4.6 |
| midnight_commander | midnight_commander | 4.5.48 |
| midnight_commander | midnight_commander | 4.5.50 |
| midnight_commander | midnight_commander | 4.5.51 |
| gentoo | linux | 1.4 |
| slackware | slackware_linux | 9.0 |
| midnight_commander | midnight_commander | 4.5.44 |
| gentoo | linux | 0.5 |
| midnight_commander | midnight_commander | 4.5.42 |
| sgi | propack | 2.4 |
| midnight_commander | midnight_commander | 4.5.41 |
| midnight_commander | midnight_commander | 4.5.55 |
| gentoo | linux | 1.2 |
| sgi | propack | 2.3 |
Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openpkg | openpkg | * |
| winzip | winzip | 7.0 |
| gentoo | linux | 1.4 |
| winzip | winzip | 8.1 |
| winzip | winzip | 8.0 |
| uudeview | uudeview | 0.5.18 |
| uudeview | uudeview | 0.5.19 |
Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mplayer | mplayer | 0.90 |
| mandrakesoft | mandrake_linux | 10.0 |
| gentoo | linux | 1.4 |
| mplayer | mplayer | 1.0_pre1 |
| mplayer | mplayer | 0.90_pre |
| mplayer | mplayer | 1.0_pre2 |
| gentoo | linux | 0.5 |
| mplayer | mplayer | 1.0_pre3 |
| gentoo | linux | 0.7 |
| gentoo | linux | 1.2 |
| mandrakesoft | mandrake_linux | 9.2 |
| mplayer | mplayer | 0.91 |
| gentoo | linux | 1.1a |
| mplayer | mplayer | 0.90_rc |
CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cvs | cvs | 1.11.1_p1 |
| sgi | propack | 3.0 |
| cvs | cvs | 1.10.8 |
| cvs | cvs | 1.12.2 |
| cvs | cvs | 1.11.1 |
| cvs | cvs | 1.12.5 |
| openbsd | openbsd | * |
| cvs | cvs | 1.11.15 |
| cvs | cvs | 1.11.6 |
| cvs | cvs | 1.12.7 |
| cvs | cvs | 1.11 |
| cvs | cvs | 1.11.2 |
| cvs | cvs | 1.11.16 |
| gentoo | linux | 1.4 |
| cvs | cvs | 1.11.4 |
| cvs | cvs | 1.10.7 |
| openpkg | openpkg | * |
| cvs | cvs | 1.11.14 |
| openbsd | openbsd | 3.5 |
| sgi | propack | 2.4 |
| cvs | cvs | 1.11.11 |
| openpkg | openpkg | 1.3 |
| cvs | cvs | 1.12.8 |
| cvs | cvs | 1.11.10 |
| openpkg | openpkg | 2.0 |
| cvs | cvs | 1.11.3 |
| cvs | cvs | 1.11.5 |
| openbsd | openbsd | 3.4 |
| cvs | cvs | 1.12.1 |
Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cvs | cvs | 1.11.1_p1 |
| sgi | propack | 3.0 |
| cvs | cvs | 1.10.8 |
| cvs | cvs | 1.12.2 |
| cvs | cvs | 1.11.1 |
| cvs | cvs | 1.12.5 |
| openbsd | openbsd | * |
| cvs | cvs | 1.11.15 |
| cvs | cvs | 1.11.6 |
| cvs | cvs | 1.12.7 |
| cvs | cvs | 1.11 |
| cvs | cvs | 1.11.2 |
| cvs | cvs | 1.11.16 |
| gentoo | linux | 1.4 |
| cvs | cvs | 1.11.4 |
| cvs | cvs | 1.10.7 |
| openpkg | openpkg | * |
| cvs | cvs | 1.11.14 |
| openbsd | openbsd | 3.5 |
| sgi | propack | 2.4 |
| cvs | cvs | 1.11.11 |
| openpkg | openpkg | 1.3 |
| cvs | cvs | 1.12.8 |
| cvs | cvs | 1.11.10 |
| openpkg | openpkg | 2.0 |
| cvs | cvs | 1.11.3 |
| cvs | cvs | 1.11.5 |
| openbsd | openbsd | 3.4 |
| cvs | cvs | 1.12.1 |
Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cvs | cvs | 1.11.1_p1 |
| sgi | propack | 3.0 |
| cvs | cvs | 1.10.8 |
| cvs | cvs | 1.12.2 |
| cvs | cvs | 1.11.1 |
| cvs | cvs | 1.12.5 |
| openbsd | openbsd | * |
| cvs | cvs | 1.11.15 |
| cvs | cvs | 1.11.6 |
| cvs | cvs | 1.12.7 |
| cvs | cvs | 1.11 |
| cvs | cvs | 1.11.2 |
| cvs | cvs | 1.11.16 |
| gentoo | linux | 1.4 |
| cvs | cvs | 1.11.4 |
| cvs | cvs | 1.10.7 |
| openpkg | openpkg | * |
| cvs | cvs | 1.11.14 |
| openbsd | openbsd | 3.5 |
| sgi | propack | 2.4 |
| cvs | cvs | 1.11.11 |
| openpkg | openpkg | 1.3 |
| cvs | cvs | 1.12.8 |
| cvs | cvs | 1.11.10 |
| openpkg | openpkg | 2.0 |
| cvs | cvs | 1.11.3 |
| cvs | cvs | 1.11.5 |
| openbsd | openbsd | 3.4 |
| cvs | cvs | 1.12.1 |
serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cvs | cvs | 1.11.1_p1 |
| sgi | propack | 3.0 |
| cvs | cvs | 1.10.8 |
| cvs | cvs | 1.12.2 |
| cvs | cvs | 1.11.1 |
| cvs | cvs | 1.12.5 |
| openbsd | openbsd | * |
| cvs | cvs | 1.11.15 |
| cvs | cvs | 1.11.6 |
| cvs | cvs | 1.12.7 |
| cvs | cvs | 1.11 |
| cvs | cvs | 1.11.2 |
| cvs | cvs | 1.11.16 |
| gentoo | linux | 1.4 |
| cvs | cvs | 1.11.4 |
| cvs | cvs | 1.10.7 |
| openpkg | openpkg | * |
| cvs | cvs | 1.11.14 |
| openbsd | openbsd | 3.5 |
| sgi | propack | 2.4 |
| cvs | cvs | 1.11.11 |
| openpkg | openpkg | 1.3 |
| cvs | cvs | 1.12.8 |
| cvs | cvs | 1.11.10 |
| openpkg | openpkg | 2.0 |
| cvs | cvs | 1.11.3 |
| cvs | cvs | 1.11.5 |
| openbsd | openbsd | 3.4 |
| cvs | cvs | 1.12.1 |
XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | linux | 1.4 |
| xfree86_project | xdm | cvs |
| x.org | x11r6 | 6.7.0 |
ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | linux | 0.5 |
| gentoo | linux | 0.7 |
| gentoo | linux | 1.4 |
| gentoo | linux | 1.2 |
| trustix | secure_linux | 2.1 |
| proftpd_project | proftpd | 1.2.9 |
| trustix | secure_linux | 2.0 |
| gentoo | linux | 1.1a |
Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 3.0 |
| pavuk | pavuk | 0.928r1 |
| gentoo | linux | 1.4 |
| gentoo | linux | 1.2 |
| pavuk | pavuk | 0.9pl28i |
| gentoo | linux | 1.1a |
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| avaya | converged_communications_server | 2.0 |
| avaya | s8500 | r2.0.0 |
| apache | http_server | 2.0.48 |
| gentoo | linux | 1.4 |
| trustix | secure_linux | 1.5 |
| apache | http_server | 2.0.47 |
| trustix | secure_linux | 2.0 |
| ibm | http_server | 2.0.47 |
| ibm | http_server | 2.0.42.1 |
| avaya | s8300 | r2.0.0 |
| ibm | http_server | 2.0.47.1 |
| avaya | s8700 | r2.0.0 |
| apache | http_server | 2.0.49 |
| trustix | secure_linux | 2.1 |
| ibm | http_server | 2.0.42 |
| ibm | http_server | 2.0.42.2 |
Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| avaya | intuity_audix | * |
| suse | suse_linux | 8 |
| linux | linux_kernel | 2.4.19 |
| suse | suse_linux | 8.2 |
| linux | linux_kernel | 2.4.22 |
| linux | linux_kernel | 2.4.21 |
| linux | linux_kernel | 2.4.25 |
| conectiva | linux | 9.0 |
| suse | suse_linux_database_server | * |
| redhat | enterprise_linux | 2.1 |
| suse | suse_office_server | * |
| suse | suse_linux_office_server | * |
| avaya | s8700 | r2.0.1 |
| linux | linux_kernel | 2.4.18 |
| linux | linux_kernel | 2.6.6 |
| suse | suse_email_server | 3.1 |
| suse | suse_linux | 8.1 |
| avaya | s8500 | r2.0.1 |
| linux | linux_kernel | 2.6.5 |
| linux | linux_kernel | 2.4.24 |
| conectiva | linux | 8.0 |
| suse | suse_email_server | iii |
| linux | linux_kernel | 2.6.2 |
| redhat | enterprise_linux | 3.0 |
| suse | suse_linux_firewall_cd | * |
| suse | suse_linux | 9.1 |
| avaya | converged_communications_server | 2.0 |
| avaya | modular_messaging_message_storage_server | s3400 |
| suse | suse_linux_connectivity_server | * |
| suse | suse_linux_admin-cd_for_firewall | * |
| avaya | s8500 | r2.0.0 |
| gentoo | linux | 1.4 |
| linux | linux_kernel | 2.6.4 |
| suse | suse_linux | 9.0 |
| linux | linux_kernel | 2.6.1 |
| suse | suse_linux | 7 |
| linux | linux_kernel | 2.6.0 |
| avaya | s8300 | r2.0.0 |
| suse | suse_linux | 8.0 |
| linux | linux_kernel | 2.4.26 |
| linux | linux_kernel | 2.6.3 |
| avaya | s8700 | r2.0.0 |
| linux | linux_kernel | 2.4.23 |
| linux | linux_kernel | 2.6.7 |
| avaya | s8300 | r2.0.1 |
Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
| mandrakesoft | mandrake_multi_network_firewall | 8.2 |
| suse | suse_linux_connectivity_server | * |
| suse | suse_linux | 8 |
| mandrakesoft | mandrake_linux | 9.1 |
| mandrakesoft | mandrake_linux | 10.0 |
| sun | sunos | 5.9 |
| suse | suse_linux | 7 |
| suse | suse_linux_database_server | * |
| sun | sunos | 5.8 |
| linux | linux_kernel | 2.6.0 |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
| suse | suse_linux_office_server | * |
| suse | suse_email_server | 3.1 |
| suse | suse_email_server | 3 |
| gentoo | linux | * |
| mandrakesoft | mandrake_linux | 9.2 |
| suse | suse_linux_firewall | * |
Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mandrakesoft | mandrake_multi_network_firewall | 8.2 |
| mandrakesoft | mandrake_linux | 9.1 |
| suse | suse_linux | 8.2 |
| mandrakesoft | mandrake_linux | 10.0 |
| suse | suse_linux | 9.0 |
| trustix | secure_linux | 2.0 |
| trustix | secure_linux | 2 |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
| suse | suse_linux | 8.0 |
| redhat | enterprise_linux | 2.1 |
| linux | linux_kernel | 2.0 |
| conectiva | linux | 10 |
| suse | suse_linux | 8.1 |
| trustix | secure_linux | 2.1 |
| redhat | enterprise_linux | 3.0 |
| gentoo | linux | * |
| mandrakesoft | mandrake_linux | 9.2 |
| suse | suse_linux | 9.1 |
Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via MSNSLP protocol messages that are not properly handled in a strncpy call.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| rob_flynn | gaim | 0.67 |
| rob_flynn | gaim | 0.69 |
| rob_flynn | gaim | 0.64 |
| rob_flynn | gaim | 0.59 |
| rob_flynn | gaim | 0.10.3 |
| rob_flynn | gaim | 0.53 |
| rob_flynn | gaim | 0.58 |
| rob_flynn | gaim | 0.63 |
| rob_flynn | gaim | 0.54 |
| rob_flynn | gaim | 0.70 |
| rob_flynn | gaim | 0.51 |
| rob_flynn | gaim | 0.52 |
| rob_flynn | gaim | 0.62 |
| rob_flynn | gaim | 0.57 |
| mandrakesoft | mandrake_linux | 10.0 |
| gentoo | linux | 1.4 |
| rob_flynn | gaim | 0.50 |
| rob_flynn | gaim | 0.61 |
| rob_flynn | gaim | 0.71 |
| rob_flynn | gaim | 0.59.1 |
| rob_flynn | gaim | 0.68 |
| rob_flynn | gaim | 0.72 |
| rob_flynn | gaim | 0.66 |
| rob_flynn | gaim | 0.60 |
| rob_flynn | gaim | 0.56 |
| rob_flynn | gaim | 0.10 |
| rob_flynn | gaim | 0.74 |
| rob_flynn | gaim | 0.75 |
| rob_flynn | gaim | 0.65 |
| rob_flynn | gaim | 0.73 |
| rob_flynn | gaim | 0.55 |
| mandrakesoft | mandrake_linux | 9.2 |
The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| engardelinux | secure_linux | 1.5 |
| suse | suse_linux | 8 |
| linux | linux_kernel | 2.4.19 |
| mandrakesoft | mandrake_linux | 9.1 |
| linux | linux_kernel | 2.4.1 |
| linux | linux_kernel | 2.4.14 |
| linux | linux_kernel | 2.4.7 |
| linux | linux_kernel | 2.4.2 |
| linux | linux_kernel | 2.4.6 |
| suse | suse_linux_database_server | * |
| linux | linux_kernel | 2.4.13 |
| linux | linux_kernel | 2.4.27 |
| suse | suse_office_server | * |
| linux | linux_kernel | 2.4.17 |
| suse | suse_linux_office_server | * |
| linux | linux_kernel | 2.4.11 |
| linux | linux_kernel | 2.4.18 |
| linux | linux_kernel | 2.4.24 |
| conectiva | linux | 8.0 |
| linux | linux_kernel | 2.4.24_ow1 |
| suse | suse_linux_connectivity_server | * |
| mandrakesoft | mandrake_linux | 10.0 |
| gentoo | linux | 1.4 |
| suse | suse_linux | 9.0 |
| suse | suse_linux | 7 |
| suse | suse_linux | 8.0 |
| linux | linux_kernel | 2.4.15 |
| mandrakesoft | mandrake_multi_network_firewall | 8.2 |
| suse | suse_linux | 8.2 |
| linux | linux_kernel | 2.4.22 |
| suse | suse_linux_firewall_live-cd | * |
| linux | linux_kernel | 2.4.21 |
| linux | linux_kernel | 2.4.25 |
| conectiva | linux | 9.0 |
| linux | linux_kernel | 2.4.4 |
| linux | linux_kernel | 2.4.5 |
| linux | linux_kernel | 2.4.12 |
| linux | linux_kernel | 2.4.8 |
| linux | linux_kernel | 2.4.9 |
| suse | suse_email_server | 3.1 |
| suse | suse_linux | 8.1 |
| suse | suse_email_server | iii |
| linux | linux_kernel | 2.4.10 |
| linux | linux_kernel | 2.4.16 |
| suse | suse_linux_firewall_cd | * |
| suse | suse_linux | 9.1 |
| suse | suse_linux_admin-cd_for_firewall | * |
| linux | linux_kernel | 2.4.3 |
| linux | linux_kernel | 2.4.23_ow2 |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
| linux | linux_kernel | 2.4.26 |
| engardelinux | secure_community | 2.0 |
| linux | linux_kernel | 2.4.23 |
| linux | linux_kernel | 2.4.20 |
| mandrakesoft | mandrake_linux | 9.2 |
| linux | linux_kernel | 2.4.0 |
Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properly handled when using the (1) "c" compress option or (2) "d" decompress option.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | aspell | 0.50.5 |
| gentoo | linux | 1.4 |
Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| avaya | intuity_audix | * |
| suse | suse_linux | 8 |
| linux | linux_kernel | 2.4.19 |
| suse | suse_linux | 8.2 |
| linux | linux_kernel | 2.4.22 |
| linux | linux_kernel | 2.4.21 |
| linux | linux_kernel | 2.4.25 |
| conectiva | linux | 9.0 |
| suse | suse_linux_database_server | * |
| redhat | enterprise_linux | 2.1 |
| suse | suse_office_server | * |
| suse | suse_linux_office_server | * |
| avaya | s8700 | r2.0.1 |
| linux | linux_kernel | 2.4.18 |
| linux | linux_kernel | 2.6.6 |
| suse | suse_email_server | 3.1 |
| suse | suse_linux | 8.1 |
| avaya | s8500 | r2.0.1 |
| linux | linux_kernel | 2.6.5 |
| linux | linux_kernel | 2.4.24 |
| conectiva | linux | 8.0 |
| suse | suse_email_server | iii |
| linux | linux_kernel | 2.6.2 |
| redhat | enterprise_linux | 3.0 |
| suse | suse_linux_firewall_cd | * |
| suse | suse_linux | 9.1 |
| avaya | converged_communications_server | 2.0 |
| avaya | modular_messaging_message_storage_server | s3400 |
| suse | suse_linux_connectivity_server | * |
| suse | suse_linux_admin-cd_for_firewall | * |
| avaya | s8500 | r2.0.0 |
| gentoo | linux | 1.4 |
| linux | linux_kernel | 2.6.4 |
| suse | suse_linux | 9.0 |
| linux | linux_kernel | 2.6.1 |
| suse | suse_linux | 7 |
| linux | linux_kernel | 2.6.0 |
| avaya | s8300 | r2.0.0 |
| suse | suse_linux | 8.0 |
| linux | linux_kernel | 2.4.26 |
| linux | linux_kernel | 2.6.3 |
| avaya | s8700 | r2.0.0 |
| linux | linux_kernel | 2.4.23 |
| linux | linux_kernel | 2.6.7 |
| avaya | s8300 | r2.0.1 |
Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | linux | 1.4 |
| redhat | enterprise_linux_desktop | 3.0 |
| sox | sox | 12.17.2 |
| conectiva | linux | 10.0 |
| sox | sox | 12.17.3 |
| conectiva | linux | 8.0 |
| sox | sox | 12.17.4 |
| redhat | fedora_core | core_1.0 |
| redhat | enterprise_linux | 3.0 |
| redhat | fedora_core | core_2.0 |
| conectiva | linux | 9.0 |
Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mandrakesoft | mandrake_multi_network_firewall | 8.2 |
| mandrakesoft | mandrake_linux | 9.1 |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
| mandrakesoft | mandrake_linux | 10.0 |
| trustix | secure_linux | 2.1 |
| trustix | secure_linux | 2.0 |
| gentoo | linux | * |
| mandrakesoft | mandrake_linux | 9.2 |
| linux | linux_kernel | 2.4.0 |
| trustix | secure_linux | 2 |
The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows remote attackers to cause a denial of service (crash), possibly via an empty search query, which triggers a NULL dereference.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gift-fasttrack | gift-fasttrack | 0.8.5 |
| gift-fasttrack | gift-fasttrack | 0.8.0 |
| gift-fasttrack | gift-fasttrack | 0.8.4 |
| gift-fasttrack | gift-fasttrack | 0.8.6 |
| gift-fasttrack | gift-fasttrack | 0.8.1 |
| gentoo | linux | 1.4 |
| gift-fasttrack | gift-fasttrack | 0.8.3 |
| gift-fasttrack | gift-fasttrack | 0.8.2 |
The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena Blast 1.2 and earlier, Postal 2 1337 and earlier, Rune 107 and earlier, Tactical Ops 3.4.0 and earlier, Unreal 1 226f and earlier, Unreal II XMP 7710 and earlier, Unreal Tournament 451b and earlier, Unreal Tournament 2003 2225 and earlier, Unreal Tournament 2004 before 3236, Wheel of Time 333b and earlier, and X-com Enforcer, allows remote attackers to execute arbitrary code via a UDP packet containing a secure query with a long value, which overwrites memory.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| epic_games | unreal_tournament_2003 | 2199_linux |
| epic_games | unreal_tournament_2003 | 2225_macos |
| rage_software | mobile_forces | 20000.0 |
| gentoo | linux | 1.4 |
| epic_games | unreal_engine | 226f |
| infogrames | x-com_enforcer | * |
| epic_games | unreal_tournament_2003 | 2225_win32 |
| ion_storm | deusex | 1.112_fm |
| epic_games | unreal_tournament_2004 | win32 |
| arush | devastation | 390.0 |
| epic_games | unreal_tournament_2004 | macos |
| epic_games | unreal_engine | 433 |
| epic_games | unreal_engine | 436 |
| epic_games | unreal_tournament | 451b |
| nerf_arena_blast | nerf_arena_blast | 1.2 |
| epic_games | unreal_tournament_2003 | 2199_macos |
| infogrames | tacticalops | 3.4 |
| epic_games | unreal_tournament_2003 | 2199_win32 |
| robert_jordan | wheel_of_time | 333.0b |
| dreamforge | tnn_outdoors_pro_hunter | * |
| running_with_scissors | postal_2 | 1337 |
The tcp_find_option function of the netfilter subsystem in Linux kernel 2.6, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a casting operation to the char type.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 2.6.0 |
| suse | suse_linux | 8.0 |
| suse | suse_linux | 8.2 |
| conectiva | linux | 10 |
| suse | suse_linux | 8.1 |
| suse | suse_linux | 9.0 |
| gentoo | linux | * |
| suse | suse_linux | 9.1 |
The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer overflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | linux_advanced_workstation | 2.1 |
| redhat | enterprise_linux | 2.1 |
| mandrakesoft | mandrake_linux | 10.0 |
| ethereal_group | ethereal | 0.10.3 |
| redhat | enterprise_linux | 3.0 |
| gentoo | linux | * |
| mandrakesoft | mandrake_linux | 9.2 |
| ethereal_group | ethereal | 0.10.4 |
The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a handle without a policy name, which causes a null dereference.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | linux_advanced_workstation | 2.1 |
| redhat | enterprise_linux | 2.1 |
| mandrakesoft | mandrake_linux | 10.0 |
| ethereal_group | ethereal | 0.9.15 |
| redhat | enterprise_linux | 3.0 |
| gentoo | linux | * |
| mandrakesoft | mandrake_linux | 9.2 |
| ethereal_group | ethereal | 0.10.4 |
The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds read.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ethereal_group | ethereal | 0.9.8 |
| redhat | linux_advanced_workstation | 2.1 |
| ethereal_group | ethereal | 0.9 |
| ethereal_group | ethereal | 0.9.1 |
| ethereal_group | ethereal | 0.9.6 |
| ethereal_group | ethereal | 0.8.17 |
| redhat | enterprise_linux | 2.1 |
| ethereal_group | ethereal | 0.10 |
| ethereal_group | ethereal | 0.9.11 |
| ethereal_group | ethereal | 0.8.19 |
| redhat | enterprise_linux | 3.0 |
| ethereal_group | ethereal | 0.9.2 |
| ethereal_group | ethereal | 0.10.2 |
| gentoo | linux | * |
| ethereal_group | ethereal | 0.9.13 |
| ethereal_group | ethereal | 0.8.18 |
| ethereal_group | ethereal | 0.8.15 |
| mandrakesoft | mandrake_linux | 10.0 |
| ethereal_group | ethereal | 0.10.3 |
| ethereal_group | ethereal | 0.10.1 |
| ethereal_group | ethereal | 0.9.15 |
| ethereal_group | ethereal | 0.9.9 |
| ethereal_group | ethereal | 0.9.7 |
| ethereal_group | ethereal | 0.9.5 |
| ethereal_group | ethereal | 0.9.16 |
| ethereal_group | ethereal | 0.9.12 |
| ethereal_group | ethereal | 0.9.14 |
| ethereal_group | ethereal | 0.9.3 |
| ethereal_group | ethereal | 0.9.4 |
| mandrakesoft | mandrake_linux | 9.2 |
| ethereal_group | ethereal | 0.9.10 |
| ethereal_group | ethereal | 0.10.4 |
| ethereal_group | ethereal | 0.8.16 |
Buffer overflow in write_packet in control.c for l2tpd may allow remote attackers to execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| l2tpd | l2tpd | 0.64 |
| l2tpd | l2tpd | 0.67 |
| gentoo | linux | 1.4 |
| l2tpd | l2tpd | 0.65 |
| l2tpd | l2tpd | 0.69 |
| l2tpd | l2tpd | 0.66 |
| l2tpd | l2tpd | 0.63 |
| l2tpd | l2tpd | 0.62 |
| l2tpd | l2tpd | 0.68 |
Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows access to sys_creat, sys_open, and sys_mknod inside jails, which could allow local users to gain elevated privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| rsbac | rule_set_based_access_control | 1.2.2 |
| rsbac | rule_set_based_access_control | 1.2.3 |
| gentoo | linux | 1.4 |
Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mod_ssl | mod_ssl | 2.6.5 |
| mod_ssl | mod_ssl | 2.4.0 |
| mod_ssl | mod_ssl | 2.8.1 |
| mod_ssl | mod_ssl | 2.8.12 |
| mod_ssl | mod_ssl | 2.6.3 |
| mod_ssl | mod_ssl | 2.8.18 |
| mod_ssl | mod_ssl | 2.5.1 |
| mod_ssl | mod_ssl | 2.4.3 |
| mod_ssl | mod_ssl | 2.4.5 |
| mod_ssl | mod_ssl | 2.8.4 |
| mod_ssl | mod_ssl | 2.8.5 |
| mod_ssl | mod_ssl | 2.6.0 |
| mod_ssl | mod_ssl | 2.8.9 |
| mod_ssl | mod_ssl | 2.3.11 |
| mod_ssl | mod_ssl | 2.6.2 |
| mod_ssl | mod_ssl | 2.5.0 |
| mod_ssl | mod_ssl | 2.6.6 |
| mod_ssl | mod_ssl | 2.6.1 |
| mod_ssl | mod_ssl | 2.8.0 |
| mod_ssl | mod_ssl | 2.8.5.1 |
| mod_ssl | mod_ssl | 2.8.8 |
| mod_ssl | mod_ssl | 2.8.6 |
| mod_ssl | mod_ssl | 2.8.7 |
| mod_ssl | mod_ssl | 2.4.8 |
| mod_ssl | mod_ssl | 2.8.10 |
| mod_ssl | mod_ssl | 2.4.9 |
| mod_ssl | mod_ssl | 2.8.15 |
| mod_ssl | mod_ssl | 2.8.1.2 |
| mod_ssl | mod_ssl | 2.4.10 |
| gentoo | linux | 1.4 |
| mod_ssl | mod_ssl | 2.4.6 |
| mod_ssl | mod_ssl | 2.4.7 |
| mod_ssl | mod_ssl | 2.8.14 |
| mod_ssl | mod_ssl | 2.4.1 |
| mod_ssl | mod_ssl | 2.7.0 |
| mod_ssl | mod_ssl | 2.4.4 |
| mod_ssl | mod_ssl | 2.8.5.2 |
| mod_ssl | mod_ssl | 2.8.2 |
| mod_ssl | mod_ssl | 2.8.3 |
| mod_ssl | mod_ssl | 2.6.4 |
| mod_ssl | mod_ssl | 2.4.2 |
| mod_ssl | mod_ssl | 2.8.17 |
| mod_ssl | mod_ssl | 2.8.16 |
| mod_ssl | mod_ssl | 2.7.1 |
Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | konqueror | 3.0.2 |
| suse | suse_linux | 8 |
| kde | konqueror | 3.1.2 |
| suse | suse_linux | 8.2 |
| mandrakesoft | mandrake_linux | 10.0 |
| gentoo | linux | 1.4 |
| kde | konqueror | 3.1.3 |
| kde | konqueror | 3.2.3 |
| kde | konqueror | 3.1 |
| suse | suse_linux | 9.0 |
| kde | kde | 3.1.3 |
| kde | konqueror | 3.1.5 |
| kde | konqueror | 3.0 |
| kde | konqueror | 3.0.1 |
| kde | konqueror | 3.1.1 |
| suse | suse_linux | 8.1 |
| kde | kde | 3.2 |
| kde | konqueror | 3.0.3 |
| kde | konqueror | 3.0.5b |
| mandrakesoft | mandrake_linux | 9.2 |
| suse | suse_linux | 9.1 |
| kde | konqueror | 3.0.5 |
| kde | konqueror | 3.2.1 |
The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| subversion | subversion | 1.0.7 |
| subversion | subversion | 1.0.4 |
| subversion | subversion | 1.0.2 |
| gentoo | linux | 1.4 |
| subversion | subversion | 1.1.0_rc2 |
| subversion | subversion | 1.0 |
| subversion | subversion | 1.0.1 |
| subversion | subversion | 1.0.3 |
| subversion | subversion | 1.1.0_rc1 |
| gentoo | linux | 0.5 |
| subversion | subversion | 1.0.6 |
| gentoo | linux | 0.7 |
| gentoo | linux | 1.2 |
| subversion | subversion | 1.1.0_rc3 |
| subversion | subversion | 1.0.5 |
| gentoo | linux | 1.1a |
The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hp | secure_web_server_for_tru64 | 4.0_g |
| hp | secure_web_server_for_tru64 | 5.1_a |
| hp | hp-ux | 11.11 |
| turbolinux | turbolinux_home | * |
| debian | debian_linux | 3.0 |
| hp | secure_web_server_for_tru64 | 5.9.2 |
| hp | secure_web_server_for_tru64 | 5.0_a |
| turbolinux | turbolinux_desktop | 10.0 |
| trustix | secure_linux | 2.1 |
| redhat | enterprise_linux | 3.0 |
| hp | secure_web_server_for_tru64 | 4.0_f |
| hp | secure_web_server_for_tru64 | 5.1 |
| hp | hp-ux | 11.00 |
| mandrakesoft | mandrake_linux | 10.0 |
| gentoo | linux | 1.4 |
| redhat | enterprise_linux_desktop | 3.0 |
| hp | secure_web_server_for_tru64 | 5.8.1 |
| trustix | secure_linux | 2.0 |
| apache | http_server | * |
| hp | secure_web_server_for_tru64 | 5.9.1 |
| hp | hp-ux | 11.22 |
| turbolinux | turbolinux_server | 10.0 |
| hp | secure_web_server_for_tru64 | 6.3.0 |
| hp | hp-ux | 11.23 |
| hp | secure_web_server_for_tru64 | 5.8.2 |
| mandrakesoft | mandrake_linux | 9.2 |
Format string vulnerability in Speedtouch USB driver before 1.3.1 allows local users to execute arbitrary code via (1) modem_run, (2) pppoa2, or (3) pppoa3.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mandrakesoft | mandrake_multi_network_firewall | 8.2 |
| mandrakesoft | mandrake_linux | 9.1 |
| speedtouch | speedtouch_usb_driver | 1.0 |
| speedtouch | speedtouch_usb_driver | 1.2_beta1 |
| mandrakesoft | mandrake_linux | 10.0 |
| gentoo | linux | 1.4 |
| speedtouch | speedtouch_usb_driver | 1.1 |
| mandrakesoft | mandrake_linux | 9.0 |
| speedtouch | speedtouch_usb_driver | 1.2 |
| speedtouch | speedtouch_usb_driver | 1.2_beta3 |
| speedtouch | speedtouch_usb_driver | 1.3 |
| mandrakesoft | mandrake_linux | 8.2 |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
| mandrakesoft | mandrake_linux | 9.2 |
| speedtouch | speedtouch_usb_driver | 1.2_beta2 |
| mandrakesoft | mandrake_linux | 10.1 |
getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| slackware | slackware_linux | current |
| getmail | getmail | 4.1.5 |
| getmail | getmail | 4.0.4 |
| getmail | getmail | 4.1.3 |
| getmail | getmail | 4.1.4 |
| getmail | getmail | 4.0.1 |
| getmail | getmail | 4.0.5 |
| getmail | getmail | 4.1 |
| slackware | slackware_linux | 10.0 |
| getmail | getmail | 4.0.2 |
| getmail | getmail | 4.1.2 |
| getmail | getmail | 4.0.12 |
| getmail | getmail | 4.0.0_b10 |
| slackware | slackware_linux | 9.1 |
| getmail | getmail | 4.0.8 |
| getmail | getmail | 4.0.7 |
| getmail | getmail | 2.3.7 |
| getmail | getmail | 3.x |
| gentoo | linux | 1.4 |
| getmail | getmail | 4.0.10 |
| getmail | getmail | 4.0.11 |
| getmail | getmail | 4.0 |
| getmail | getmail | 4.0.3 |
| getmail | getmail | 4.0.6 |
| getmail | getmail | 4.1.1 |
| getmail | getmail | 4.0.13 |
| getmail | getmail | 4.0.9 |
getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| slackware | slackware_linux | current |
| getmail | getmail | 4.1.5 |
| getmail | getmail | 4.0.4 |
| getmail | getmail | 4.1.3 |
| getmail | getmail | 4.1.4 |
| getmail | getmail | 4.0.1 |
| getmail | getmail | 4.0.5 |
| getmail | getmail | 4.1 |
| slackware | slackware_linux | 10.0 |
| getmail | getmail | 4.0.2 |
| getmail | getmail | 4.1.2 |
| getmail | getmail | 4.0.12 |
| getmail | getmail | 4.0.0_b10 |
| slackware | slackware_linux | 9.1 |
| getmail | getmail | 4.0.8 |
| getmail | getmail | 4.0.7 |
| getmail | getmail | 2.3.7 |
| getmail | getmail | 3.x |
| gentoo | linux | 1.4 |
| getmail | getmail | 4.0.10 |
| getmail | getmail | 4.0.11 |
| getmail | getmail | 4.0 |
| getmail | getmail | 4.0.3 |
| getmail | getmail | 4.0.6 |
| getmail | getmail | 4.1.1 |
| getmail | getmail | 4.0.13 |
| getmail | getmail | 4.0.9 |
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| easy_software_products | cups | 1.1.17 |
| easy_software_products | cups | 1.1.12 |
| redhat | linux_advanced_workstation | 2.1 |
| easy_software_products | cups | 1.1.10 |
| kde | kde | 3.3.1 |
| xpdf | xpdf | 0.91 |
| kde | kde | 3.2.3 |
| kde | kpdf | 3.2 |
| easy_software_products | cups | 1.1.4_5 |
| easy_software_products | cups | 1.1.6 |
| easy_software_products | cups | 1.1.20 |
| gnome | gpdf | 0.112 |
| xpdf | xpdf | 0.93 |
| easy_software_products | cups | 1.1.1 |
| pdftohtml | pdftohtml | 0.33a |
| xpdf | xpdf | 0.92 |
| kde | koffice | 1.3.1 |
| gnome | gpdf | 0.131 |
| tetex | tetex | 2.0.1 |
| kde | kde | 3.2 |
| redhat | enterprise_linux | 3.0 |
| gentoo | linux | * |
| pdftohtml | pdftohtml | 0.32a |
| xpdf | xpdf | 2.1 |
| pdftohtml | pdftohtml | 0.33 |
| tetex | tetex | 2.0 |
| xpdf | xpdf | 2.3 |
| redhat | enterprise_linux_desktop | 3.0 |
| pdftohtml | pdftohtml | 0.34 |
| suse | suse_linux | 9.0 |
| easy_software_products | cups | 1.1.15 |
| easy_software_products | cups | 1.0.4 |
| easy_software_products | cups | 1.0.4_8 |
| suse | suse_linux | 8.0 |
| easy_software_products | cups | 1.1.19 |
| easy_software_products | cups | 1.1.18 |
| kde | kde | 3.2.2 |
| pdftohtml | pdftohtml | 0.35 |
| kde | kde | 3.2.1 |
| suse | suse_linux | 9.2 |
| easy_software_products | cups | 1.1.4_2 |
| tetex | tetex | 2.0.2 |
| suse | suse_linux | 8.2 |
| xpdf | xpdf | 2.0 |
| kde | koffice | 1.3.2 |
| debian | debian_linux | 3.0 |
| redhat | enterprise_linux | 2.1 |
| kde | koffice | 1.3_beta2 |
| easy_software_products | cups | 1.1.7 |
| ubuntu | ubuntu_linux | 4.1 |
| easy_software_products | cups | 1.1.14 |
| suse | suse_linux | 8.1 |
| tetex | tetex | 1.0.7 |
| redhat | fedora_core | core_2.0 |
| pdftohtml | pdftohtml | 0.32b |
| suse | suse_linux | 9.1 |
| xpdf | xpdf | 3.0 |
| easy_software_products | cups | 1.1.4_3 |
| kde | kde | 3.3 |
| kde | koffice | 1.3_beta1 |
| kde | koffice | 1.3 |
| kde | koffice | 1.3_beta3 |
| xpdf | xpdf | 0.90 |
| xpdf | xpdf | 1.0 |
| pdftohtml | pdftohtml | 0.36 |
| easy_software_products | cups | 1.1.16 |
| xpdf | xpdf | 1.0a |
| kde | koffice | 1.3.3 |
| easy_software_products | cups | 1.1.13 |
| easy_software_products | cups | 1.1.19_rc5 |
| easy_software_products | cups | 1.1.4 |
| xpdf | xpdf | 1.1 |
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| easy_software_products | cups | 1.1.17 |
| easy_software_products | cups | 1.1.12 |
| redhat | linux_advanced_workstation | 2.1 |
| easy_software_products | cups | 1.1.10 |
| kde | kde | 3.3.1 |
| xpdf | xpdf | 0.91 |
| kde | kde | 3.2.3 |
| kde | kpdf | 3.2 |
| easy_software_products | cups | 1.1.4_5 |
| easy_software_products | cups | 1.1.6 |
| easy_software_products | cups | 1.1.20 |
| gnome | gpdf | 0.112 |
| xpdf | xpdf | 0.93 |
| easy_software_products | cups | 1.1.1 |
| pdftohtml | pdftohtml | 0.33a |
| xpdf | xpdf | 0.92 |
| kde | koffice | 1.3.1 |
| gnome | gpdf | 0.131 |
| tetex | tetex | 2.0.1 |
| kde | kde | 3.2 |
| redhat | enterprise_linux | 3.0 |
| gentoo | linux | * |
| pdftohtml | pdftohtml | 0.32a |
| xpdf | xpdf | 2.1 |
| pdftohtml | pdftohtml | 0.33 |
| tetex | tetex | 2.0 |
| xpdf | xpdf | 2.3 |
| redhat | enterprise_linux_desktop | 3.0 |
| pdftohtml | pdftohtml | 0.34 |
| suse | suse_linux | 9.0 |
| easy_software_products | cups | 1.1.15 |
| easy_software_products | cups | 1.0.4 |
| easy_software_products | cups | 1.0.4_8 |
| suse | suse_linux | 8.0 |
| easy_software_products | cups | 1.1.19 |
| easy_software_products | cups | 1.1.18 |
| kde | kde | 3.2.2 |
| pdftohtml | pdftohtml | 0.35 |
| kde | kde | 3.2.1 |
| suse | suse_linux | 9.2 |
| easy_software_products | cups | 1.1.4_2 |
| tetex | tetex | 2.0.2 |
| suse | suse_linux | 8.2 |
| xpdf | xpdf | 2.0 |
| kde | koffice | 1.3.2 |
| debian | debian_linux | 3.0 |
| redhat | enterprise_linux | 2.1 |
| kde | koffice | 1.3_beta2 |
| easy_software_products | cups | 1.1.7 |
| ubuntu | ubuntu_linux | 4.1 |
| easy_software_products | cups | 1.1.14 |
| suse | suse_linux | 8.1 |
| tetex | tetex | 1.0.7 |
| redhat | fedora_core | core_2.0 |
| pdftohtml | pdftohtml | 0.32b |
| suse | suse_linux | 9.1 |
| xpdf | xpdf | 3.0 |
| easy_software_products | cups | 1.1.4_3 |
| kde | kde | 3.3 |
| kde | koffice | 1.3_beta1 |
| kde | koffice | 1.3 |
| kde | koffice | 1.3_beta3 |
| xpdf | xpdf | 0.90 |
| xpdf | xpdf | 1.0 |
| pdftohtml | pdftohtml | 0.36 |
| easy_software_products | cups | 1.1.16 |
| xpdf | xpdf | 1.0a |
| kde | koffice | 1.3.3 |
| easy_software_products | cups | 1.1.13 |
| easy_software_products | cups | 1.1.19_rc5 |
| easy_software_products | cups | 1.1.4 |
| xpdf | xpdf | 1.1 |
Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| slackware | slackware_linux | current |
| rob_flynn | gaim | 0.82.1 |
| rob_flynn | gaim | 0.67 |
| rob_flynn | gaim | 0.69 |
| rob_flynn | gaim | 1.0 |
| rob_flynn | gaim | 0.64 |
| rob_flynn | gaim | 0.59 |
| slackware | slackware_linux | 10.0 |
| rob_flynn | gaim | 0.78 |
| rob_flynn | gaim | 0.10.3 |
| rob_flynn | gaim | 0.53 |
| rob_flynn | gaim | 0.58 |
| ubuntu | ubuntu_linux | 4.1 |
| rob_flynn | gaim | 0.63 |
| rob_flynn | gaim | 0.54 |
| rob_flynn | gaim | 0.70 |
| slackware | slackware_linux | 9.1 |
| gentoo | linux | * |
| rob_flynn | gaim | 0.51 |
| rob_flynn | gaim | 0.52 |
| rob_flynn | gaim | 0.62 |
| rob_flynn | gaim | 0.57 |
| gentoo | linux | 1.4 |
| rob_flynn | gaim | 0.50 |
| rob_flynn | gaim | 1.0.1 |
| rob_flynn | gaim | 0.61 |
| rob_flynn | gaim | 0.71 |
| rob_flynn | gaim | 0.59.1 |
| rob_flynn | gaim | 0.68 |
| rob_flynn | gaim | 0.72 |
| slackware | slackware_linux | 9.0 |
| rob_flynn | gaim | 0.66 |
| rob_flynn | gaim | 0.60 |
| rob_flynn | gaim | 0.56 |
| rob_flynn | gaim | 0.10 |
| rob_flynn | gaim | 0.74 |
| rob_flynn | gaim | 0.75 |
| rob_flynn | gaim | 0.65 |
| rob_flynn | gaim | 0.73 |
| rob_flynn | gaim | 0.82 |
| rob_flynn | gaim | 0.55 |
Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xfree86_project | x11r6 | 4.0 |
| lesstif | lesstif | 0.93.40 |
| suse | suse_linux | 8 |
| suse | suse_linux | 8.2 |
| lesstif | lesstif | 0.93.36 |
| xfree86_project | x11r6 | 3.3.5 |
| xfree86_project | x11r6 | 3.3 |
| xfree86_project | x11r6 | 3.3.6 |
| xfree86_project | x11r6 | 4.3.0 |
| xfree86_project | x11r6 | 4.1.11 |
| xfree86_project | x11r6 | 4.2.0 |
| lesstif | lesstif | 0.93.18 |
| suse | suse_linux | 8.1 |
| xfree86_project | x11r6 | 4.0.2.11 |
| xfree86_project | x11r6 | 3.3.3 |
| redhat | fedora_core | core_2.0 |
| xfree86_project | x11r6 | 3.3.4 |
| xfree86_project | x11r6 | 4.1.12 |
| gentoo | linux | * |
| suse | suse_linux | 9.1 |
| xfree86_project | x11r6 | 3.3.2 |
| xfree86_project | x11r6 | 4.2.1 |
| xfree86_project | x11r6 | 4.1.0 |
| lesstif | lesstif | 0.93.12 |
| suse | suse_linux | 9.0 |
| suse | suse_linux | 1.0 |
| lesstif | lesstif | 0.93.34 |
| lesstif | lesstif | 0.93.96 |
| xfree86_project | x11r6 | 4.0.1 |
| redhat | fedora_core | core_3.0 |
| x.org | x11r6 | 6.8 |
| lesstif | lesstif | 0.93 |
| x.org | x11r6 | 6.7.0 |
| lesstif | lesstif | 0.93.91 |
| lesstif | lesstif | 0.93.94 |
| suse | suse_linux | 9.2 |
| xfree86_project | x11r6 | 4.0.3 |
| x.org | x11r6 | 6.8.1 |
The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| squid | squid | 2.5_.stable4 |
| openpkg | openpkg | 2.2 |
| squid | squid | 3.0_pre1 |
| openpkg | openpkg | current |
| squid | squid | 2.0_patch2 |
| squid | squid | 2.4_.stable7 |
| squid | squid | 2.3_.stable4 |
| squid | squid | 2.4_.stable2 |
| squid | squid | 2.5_.stable6 |
| squid | squid | 2.3_.stable5 |
| ubuntu | ubuntu_linux | 4.1 |
| squid | squid | 3.0_pre2 |
| trustix | secure_linux | 2.1 |
| redhat | fedora_core | core_2.0 |
| squid | squid | 2.5_.stable3 |
| squid | squid | 3.0_pre3 |
| gentoo | linux | * |
| trustix | secure_linux | 1.5 |
| trustix | secure_linux | 2.0 |
| squid | squid | 2.5_.stable5 |
| openpkg | openpkg | 2.1 |
| squid | squid | 2.5_.stable1 |
| squid | squid | 2.1_patch2 |
| squid | squid | 2.4 |
| squid | squid | 2.4_.stable6 |
The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| samba | samba | 3.0.5 |
| sgi | samba | 3.0.6 |
| samba | samba | 3.0.3 |
| redhat | linux_advanced_workstation | 2.1 |
| sgi | samba | 3.0.3 |
| samba | samba | 3.0.0 |
| sgi | samba | 3.0.1 |
| sgi | samba | 3.0 |
| redhat | enterprise_linux_desktop | 3.0 |
| conectiva | linux | 10.0 |
| sgi | samba | 3.0.4 |
| samba | samba | 3.0.4 |
| redhat | fedora_core | core_3.0 |
| samba | samba | 3.0.7 |
| sgi | samba | 3.0.2 |
| redhat | enterprise_linux | 2.1 |
| sgi | samba | 3.0.5 |
| samba | samba | 3.0.6 |
| sgi | samba | 3.0.7 |
| redhat | enterprise_linux | 3.0 |
| redhat | fedora_core | core_2.0 |
| gentoo | linux | * |
McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | etrust_ez_armor | 2.0 |
| sophos | sophos_anti-virus | 3.78d |
| sophos | sophos_anti-virus | 3.86 |
| eset_software | nod32_antivirus | 1.0.11 |
| broadcom | etrust_ez_antivirus | 6.2 |
| sophos | sophos_anti-virus | 3.83 |
| broadcom | etrust_intrusion_detection | 1.5 |
| broadcom | etrust_antivirus_gateway | 7.1 |
| broadcom | etrust_ez_antivirus | 6.3 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| broadcom | etrust_ez_armor | 2.4 |
| archive_zip | archive_zip | 1.13 |
| broadcom | inoculateit | 6.0 |
| broadcom | etrust_secure_content_manager | 1.1 |
| kaspersky_lab | kaspersky_anti-virus | 5.0 |
| sophos | sophos_anti-virus | 3.85 |
| gentoo | linux | * |
| eset_software | nod32_antivirus | 1.0.12 |
| mandrakesoft | mandrake_linux | 10.1 |
| ca | etrust_antivirus | 7.0_sp2 |
| rav_antivirus | rav_antivirus_desktop | 8.6 |
| sophos | sophos_anti-virus | 3.84 |
| broadcom | etrust_antivirus_gateway | 7.0 |
| rav_antivirus | rav_antivirus_for_mail_servers | 8.4.2 |
| sophos | sophos_small_business_suite | 1.0 |
| gentoo | linux | 1.4 |
| sophos | sophos_anti-virus | 3.79 |
| sophos | sophos_anti-virus | 3.78 |
| sophos | sophos_anti-virus | 3.81 |
| broadcom | etrust_ez_antivirus | 6.1 |
| kaspersky_lab | kaspersky_anti-virus | 4.0 |
| ca | etrust_secure_content_manager | 1.0 |
| sophos | sophos_anti-virus | 3.4.6 |
| rav_antivirus | rav_antivirus_for_file_servers | 1.0 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| broadcom | etrust_antivirus | 7.0 |
| kaspersky_lab | kaspersky_anti-virus | 3.0 |
| sophos | sophos_anti-virus | 3.82 |
| mcafee | antivirus_engine | 4.3.20 |
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
| sophos | sophos_anti-virus | 3.80 |
| eset_software | nod32_antivirus | 1.0.13 |
| broadcom | etrust_ez_armor | 2.3 |
| suse | suse_linux | 9.2 |
| broadcom | etrust_secure_content_manager | 1.0 |
| broadcom | etrust_antivirus | 7.1 |
Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor 2.0 through 2.4, and EZ-Antivirus 6.1 through 6.3 allow remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | etrust_ez_armor | 2.0 |
| sophos | sophos_anti-virus | 3.78d |
| sophos | sophos_anti-virus | 3.86 |
| eset_software | nod32_antivirus | 1.0.11 |
| broadcom | etrust_ez_antivirus | 6.2 |
| sophos | sophos_anti-virus | 3.83 |
| broadcom | etrust_intrusion_detection | 1.5 |
| broadcom | etrust_antivirus_gateway | 7.1 |
| broadcom | etrust_ez_antivirus | 6.3 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| broadcom | etrust_ez_armor | 2.4 |
| archive_zip | archive_zip | 1.13 |
| broadcom | inoculateit | 6.0 |
| broadcom | etrust_secure_content_manager | 1.1 |
| kaspersky_lab | kaspersky_anti-virus | 5.0 |
| sophos | sophos_anti-virus | 3.85 |
| gentoo | linux | * |
| eset_software | nod32_antivirus | 1.0.12 |
| mandrakesoft | mandrake_linux | 10.1 |
| ca | etrust_antivirus | 7.0_sp2 |
| rav_antivirus | rav_antivirus_desktop | 8.6 |
| sophos | sophos_anti-virus | 3.84 |
| broadcom | etrust_antivirus_gateway | 7.0 |
| rav_antivirus | rav_antivirus_for_mail_servers | 8.4.2 |
| sophos | sophos_small_business_suite | 1.0 |
| gentoo | linux | 1.4 |
| sophos | sophos_anti-virus | 3.79 |
| sophos | sophos_anti-virus | 3.78 |
| sophos | sophos_anti-virus | 3.81 |
| broadcom | etrust_ez_antivirus | 6.1 |
| kaspersky_lab | kaspersky_anti-virus | 4.0 |
| ca | etrust_secure_content_manager | 1.0 |
| sophos | sophos_anti-virus | 3.4.6 |
| rav_antivirus | rav_antivirus_for_file_servers | 1.0 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| broadcom | etrust_antivirus | 7.0 |
| kaspersky_lab | kaspersky_anti-virus | 3.0 |
| sophos | sophos_anti-virus | 3.82 |
| mcafee | antivirus_engine | 4.3.20 |
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
| sophos | sophos_anti-virus | 3.80 |
| eset_software | nod32_antivirus | 1.0.13 |
| broadcom | etrust_ez_armor | 2.3 |
| suse | suse_linux | 9.2 |
| broadcom | etrust_secure_content_manager | 1.0 |
| broadcom | etrust_antivirus | 7.1 |
Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | etrust_ez_armor | 2.0 |
| sophos | sophos_anti-virus | 3.78d |
| sophos | sophos_anti-virus | 3.86 |
| eset_software | nod32_antivirus | 1.0.11 |
| broadcom | etrust_ez_antivirus | 6.2 |
| sophos | sophos_anti-virus | 3.83 |
| broadcom | etrust_intrusion_detection | 1.5 |
| broadcom | etrust_antivirus_gateway | 7.1 |
| broadcom | etrust_ez_antivirus | 6.3 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| broadcom | etrust_ez_armor | 2.4 |
| archive_zip | archive_zip | 1.13 |
| broadcom | inoculateit | 6.0 |
| broadcom | etrust_secure_content_manager | 1.1 |
| kaspersky_lab | kaspersky_anti-virus | 5.0 |
| sophos | sophos_anti-virus | 3.85 |
| gentoo | linux | * |
| eset_software | nod32_antivirus | 1.0.12 |
| mandrakesoft | mandrake_linux | 10.1 |
| ca | etrust_antivirus | 7.0_sp2 |
| rav_antivirus | rav_antivirus_desktop | 8.6 |
| sophos | sophos_anti-virus | 3.84 |
| broadcom | etrust_antivirus_gateway | 7.0 |
| rav_antivirus | rav_antivirus_for_mail_servers | 8.4.2 |
| sophos | sophos_small_business_suite | 1.0 |
| gentoo | linux | 1.4 |
| sophos | sophos_anti-virus | 3.79 |
| sophos | sophos_anti-virus | 3.78 |
| sophos | sophos_anti-virus | 3.81 |
| broadcom | etrust_ez_antivirus | 6.1 |
| kaspersky_lab | kaspersky_anti-virus | 4.0 |
| ca | etrust_secure_content_manager | 1.0 |
| sophos | sophos_anti-virus | 3.4.6 |
| rav_antivirus | rav_antivirus_for_file_servers | 1.0 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| broadcom | etrust_antivirus | 7.0 |
| kaspersky_lab | kaspersky_anti-virus | 3.0 |
| sophos | sophos_anti-virus | 3.82 |
| mcafee | antivirus_engine | 4.3.20 |
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
| sophos | sophos_anti-virus | 3.80 |
| eset_software | nod32_antivirus | 1.0.13 |
| broadcom | etrust_ez_armor | 2.3 |
| suse | suse_linux | 9.2 |
| broadcom | etrust_secure_content_manager | 1.0 |
| broadcom | etrust_antivirus | 7.1 |
Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | etrust_ez_armor | 2.0 |
| sophos | sophos_anti-virus | 3.78d |
| sophos | sophos_anti-virus | 3.86 |
| eset_software | nod32_antivirus | 1.0.11 |
| broadcom | etrust_ez_antivirus | 6.2 |
| sophos | sophos_anti-virus | 3.83 |
| broadcom | etrust_intrusion_detection | 1.5 |
| broadcom | etrust_antivirus_gateway | 7.1 |
| broadcom | etrust_ez_antivirus | 6.3 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| broadcom | etrust_ez_armor | 2.4 |
| archive_zip | archive_zip | 1.13 |
| broadcom | inoculateit | 6.0 |
| broadcom | etrust_secure_content_manager | 1.1 |
| kaspersky_lab | kaspersky_anti-virus | 5.0 |
| sophos | sophos_anti-virus | 3.85 |
| gentoo | linux | * |
| eset_software | nod32_antivirus | 1.0.12 |
| mandrakesoft | mandrake_linux | 10.1 |
| ca | etrust_antivirus | 7.0_sp2 |
| rav_antivirus | rav_antivirus_desktop | 8.6 |
| sophos | sophos_anti-virus | 3.84 |
| broadcom | etrust_antivirus_gateway | 7.0 |
| rav_antivirus | rav_antivirus_for_mail_servers | 8.4.2 |
| sophos | sophos_small_business_suite | 1.0 |
| gentoo | linux | 1.4 |
| sophos | sophos_anti-virus | 3.79 |
| sophos | sophos_anti-virus | 3.78 |
| sophos | sophos_anti-virus | 3.81 |
| broadcom | etrust_ez_antivirus | 6.1 |
| kaspersky_lab | kaspersky_anti-virus | 4.0 |
| ca | etrust_secure_content_manager | 1.0 |
| sophos | sophos_anti-virus | 3.4.6 |
| rav_antivirus | rav_antivirus_for_file_servers | 1.0 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| broadcom | etrust_antivirus | 7.0 |
| kaspersky_lab | kaspersky_anti-virus | 3.0 |
| sophos | sophos_anti-virus | 3.82 |
| mcafee | antivirus_engine | 4.3.20 |
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
| sophos | sophos_anti-virus | 3.80 |
| eset_software | nod32_antivirus | 1.0.13 |
| broadcom | etrust_ez_armor | 2.3 |
| suse | suse_linux | 9.2 |
| broadcom | etrust_secure_content_manager | 1.0 |
| broadcom | etrust_antivirus | 7.1 |
RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | etrust_ez_armor | 2.0 |
| sophos | sophos_anti-virus | 3.78d |
| sophos | sophos_anti-virus | 3.86 |
| eset_software | nod32_antivirus | 1.0.11 |
| broadcom | etrust_ez_antivirus | 6.2 |
| sophos | sophos_anti-virus | 3.83 |
| broadcom | etrust_intrusion_detection | 1.5 |
| broadcom | etrust_antivirus_gateway | 7.1 |
| broadcom | etrust_ez_antivirus | 6.3 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| broadcom | etrust_ez_armor | 2.4 |
| archive_zip | archive_zip | 1.13 |
| broadcom | inoculateit | 6.0 |
| broadcom | etrust_secure_content_manager | 1.1 |
| kaspersky_lab | kaspersky_anti-virus | 5.0 |
| sophos | sophos_anti-virus | 3.85 |
| gentoo | linux | * |
| eset_software | nod32_antivirus | 1.0.12 |
| mandrakesoft | mandrake_linux | 10.1 |
| ca | etrust_antivirus | 7.0_sp2 |
| rav_antivirus | rav_antivirus_desktop | 8.6 |
| sophos | sophos_anti-virus | 3.84 |
| broadcom | etrust_antivirus_gateway | 7.0 |
| rav_antivirus | rav_antivirus_for_mail_servers | 8.4.2 |
| sophos | sophos_small_business_suite | 1.0 |
| gentoo | linux | 1.4 |
| sophos | sophos_anti-virus | 3.79 |
| sophos | sophos_anti-virus | 3.78 |
| sophos | sophos_anti-virus | 3.81 |
| broadcom | etrust_ez_antivirus | 6.1 |
| kaspersky_lab | kaspersky_anti-virus | 4.0 |
| ca | etrust_secure_content_manager | 1.0 |
| sophos | sophos_anti-virus | 3.4.6 |
| rav_antivirus | rav_antivirus_for_file_servers | 1.0 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| broadcom | etrust_antivirus | 7.0 |
| kaspersky_lab | kaspersky_anti-virus | 3.0 |
| sophos | sophos_anti-virus | 3.82 |
| mcafee | antivirus_engine | 4.3.20 |
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
| sophos | sophos_anti-virus | 3.80 |
| eset_software | nod32_antivirus | 1.0.13 |
| broadcom | etrust_ez_armor | 2.3 |
| suse | suse_linux | 9.2 |
| broadcom | etrust_secure_content_manager | 1.0 |
| broadcom | etrust_antivirus | 7.1 |
Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | etrust_ez_armor | 2.0 |
| sophos | sophos_anti-virus | 3.78d |
| sophos | sophos_anti-virus | 3.86 |
| eset_software | nod32_antivirus | 1.0.11 |
| broadcom | etrust_ez_antivirus | 6.2 |
| sophos | sophos_anti-virus | 3.83 |
| broadcom | etrust_intrusion_detection | 1.5 |
| broadcom | etrust_antivirus_gateway | 7.1 |
| broadcom | etrust_ez_antivirus | 6.3 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| broadcom | etrust_ez_armor | 2.4 |
| archive_zip | archive_zip | 1.13 |
| broadcom | inoculateit | 6.0 |
| broadcom | etrust_secure_content_manager | 1.1 |
| kaspersky_lab | kaspersky_anti-virus | 5.0 |
| sophos | sophos_anti-virus | 3.85 |
| gentoo | linux | * |
| eset_software | nod32_antivirus | 1.0.12 |
| mandrakesoft | mandrake_linux | 10.1 |
| ca | etrust_antivirus | 7.0_sp2 |
| rav_antivirus | rav_antivirus_desktop | 8.6 |
| sophos | sophos_anti-virus | 3.84 |
| broadcom | etrust_antivirus_gateway | 7.0 |
| rav_antivirus | rav_antivirus_for_mail_servers | 8.4.2 |
| sophos | sophos_small_business_suite | 1.0 |
| gentoo | linux | 1.4 |
| sophos | sophos_anti-virus | 3.79 |
| sophos | sophos_anti-virus | 3.78 |
| sophos | sophos_anti-virus | 3.81 |
| broadcom | etrust_ez_antivirus | 6.1 |
| kaspersky_lab | kaspersky_anti-virus | 4.0 |
| ca | etrust_secure_content_manager | 1.0 |
| sophos | sophos_anti-virus | 3.4.6 |
| rav_antivirus | rav_antivirus_for_file_servers | 1.0 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| broadcom | etrust_antivirus | 7.0 |
| kaspersky_lab | kaspersky_anti-virus | 3.0 |
| sophos | sophos_anti-virus | 3.82 |
| mcafee | antivirus_engine | 4.3.20 |
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
| sophos | sophos_anti-virus | 3.80 |
| eset_software | nod32_antivirus | 1.0.13 |
| broadcom | etrust_ez_armor | 2.3 |
| suse | suse_linux | 9.2 |
| broadcom | etrust_secure_content_manager | 1.0 |
| broadcom | etrust_antivirus | 7.1 |
Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| arj_software_inc. | unarj | 2.63_a |
| arj_software_inc. | unarj | 2.64 |
| arj_software_inc. | unarj | 2.62 |
| suse | suse_linux | 9.0 |
| gentoo | linux | * |
| suse | suse_linux | 9.1 |
| suse | suse_linux | 9.2 |
| arj_software_inc. | unarj | 2.65 |
The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | groff | 1.19 |
| ubuntu | ubuntu_linux | 4.1 |
| gentoo | linux | * |
The lvmcreate_initrd script in the lvm package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lvm | logical_volume_management_utilities | 1.0.4 |
| lvm | logical_volume_management_utilities | 1.0.8 |
| gentoo | linux | * |
| lvm | logical_volume_management_utilities | 1.0.1 |
| lvm | logical_volume_management_utilities | 1.0.7 |
The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openssl | openssl | 0.9.6b |
| mandrakesoft | mandrake_multi_network_firewall | 8.2 |
| openssl | openssl | 0.9.6a |
| openssl | openssl | 0.9.6i |
| mandrakesoft | mandrake_linux | 10.0 |
| openssl | openssl | 0.9.7c |
| openssl | openssl | 0.9.6 |
| openssl | openssl | 0.9.6k |
| openssl | openssl | 0.9.6l |
| openssl | openssl | 0.9.6c |
| openssl | openssl | 0.9.7d |
| openssl | openssl | 0.9.6m |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
| openssl | openssl | 0.9.6d |
| openssl | openssl | 0.9.6g |
| openssl | openssl | 0.9.6f |
| openssl | openssl | 0.9.6e |
| openssl | openssl | 0.9.6j |
| openssl | openssl | 0.9.6h |
| gentoo | linux | * |
| mandrakesoft | mandrake_linux | 9.2 |
| mandrakesoft | mandrake_linux | 10.1 |
Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 through 3.0.11b8, when running in daemon mode with certain service types in use, allows remote servers to execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 3.0 |
| angus_mackay | ez-ipupdate | 3.0.11b8 |
| gentoo | linux | * |
| angus_mackay | ez-ipupdate | 3.0.11b5 |
Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | suse_linux | 8.2 |
| imagemagick | imagemagick | 6.0.7 |
| imagemagick | imagemagick | 5.4.3 |
| debian | debian_linux | 3.0 |
| imagemagick | imagemagick | 6.0.4 |
| suse | suse_linux | 8.1 |
| gentoo | linux | * |
| suse | suse_linux | 9.1 |
| imagemagick | imagemagick | 5.4.8.2.1.1.0 |
| imagemagick | imagemagick | 5.4.4.5 |
| imagemagick | imagemagick | 5.5.6.0_2003-04-09 |
| imagemagick | imagemagick | 6.0 |
| imagemagick | imagemagick | 5.4.8 |
| imagemagick | imagemagick | 5.3.3 |
| suse | suse_linux | 9.0 |
| imagemagick | imagemagick | 6.0.5 |
| imagemagick | imagemagick | 5.5.7 |
| imagemagick | imagemagick | 6.0.3 |
| suse | suse_linux | 8.0 |
| imagemagick | imagemagick | 6.0.6 |
| imagemagick | imagemagick | 6.0.1 |
| imagemagick | imagemagick | 5.4.7 |
| imagemagick | imagemagick | 5.5.3.2.1.2.0 |
| suse | suse_linux | 9.2 |
| imagemagick | imagemagick | 6.0.8 |
The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mandrakesoft | mandrake_linux | 10.0 |
| yukihiro_matsumoto | ruby | 1.8.2_pre1 |
| yukihiro_matsumoto | ruby | 1.8 |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
| yukihiro_matsumoto | ruby | 1.8.2_pre2 |
| yukihiro_matsumoto | ruby | 1.6 |
| yukihiro_matsumoto | ruby | 1.8.1 |
| ubuntu | ubuntu_linux | 4.1 |
| yukihiro_matsumoto | ruby | 1.6.7 |
| gentoo | linux | * |
| mandrakesoft | mandrake_linux | 9.2 |
| mandrakesoft | mandrake_linux | 10.1 |
Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openpkg | openpkg | 2.2 |
| gd_graphics_library | gdlib | 2.0.15 |
| suse | suse_linux | 8.2 |
| gd_graphics_library | gdlib | 2.0.27 |
| openpkg | openpkg | current |
| suse | suse_linux | 8.1 |
| gd_graphics_library | gdlib | 2.0.21 |
| trustix | secure_linux | 2.1 |
| gentoo | linux | * |
| suse | suse_linux | 9.1 |
| gd_graphics_library | gdlib | 2.0.23 |
| gd_graphics_library | gdlib | 2.0.28 |
| trustix | secure_linux | 1.5 |
| gd_graphics_library | gdlib | 1.8.4 |
| suse | suse_linux | 9.0 |
| trustix | secure_linux | 2.0 |
| trustix | secure_linux | 2.2 |
| gd_graphics_library | gdlib | 2.0.1 |
| gd_graphics_library | gdlib | 2.0.20 |
| suse | suse_linux | 8.0 |
| gd_graphics_library | gdlib | 2.0.22 |
| openpkg | openpkg | 2.1 |
| gd_graphics_library | gdlib | 2.0.26 |
| suse | suse_linux | 9.2 |
main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 3.0 |
| cscope | cscope | 15.5 |
| cscope | cscope | 15.1 |
| cscope | cscope | 13.0 |
| sco | unixware | 7.1.3 |
| sco | unixware | 7.1.4 |
| cscope | cscope | 15.3 |
| cscope | cscope | 15.4 |
| gentoo | linux | * |
| sco | unixware | 7.1.1 |
Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | linux_advanced_workstation | 2.1 |
| midnight_commander | midnight_commander | 4.5.49 |
| turbolinux | turbolinux_server | 8.0 |
| suse | suse_linux | 8.2 |
| turbolinux | turbolinux_workstation | 7.0 |
| midnight_commander | midnight_commander | 4.5.45 |
| debian | debian_linux | 3.0 |
| midnight_commander | midnight_commander | 4.5.47 |
| redhat | enterprise_linux | 2.1 |
| suse | suse_linux | 8.1 |
| midnight_commander | midnight_commander | 4.5.43 |
| midnight_commander | midnight_commander | 4.5.52 |
| gentoo | linux | * |
| suse | suse_linux | 9.1 |
| midnight_commander | midnight_commander | 4.5.40 |
| midnight_commander | midnight_commander | 4.5.46 |
| turbolinux | turbolinux_server | 7.0 |
| midnight_commander | midnight_commander | 4.6 |
| midnight_commander | midnight_commander | 4.5.48 |
| midnight_commander | midnight_commander | 4.5.50 |
| midnight_commander | midnight_commander | 4.5.51 |
| midnight_commander | midnight_commander | 4.5.54 |
| suse | suse_linux | 9.0 |
| midnight_commander | midnight_commander | 4.5.44 |
| suse | suse_linux | 8.0 |
| midnight_commander | midnight_commander | 4.5.42 |
| midnight_commander | midnight_commander | 4.5.41 |
| midnight_commander | midnight_commander | 4.5.55 |
| turbolinux | turbolinux_workstation | 8.0 |
| suse | suse_linux | 9.2 |
Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | linux_advanced_workstation | 2.1 |
| midnight_commander | midnight_commander | 4.5.49 |
| turbolinux | turbolinux_server | 8.0 |
| suse | suse_linux | 8.2 |
| turbolinux | turbolinux_workstation | 7.0 |
| midnight_commander | midnight_commander | 4.5.45 |
| debian | debian_linux | 3.0 |
| midnight_commander | midnight_commander | 4.5.47 |
| redhat | enterprise_linux | 2.1 |
| suse | suse_linux | 8.1 |
| midnight_commander | midnight_commander | 4.5.43 |
| midnight_commander | midnight_commander | 4.5.52 |
| gentoo | linux | * |
| suse | suse_linux | 9.1 |
| midnight_commander | midnight_commander | 4.5.40 |
| midnight_commander | midnight_commander | 4.5.46 |
| turbolinux | turbolinux_server | 7.0 |
| midnight_commander | midnight_commander | 4.6 |
| midnight_commander | midnight_commander | 4.5.48 |
| midnight_commander | midnight_commander | 4.5.50 |
| midnight_commander | midnight_commander | 4.5.51 |
| midnight_commander | midnight_commander | 4.5.54 |
| suse | suse_linux | 9.0 |
| midnight_commander | midnight_commander | 4.5.44 |
| suse | suse_linux | 8.0 |
| midnight_commander | midnight_commander | 4.5.42 |
| midnight_commander | midnight_commander | 4.5.41 |
| midnight_commander | midnight_commander | 4.5.55 |
| turbolinux | turbolinux_workstation | 8.0 |
| suse | suse_linux | 9.2 |
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | linux_advanced_workstation | 2.1 |
| midnight_commander | midnight_commander | 4.5.49 |
| turbolinux | turbolinux_server | 8.0 |
| suse | suse_linux | 8.2 |
| turbolinux | turbolinux_workstation | 7.0 |
| midnight_commander | midnight_commander | 4.5.45 |
| debian | debian_linux | 3.0 |
| midnight_commander | midnight_commander | 4.5.47 |
| redhat | enterprise_linux | 2.1 |
| suse | suse_linux | 8.1 |
| midnight_commander | midnight_commander | 4.5.43 |
| midnight_commander | midnight_commander | 4.5.52 |
| gentoo | linux | * |
| suse | suse_linux | 9.1 |
| midnight_commander | midnight_commander | 4.5.40 |
| midnight_commander | midnight_commander | 4.5.46 |
| turbolinux | turbolinux_server | 7.0 |
| midnight_commander | midnight_commander | 4.6 |
| midnight_commander | midnight_commander | 4.5.48 |
| midnight_commander | midnight_commander | 4.5.50 |
| midnight_commander | midnight_commander | 4.5.51 |
| midnight_commander | midnight_commander | 4.5.54 |
| suse | suse_linux | 9.0 |
| midnight_commander | midnight_commander | 4.5.44 |
| suse | suse_linux | 8.0 |
| midnight_commander | midnight_commander | 4.5.42 |
| midnight_commander | midnight_commander | 4.5.41 |
| midnight_commander | midnight_commander | 4.5.55 |
| turbolinux | turbolinux_workstation | 8.0 |
| suse | suse_linux | 9.2 |
Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| enlightenment | imlib | 1.9.13 |
| redhat | linux | 9.0 |
| enlightenment | imlib | 1.9.14 |
| redhat | linux | 7.3 |
| gentoo | linux | * |
Multiple integer overflows in the image handler for imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| enlightenment | imlib | 1.9.13 |
| redhat | linux | 9.0 |
| enlightenment | imlib | 1.9.14 |
| redhat | linux | 7.3 |
| gentoo | linux | * |
Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 3.0 |
| arjsoftware | unarj | 2.63 |
| arjsoftware | unarj | 2.65 |
| gentoo | linux | * |
| arjsoftware | unarj | 2.62 |
| arjsoftware | unarj | 2.64 |
The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.1_02 |
| hp | hp-ux | 11.11 |
| sun | jre | 1.4 |
| symantec | gateway_security_5400 | 2.0.1 |
| sun | jre | 1.3.1 |
| sun | jdk | 1.4 |
| sun | jdk | 1.3.1_03 |
| sun | jdk | 1.3.1_07 |
| gentoo | linux | * |
| sun | jre | 1.3.1_06 |
| hp | hp-ux | 11.00 |
| sun | jre | 1.3.1_07 |
| sun | jdk | 1.4.0_02 |
| sun | jdk | 1.4.1_01 |
| conectiva | linux | 10.0 |
| sun | jdk | 1.3.1_05 |
| sun | jre | 1.3.1_05 |
| sun | jre | 1.3.1_09 |
| sun | jdk | 1.4.2_03 |
| sun | jdk | 1.4.2_04 |
| sun | jre | 1.4.2 |
| sun | jre | 1.4.0_04 |
| sun | jre | 1.4.1_02 |
| sun | jdk | 1.4.2_05 |
| sun | jre | 1.4.0_01 |
| symantec | enterprise_firewall | 8.0 |
| sun | jdk | 1.4.1 |
| sun | jre | 1.3.0 |
| sun | jdk | 1.3.1_02 |
| sun | jdk | 1.4.2_02 |
| sun | jdk | 1.4.0_03 |
| hp | java_sdk-rte | 1.3 |
| sun | jdk | 1.4.1_03 |
| sun | jdk | 1.3.1_04 |
| sun | jre | 1.4.1_07 |
| sun | jre | 1.4.1_01 |
| sun | jdk | 1.3.1_01a |
| sun | jdk | 1.4.0_4 |
| sun | jdk | 1.4.2_01 |
| sun | jdk | 1.4.0_01 |
| sun | jre | 1.4.0_03 |
| sun | jdk | 1.4.2 |
| hp | java_sdk-rte | 1.4 |
| symantec | gateway_security_5400 | 2.0 |
| sun | jre | 1.3.1_02 |
| sun | jdk | 1.3.1_06 |
| sun | jre | 1.3.1_03 |
| hp | hp-ux | 11.22 |
| sun | jre | 1.4.0_02 |
| hp | hp-ux | 11.23 |
| sun | jre | 1.4.1 |
| sun | jdk | 1.3.1_01 |
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to gain sensitive information by calling fcronsighup with an arbitrary file, which reveals the contents of the file that can not be parsed in an error message.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| thibault_godouet | fcron | 2.9.4 |
| thibault_godouet | fcron | 2.0.1 |
| gentoo | linux | * |
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, such as /proc/self/cmdline or /proc/self/environ.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| thibault_godouet | fcron | 2.9.4 |
| thibault_godouet | fcron | 2.0.1 |
| gentoo | linux | * |
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash (/) characters such that fcronsighup does not properly append the intended fcrontab.sig to the resulting string.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| thibault_godouet | fcron | 2.9.4 |
| thibault_godouet | fcron | 2.0.1 |
| gentoo | linux | * |
Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| thibault_godouet | fcron | 2.9.4 |
| thibault_godouet | fcron | 2.0.1 |
| gentoo | linux | * |
Buffer overflow in the http_open function in Kaffeine before 0.5, whose code is also used in gxine before 0.3.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long Content-Type header for a Real Audio Media (.ram) playlist file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xine | gxine | 0.3 |
| kaffeine | kaffeine_player | 0.4.3 |
| gentoo | linux | * |
| kaffeine | kaffeine_player | 0.4.3b |
| kaffeine | kaffeine_player | 0.5_rc1 |
| kaffeine | kaffeine_player | 0.4.2 |
Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| squirrelmail | squirrelmail | 1.2 |
| squirrelmail | squirrelmail | 1.4.3a |
| squirrelmail | squirrelmail | 1.5_dev |
| squirrelmail | squirrelmail | 1.4 |
| squirrelmail | squirrelmail | 1.2.6 |
| squirrelmail | squirrelmail | 1.2.11 |
| squirrelmail | squirrelmail | 1.4.1 |
| squirrelmail | squirrelmail | 1.0.5 |
| squirrelmail | squirrelmail | 1.2.3 |
| squirrelmail | squirrelmail | 1.2.7 |
| squirrelmail | squirrelmail | 1.2.2 |
| squirrelmail | squirrelmail | 1.4.3 |
| squirrelmail | squirrelmail | 1.4.2 |
| squirrelmail | squirrelmail | 1.0.4 |
| squirrelmail | squirrelmail | 1.2.10 |
| squirrelmail | squirrelmail | 1.2.9 |
| squirrelmail | squirrelmail | 1.4.3_rc1 |
| squirrelmail | squirrelmail | 1.2.1 |
| squirrelmail | squirrelmail | 1.2.5 |
| squirrelmail | squirrelmail | 1.2.8 |
| gentoo | linux | * |
| squirrelmail | squirrelmail | 1.2.4 |
The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| twiki | twiki | 2003-02-01 |
| gentoo | linux | * |
Buffer overflow in the getnickuserhost function in BNC 2.8.9, and possibly other versions, allows remote IRC servers to execute arbitrary code via an IRC server response that contains many (1) ! (exclamation) or (2) @ (at sign) characters.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 3.0 |
| bnc | bnc | 2.6.4 |
| bnc | bnc | 2.6.2 |
| bnc | bnc | 2.4.6 |
| bnc | bnc | 2.6 |
| bnc | bnc | 2.8.8 |
| gentoo | linux | * |
| bnc | bnc | 2.2.4 |
| bnc | bnc | 2.4.8 |
| bnc | bnc | 2.8.9 |
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| phpmyadmin | phpmyadmin | 2.5.5_pl1 |
| phpmyadmin | phpmyadmin | 2.5.1 |
| gentoo | linux | 1.4 |
| phpmyadmin | phpmyadmin | 2.5.2 |
| phpmyadmin | phpmyadmin | 2.5.7_pl1 |
| phpmyadmin | phpmyadmin | 2.5.6_rc1 |
| phpmyadmin | phpmyadmin | 2.5.7 |
| phpmyadmin | phpmyadmin | 2.5.4 |
| phpmyadmin | phpmyadmin | 2.5.5_rc2 |
| phpmyadmin | phpmyadmin | 2.6.0_pl1 |
| phpmyadmin | phpmyadmin | 2.5.0 |
| phpmyadmin | phpmyadmin | 2.6.0_pl2 |
| phpmyadmin | phpmyadmin | 2.5.5_rc1 |
| phpmyadmin | phpmyadmin | 2.5.5 |
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header."
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | linux_advanced_workstation | 2.1 |
| midnight_commander | midnight_commander | 4.5.49 |
| turbolinux | turbolinux_server | 8.0 |
| suse | suse_linux | 8.2 |
| turbolinux | turbolinux_workstation | 7.0 |
| midnight_commander | midnight_commander | 4.5.45 |
| debian | debian_linux | 3.0 |
| midnight_commander | midnight_commander | 4.5.47 |
| redhat | enterprise_linux | 2.1 |
| suse | suse_linux | 8.1 |
| midnight_commander | midnight_commander | 4.5.43 |
| midnight_commander | midnight_commander | 4.5.52 |
| gentoo | linux | * |
| suse | suse_linux | 9.1 |
| midnight_commander | midnight_commander | 4.5.40 |
| midnight_commander | midnight_commander | 4.5.46 |
| turbolinux | turbolinux_server | 7.0 |
| midnight_commander | midnight_commander | 4.6 |
| midnight_commander | midnight_commander | 4.5.48 |
| midnight_commander | midnight_commander | 4.5.50 |
| midnight_commander | midnight_commander | 4.5.51 |
| midnight_commander | midnight_commander | 4.5.54 |
| suse | suse_linux | 9.0 |
| midnight_commander | midnight_commander | 4.5.44 |
| suse | suse_linux | 8.0 |
| midnight_commander | midnight_commander | 4.5.42 |
| midnight_commander | midnight_commander | 4.5.41 |
| midnight_commander | midnight_commander | 4.5.55 |
| turbolinux | turbolinux_workstation | 8.0 |
| suse | suse_linux | 9.2 |
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | linux_advanced_workstation | 2.1 |
| midnight_commander | midnight_commander | 4.5.49 |
| turbolinux | turbolinux_server | 8.0 |
| suse | suse_linux | 8.2 |
| turbolinux | turbolinux_workstation | 7.0 |
| midnight_commander | midnight_commander | 4.5.45 |
| debian | debian_linux | 3.0 |
| midnight_commander | midnight_commander | 4.5.47 |
| redhat | enterprise_linux | 2.1 |
| suse | suse_linux | 8.1 |
| midnight_commander | midnight_commander | 4.5.43 |
| midnight_commander | midnight_commander | 4.5.52 |
| gentoo | linux | * |
| suse | suse_linux | 9.1 |
| midnight_commander | midnight_commander | 4.5.40 |
| midnight_commander | midnight_commander | 4.5.46 |
| turbolinux | turbolinux_server | 7.0 |
| midnight_commander | midnight_commander | 4.6 |
| midnight_commander | midnight_commander | 4.5.48 |
| midnight_commander | midnight_commander | 4.5.50 |
| midnight_commander | midnight_commander | 4.5.51 |
| midnight_commander | midnight_commander | 4.5.54 |
| suse | suse_linux | 9.0 |
| midnight_commander | midnight_commander | 4.5.44 |
| suse | suse_linux | 8.0 |
| midnight_commander | midnight_commander | 4.5.42 |
| midnight_commander | midnight_commander | 4.5.41 |
| midnight_commander | midnight_commander | 4.5.55 |
| turbolinux | turbolinux_workstation | 8.0 |
| suse | suse_linux | 9.2 |
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | linux_advanced_workstation | 2.1 |
| midnight_commander | midnight_commander | 4.5.49 |
| turbolinux | turbolinux_server | 8.0 |
| suse | suse_linux | 8.2 |
| turbolinux | turbolinux_workstation | 7.0 |
| midnight_commander | midnight_commander | 4.5.45 |
| debian | debian_linux | 3.0 |
| midnight_commander | midnight_commander | 4.5.47 |
| redhat | enterprise_linux | 2.1 |
| suse | suse_linux | 8.1 |
| midnight_commander | midnight_commander | 4.5.43 |
| midnight_commander | midnight_commander | 4.5.52 |
| gentoo | linux | * |
| suse | suse_linux | 9.1 |
| midnight_commander | midnight_commander | 4.5.40 |
| midnight_commander | midnight_commander | 4.5.46 |
| turbolinux | turbolinux_server | 7.0 |
| midnight_commander | midnight_commander | 4.6 |
| midnight_commander | midnight_commander | 4.5.48 |
| midnight_commander | midnight_commander | 4.5.50 |
| midnight_commander | midnight_commander | 4.5.51 |
| midnight_commander | midnight_commander | 4.5.54 |
| suse | suse_linux | 9.0 |
| midnight_commander | midnight_commander | 4.5.44 |
| suse | suse_linux | 8.0 |
| midnight_commander | midnight_commander | 4.5.42 |
| midnight_commander | midnight_commander | 4.5.41 |
| midnight_commander | midnight_commander | 4.5.55 |
| turbolinux | turbolinux_workstation | 8.0 |
| suse | suse_linux | 9.2 |
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | linux_advanced_workstation | 2.1 |
| midnight_commander | midnight_commander | 4.5.49 |
| turbolinux | turbolinux_server | 8.0 |
| suse | suse_linux | 8.2 |
| turbolinux | turbolinux_workstation | 7.0 |
| midnight_commander | midnight_commander | 4.5.45 |
| debian | debian_linux | 3.0 |
| midnight_commander | midnight_commander | 4.5.47 |
| redhat | enterprise_linux | 2.1 |
| suse | suse_linux | 8.1 |
| midnight_commander | midnight_commander | 4.5.43 |
| midnight_commander | midnight_commander | 4.5.52 |
| gentoo | linux | * |
| suse | suse_linux | 9.1 |
| midnight_commander | midnight_commander | 4.5.40 |
| midnight_commander | midnight_commander | 4.5.46 |
| turbolinux | turbolinux_server | 7.0 |
| midnight_commander | midnight_commander | 4.6 |
| midnight_commander | midnight_commander | 4.5.48 |
| midnight_commander | midnight_commander | 4.5.50 |
| midnight_commander | midnight_commander | 4.5.51 |
| midnight_commander | midnight_commander | 4.5.54 |
| suse | suse_linux | 9.0 |
| midnight_commander | midnight_commander | 4.5.44 |
| suse | suse_linux | 8.0 |
| midnight_commander | midnight_commander | 4.5.42 |
| midnight_commander | midnight_commander | 4.5.41 |
| midnight_commander | midnight_commander | 4.5.55 |
| turbolinux | turbolinux_workstation | 8.0 |
| suse | suse_linux | 9.2 |
Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | etrust_ez_armor | 2.0 |
| sophos | sophos_anti-virus | 3.78d |
| sophos | sophos_anti-virus | 3.86 |
| eset_software | nod32_antivirus | 1.0.11 |
| broadcom | etrust_ez_antivirus | 6.2 |
| sophos | sophos_anti-virus | 3.83 |
| broadcom | etrust_intrusion_detection | 1.5 |
| broadcom | etrust_antivirus_gateway | 7.1 |
| broadcom | etrust_ez_antivirus | 6.3 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| broadcom | etrust_ez_armor | 2.4 |
| broadcom | inoculateit | 6.0 |
| broadcom | etrust_secure_content_manager | 1.1 |
| kaspersky_lab | kaspersky_anti-virus | 5.0 |
| sophos | sophos_anti-virus | 3.85 |
| gentoo | linux | * |
| eset_software | nod32_antivirus | 1.0.12 |
| mandrakesoft | mandrake_linux | 10.1 |
| ca | etrust_antivirus | 7.0_sp2 |
| rav_antivirus | rav_antivirus_desktop | 8.6 |
| sophos | sophos_anti-virus | 3.84 |
| broadcom | etrust_antivirus_gateway | 7.0 |
| rav_antivirus | rav_antivirus_for_mail_servers | 8.4.2 |
| sophos | sophos_small_business_suite | 1.0 |
| gentoo | linux | 1.4 |
| sophos | sophos_anti-virus | 3.79 |
| sophos | sophos_anti-virus | 3.78 |
| sophos | sophos_anti-virus | 3.81 |
| broadcom | etrust_ez_antivirus | 6.1 |
| kaspersky_lab | kaspersky_anti-virus | 4.0 |
| ca | etrust_secure_content_manager | 1.0 |
| sophos | sophos_anti-virus | 3.4.6 |
| rav_antivirus | rav_antivirus_for_file_servers | 1.0 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| broadcom | etrust_antivirus | 7.0 |
| kaspersky_lab | kaspersky_anti-virus | 3.0 |
| sophos | sophos_anti-virus | 3.82 |
| mcafee | antivirus_engine | 4.3.20 |
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
| sophos | sophos_anti-virus | 3.80 |
| eset_software | nod32_antivirus | 1.0.13 |
| broadcom | etrust_ez_armor | 2.3 |
| suse | suse_linux | 9.2 |
| broadcom | etrust_secure_content_manager | 1.0 |
| broadcom | etrust_antivirus | 7.1 |
Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gallery_project | gallery | 1.4.1 |
| gallery_project | gallery | 1.4.3_pl1 |
| gallery_project | gallery | 1.4_pl1 |
| gallery_project | gallery | 1.4.2 |
| gallery_project | gallery | 1.4 |
| gallery_project | gallery | 1.4_pl2 |
| gallery_project | gallery | 1.4.3_pl2 |
| gentoo | linux | * |
dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | linux | * |
qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary directory.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | linux | * |
The mtink status monitor before 1.0.5 for Epson printers allows local users to overwrite arbitrary files via a symlink attack on the epson temporary file.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| jean-jacques_sarton | mtink | 0.9.32 |
| jean-jacques_sarton | mtink | 0.9.53 |
| jean-jacques_sarton | mtink | 0.9.52 |
| gentoo | linux | * |
| jean-jacques_sarton | mtink | 1.0.4 |
| jean-jacques_sarton | mtink | 0.9.33 |
The init scripts in Search for Extraterrestrial Intelligence (SETI) project 3.08-r3 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | linux | * |
The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | linux | * |
The init scripts in ChessBrain 20407 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | linux | * |
rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| rssh | rssh | 2.2.2 |
| rssh | rssh | 2.0 |
| rssh | rssh | 2.2.1 |
| rssh | rssh | 2.1 |
| rssh | rssh | 2.2 |
| gentoo | linux | * |
The unison command in scponly before 4.0 does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via the (1) -rshcmd or (2) -sshcmd flags.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| scponly | scponly | 2.4 |
| scponly | scponly | 3.11 |
| scponly | scponly | 2.1 |
| scponly | scponly | 3.9 |
| scponly | scponly | 3.5 |
| scponly | scponly | 2.0 |
| scponly | scponly | 3.0 |
| scponly | scponly | 2.3 |
| gentoo | linux | * |
| scponly | scponly | 3.8 |
mirrorselect before 0.89 creates temporary files in a world-writable location with predictable file names, which allows remote attackers to overwrite arbitrary files via a symlink attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | mirrorselect | 0.88 |
| gentoo | mirrorselect | 0.81 |
| gentoo | mirrorselect | 0.83 |
| gentoo | mirrorselect | 0.87 |
| gentoo | mirrorselect | 0.84 |
| gentoo | mirrorselect | 0.86 |
| gentoo | mirrorselect | 0.85 |
| gentoo | mirrorselect | 0.82 |
| gentoo | mirrorselect | 0.80 |
direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | linux_advanced_workstation | 2.1 |
| midnight_commander | midnight_commander | 4.5.49 |
| turbolinux | turbolinux_server | 8.0 |
| suse | suse_linux | 8.2 |
| turbolinux | turbolinux_workstation | 7.0 |
| midnight_commander | midnight_commander | 4.5.45 |
| debian | debian_linux | 3.0 |
| midnight_commander | midnight_commander | 4.5.47 |
| redhat | enterprise_linux | 2.1 |
| suse | suse_linux | 8.1 |
| midnight_commander | midnight_commander | 4.5.43 |
| midnight_commander | midnight_commander | 4.5.52 |
| gentoo | linux | * |
| suse | suse_linux | 9.1 |
| midnight_commander | midnight_commander | 4.5.40 |
| midnight_commander | midnight_commander | 4.5.46 |
| turbolinux | turbolinux_server | 7.0 |
| midnight_commander | midnight_commander | 4.6 |
| midnight_commander | midnight_commander | 4.5.48 |
| midnight_commander | midnight_commander | 4.5.50 |
| midnight_commander | midnight_commander | 4.5.51 |
| midnight_commander | midnight_commander | 4.5.54 |
| suse | suse_linux | 9.0 |
| midnight_commander | midnight_commander | 4.5.44 |
| suse | suse_linux | 8.0 |
| midnight_commander | midnight_commander | 4.5.42 |
| midnight_commander | midnight_commander | 4.5.41 |
| midnight_commander | midnight_commander | 4.5.55 |
| turbolinux | turbolinux_workstation | 8.0 |
| suse | suse_linux | 9.2 |
fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | linux_advanced_workstation | 2.1 |
| midnight_commander | midnight_commander | 4.5.49 |
| turbolinux | turbolinux_server | 8.0 |
| suse | suse_linux | 8.2 |
| turbolinux | turbolinux_workstation | 7.0 |
| midnight_commander | midnight_commander | 4.5.45 |
| debian | debian_linux | 3.0 |
| midnight_commander | midnight_commander | 4.5.47 |
| redhat | enterprise_linux | 2.1 |
| suse | suse_linux | 8.1 |
| midnight_commander | midnight_commander | 4.5.43 |
| midnight_commander | midnight_commander | 4.5.52 |
| gentoo | linux | * |
| suse | suse_linux | 9.1 |
| midnight_commander | midnight_commander | 4.5.40 |
| midnight_commander | midnight_commander | 4.5.46 |
| turbolinux | turbolinux_server | 7.0 |
| midnight_commander | midnight_commander | 4.6 |
| midnight_commander | midnight_commander | 4.5.48 |
| midnight_commander | midnight_commander | 4.5.50 |
| midnight_commander | midnight_commander | 4.5.51 |
| midnight_commander | midnight_commander | 4.5.54 |
| suse | suse_linux | 9.0 |
| midnight_commander | midnight_commander | 4.5.44 |
| suse | suse_linux | 8.0 |
| midnight_commander | midnight_commander | 4.5.42 |
| midnight_commander | midnight_commander | 4.5.41 |
| midnight_commander | midnight_commander | 4.5.55 |
| turbolinux | turbolinux_workstation | 8.0 |
| suse | suse_linux | 9.2 |
Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | linux_advanced_workstation | 2.1 |
| midnight_commander | midnight_commander | 4.5.49 |
| turbolinux | turbolinux_server | 8.0 |
| suse | suse_linux | 8.2 |
| turbolinux | turbolinux_workstation | 7.0 |
| midnight_commander | midnight_commander | 4.5.45 |
| debian | debian_linux | 3.0 |
| midnight_commander | midnight_commander | 4.5.47 |
| redhat | enterprise_linux | 2.1 |
| suse | suse_linux | 8.1 |
| midnight_commander | midnight_commander | 4.5.43 |
| midnight_commander | midnight_commander | 4.5.52 |
| gentoo | linux | * |
| suse | suse_linux | 9.1 |
| midnight_commander | midnight_commander | 4.5.40 |
| midnight_commander | midnight_commander | 4.5.46 |
| turbolinux | turbolinux_server | 7.0 |
| midnight_commander | midnight_commander | 4.6 |
| midnight_commander | midnight_commander | 4.5.48 |
| midnight_commander | midnight_commander | 4.5.50 |
| midnight_commander | midnight_commander | 4.5.51 |
| midnight_commander | midnight_commander | 4.5.54 |
| suse | suse_linux | 9.0 |
| midnight_commander | midnight_commander | 4.5.44 |
| suse | suse_linux | 8.0 |
| midnight_commander | midnight_commander | 4.5.42 |
| midnight_commander | midnight_commander | 4.5.41 |
| midnight_commander | midnight_commander | 4.5.55 |
| turbolinux | turbolinux_workstation | 8.0 |
| suse | suse_linux | 9.2 |
Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| file | file | 4.10 |
| file | file | 4.0 |
| file | file | 4.11 |
| file | file | 4.1 |
| trustix | secure_linux | 2.0 |
| trustix | secure_linux | 2.2 |
| file | file | 4.7 |
| file | file | 4.6 |
| file | file | 4.3 |
| file | file | 4.9 |
| trustix | secure_linux | 2.1 |
| file | file | 4.4 |
| file | file | 4.2 |
| gentoo | linux | * |
| file | file | 4.5 |
| file | file | 4.8 |
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| avaya | call_management_system_server | 8.0 |
| libtiff | libtiff | 3.7.0 |
| apple | mac_os_x_server | 10.3.1 |
| libtiff | libtiff | 3.5.1 |
| apple | mac_os_x | 10.3 |
| apple | mac_os_x | 10.3.3 |
| f5 | icontrol_service_manager | 1.3.5 |
| apple | mac_os_x | 10.3.5 |
| avaya | call_management_system_server | 13.0 |
| libtiff | libtiff | 3.5.5 |
| apple | mac_os_x | 10.3.9 |
| libtiff | libtiff | 3.6.0 |
| apple | mac_os_x | 10.3.7 |
| apple | mac_os_x_server | 10.3.7 |
| libtiff | libtiff | 3.5.4 |
| gentoo | linux | * |
| f5 | icontrol_service_manager | 1.3.4 |
| mandrakesoft | mandrake_linux | 10.0 |
| sco | unixware | 7.1.4 |
| conectiva | linux | 10.0 |
| apple | mac_os_x | 10.3.8 |
| avaya | call_management_system_server | 11.0 |
| libtiff | libtiff | 3.6.1 |
| avaya | interactive_response | 1.2.1 |
| sun | sunos | 5.8 |
| avaya | integrated_management | * |
| apple | mac_os_x_server | 10.3.6 |
| sun | sunos | 5.7 |
| avaya | interactive_response | * |
| mandrakesoft | mandrake_linux_corporate_server | 3.0 |
| avaya | cvlan | * |
| sgi | propack | 3.0 |
| conectiva | linux | 9.0 |
| avaya | mn100 | * |
| avaya | intuity_audix_lx | * |
| apple | mac_os_x_server | 10.3.4 |
| avaya | modular_messaging_message_storage_server | 1.1 |
| avaya | interactive_response | 1.3 |
| apple | mac_os_x_server | 10.3.9 |
| libtiff | libtiff | 3.5.7 |
| apple | mac_os_x | 10.3.1 |
| avaya | modular_messaging_message_storage_server | 2.0 |
| f5 | icontrol_service_manager | 1.3 |
| mandrakesoft | mandrake_linux | 10.1 |
| sun | solaris | 9.0 |
| libtiff | libtiff | 3.4 |
| avaya | call_management_system_server | 12.0 |
| apple | mac_os_x | 10.3.6 |
| libtiff | libtiff | 3.5.3 |
| apple | mac_os_x | 10.3.4 |
| sun | solaris | 7.0 |
| libtiff | libtiff | 3.5.2 |
| apple | mac_os_x_server | 10.3.2 |
| apple | mac_os_x_server | 10.3 |
| apple | mac_os_x_server | 10.3.5 |
| sun | solaris | 10.0 |
| sun | solaris | 8.0 |
| apple | mac_os_x_server | 10.3.3 |
| avaya | call_management_system_server | 9.0 |
| apple | mac_os_x_server | 10.3.8 |
| f5 | icontrol_service_manager | 1.3.6 |
| apple | mac_os_x | 10.3.2 |
The xdvizilla script in tetex-bin 2.0.2 creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | tetex-bin | 2.0.2 |
| gentoo | linux | * |
Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | linux | 0.5 |
| gentoo | linux | 0.7 |
| gentoo | linux | 1.4 |
| gentoo | linux | 1.2 |
| gentoo | linux | 1.1a |
Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freebsd | freebsd | 4.2 |
| freebsd | freebsd | 2.2.4 |
| freebsd | freebsd | 2.2 |
| freebsd | freebsd | 4.4 |
| cvs | cvs | 1.11.1_p1 |
| freebsd | freebsd | 2.2.5 |
| freebsd | freebsd | 3.2 |
| freebsd | freebsd | 4.7 |
| cvs | cvs | 1.12.2 |
| freebsd | freebsd | 3.3 |
| cvs | cvs | 1.12.5 |
| freebsd | freebsd | 5.0 |
| cvs | cvs | 1.11.6 |
| freebsd | freebsd | 2.1.0 |
| freebsd | freebsd | 4.1 |
| cvs | cvs | 1.11.16 |
| gentoo | linux | 1.4 |
| freebsd | freebsd | 3.5 |
| freebsd | freebsd | 4.6 |
| freebsd | freebsd | 5.1 |
| cvs | cvs | 1.11.4 |
| freebsd | freebsd | 4.8 |
| cvs | cvs | 1.10.7 |
| freebsd | freebsd | 2.0.5 |
| freebsd | freebsd | 2.2.2 |
| freebsd | freebsd | 2.2.3 |
| cvs | cvs | 1.11.14 |
| freebsd | freebsd | 1.1.5.1 |
| openbsd | openbsd | 3.5 |
| openpkg | openpkg | 1.3 |
| freebsd | freebsd | 2.0 |
| freebsd | freebsd | 2.1.6.1 |
| freebsd | freebsd | 2.2.6 |
| freebsd | freebsd | 4.5 |
| cvs | cvs | 1.12.8 |
| freebsd | freebsd | 3.5.1 |
| freebsd | freebsd | 4.3 |
| cvs | cvs | 1.11.3 |
| freebsd | freebsd | 3.4 |
| cvs | cvs | 1.12.1 |
| openpkg | openpkg | current |
| freebsd | freebsd | 2.1.5 |
| freebsd | freebsd | 5.2 |
| sgi | propack | 3.0 |
| cvs | cvs | 1.10.8 |
| freebsd | freebsd | 4.6.2 |
| cvs | cvs | 1.11.1 |
| freebsd | freebsd | 5.2.1 |
| freebsd | freebsd | 3.1 |
| cvs | cvs | 1.11.15 |
| cvs | cvs | 1.12.7 |
| cvs | cvs | 1.11 |
| cvs | cvs | 1.11.2 |
| freebsd | freebsd | 2.1.6 |
| openbsd | openbsd | current |
| freebsd | freebsd | 2.1.7.1 |
| freebsd | freebsd | 4.9 |
| freebsd | freebsd | 4.10 |
| freebsd | freebsd | 2.2.8 |
| freebsd | freebsd | 4.0 |
| freebsd | freebsd | 4.1.1 |
| sgi | propack | 2.4 |
| cvs | cvs | 1.11.11 |
| freebsd | freebsd | 3.0 |
| cvs | cvs | 1.11.10 |
| openpkg | openpkg | 2.0 |
| cvs | cvs | 1.11.5 |
| openbsd | openbsd | 3.4 |
Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | suse_linux | 4.2 |
| suse | suse_linux | 7.1 |
| suse | suse_linux | 7.2 |
| suse | suse_linux | 8.2 |
| kde | kde | 3.2.3 |
| suse | suse_linux | 4.4.1 |
| suse | suse_linux | 4.0 |
| suse | suse_linux | 5.1 |
| suse | suse_linux | 4.3 |
| suse | suse_linux | 7.3 |
| suse | suse_linux | 7.0 |
| suse | suse_linux | 6.0 |
| suse | suse_linux | 8.1 |
| suse | suse_linux | 2.0 |
| opera | opera_browser | * |
| gentoo | linux | * |
| suse | suse_linux | 9.1 |
| suse | suse_linux | 4.4 |
| suse | suse_linux | 3.0 |
| suse | suse_linux | 5.0 |
| suse | suse_linux | 5.3 |
| suse | suse_linux | 9.0 |
| suse | suse_linux | 1.0 |
| suse | suse_linux | 6.3 |
| suse | suse_linux | 5.2 |
| suse | suse_linux | 6.4 |
| suse | suse_linux | 8.0 |
| suse | suse_linux | 6.2 |
| suse | suse_linux | 6.1 |
| suse | suse_linux | 9.2 |
SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| the_cacti_group | cacti | 0.8.3a |
| the_cacti_group | cacti | 0.6.3 |
| the_cacti_group | cacti | 0.8.1 |
| gentoo | linux | 1.4 |
| the_cacti_group | cacti | 0.8 |
| the_cacti_group | cacti | 0.8.3 |
| the_cacti_group | cacti | 0.8.5 |
| the_cacti_group | cacti | 0.6.2 |
| the_cacti_group | cacti | 0.6.8 |
| the_cacti_group | cacti | 0.6.4 |
| the_cacti_group | cacti | 0.6.5 |
| the_cacti_group | cacti | 0.6.7 |
| the_cacti_group | cacti | 0.8.5a |
| the_cacti_group | cacti | 0.6.8a |
| the_cacti_group | cacti | 0.6.6 |
| the_cacti_group | cacti | 0.8.2a |
| the_cacti_group | cacti | 0.8.4 |
| the_cacti_group | cacti | 0.6.1 |
| the_cacti_group | cacti | 0.6 |
| the_cacti_group | cacti | 0.8.2 |
Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-59,CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | portage | * |
| gentoo | portage | 2.0.50 |
| gentoo | linux | 1.4 |
The arch_get_unmapped_area function in mmap.c in the PaX patches for Linux kernel 2.6, when Address Space Layout Randomization (ASLR) is enabled, allows local users to cause a denial of service (infinite loop) via unknown attack vectors.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| the_pax_team | pax_linux | 2.6.5 |
| gentoo | linux | 1.4 |
Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or executing the affected commands.
CVSS 2.0
Severity: LOW
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | portage | * |
poppassd_pam 1.0 and earlier, when changing a user password, does not verify that the user entered the old password correctly, which allows remote attackers to change passwords for arbitrary users.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | poppassd_pam | * |
Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.2.0.7 |
| imagemagick | imagemagick | 6.1.3 |
| suse | suse_linux | 8.2 |
| imagemagick | imagemagick | 6.0.7 |
| imagemagick | imagemagick | 6.2.0.4 |
| imagemagick | imagemagick | 6.1.1.6 |
| sgi | propack | 3.0 |
| imagemagick | imagemagick | 5.4.3 |
| imagemagick | imagemagick | 6.0.2 |
| imagemagick | imagemagick | 6.1 |
| debian | debian_linux | 3.0 |
| graphicsmagick | graphicsmagick | 1.1.4 |
| gentoo | linux | 0.7 |
| imagemagick | imagemagick | 6.0.4 |
| imagemagick | imagemagick | 6.1.6 |
| suse | suse_linux | 8.1 |
| imagemagick | imagemagick | 6.1.2 |
| graphicsmagick | graphicsmagick | 1.1.3 |
| suse | suse_linux | 9.1 |
| gentoo | linux | 1.1a |
| gentoo | linux | 1.4 |
| imagemagick | imagemagick | 6.1.5 |
| graphicsmagick | graphicsmagick | 1.0.6 |
| imagemagick | imagemagick | 6.0 |
| imagemagick | imagemagick | 6.0.2.5 |
| imagemagick | imagemagick | 5.3.3 |
| suse | suse_linux | 9.0 |
| imagemagick | imagemagick | 6.0.5 |
| imagemagick | imagemagick | 6.1.7 |
| gentoo | linux | 0.5 |
| imagemagick | imagemagick | 6.0.3 |
| suse | suse_linux | 8.0 |
| imagemagick | imagemagick | 6.0.6 |
| imagemagick | imagemagick | 6.0.1 |
| imagemagick | imagemagick | 6.1.4 |
| gentoo | linux | 1.2 |
| graphicsmagick | graphicsmagick | 1.1 |
| imagemagick | imagemagick | 5.4.7 |
| graphicsmagick | graphicsmagick | 1.0 |
| suse | suse_linux | 9.2 |
| imagemagick | imagemagick | 6.0.8 |
| imagemagick | imagemagick | 6.2 |
The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 3.0 |
| redhat | enterprise_linux_desktop | 4.0 |
| ubuntu | ubuntu_linux | 4.10 |
| gentoo | linux | * |
| redhat | enterprise_linux | 4.0 |
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| easy_software_products | cups | 1.1.12 |
| easy_software_products | cups | 1.1.10 |
| suse | suse_linux | 7.1 |
| kde | kde | 3.2.3 |
| kde | kpdf | 3.2 |
| suse | suse_linux | 4.0 |
| easy_software_products | cups | 1.1.6 |
| easy_software_products | cups | 1.1.20 |
| xpdf | xpdf | 0.93 |
| suse | suse_linux | 4.3 |
| easy_software_products | cups | 1.1.1 |
| pdftohtml | pdftohtml | 0.33a |
| gnome | gpdf | 0.131 |
| suse | suse_linux | 6.0 |
| kde | kde | 3.2 |
| redhat | enterprise_linux | 3.0 |
| pdftohtml | pdftohtml | 0.32a |
| pdftohtml | pdftohtml | 0.33 |
| gnome | gpdf | 0.110 |
| suse | suse_linux | 3.0 |
| suse | suse_linux | 5.3 |
| redhat | enterprise_linux_desktop | 3.0 |
| pdftohtml | pdftohtml | 0.34 |
| easy_software_products | cups | 1.1.15 |
| suse | suse_linux | 1.0 |
| easy_software_products | cups | 1.0.4_8 |
| suse | suse_linux | 8.0 |
| suse | suse_linux | 6.1 |
| suse | suse_linux | 9.2 |
| easy_software_products | cups | 1.1.4_2 |
| mandrakesoft | mandrake_linux_corporate_server | 3.0 |
| sgi | propack | 3.0 |
| suse | suse_linux | 7.3 |
| redhat | fedora_core | core_1.0 |
| suse | suse_linux | 7.0 |
| debian | debian_linux | 3.0 |
| redhat | enterprise_linux | 2.1 |
| kde | koffice | 1.3_beta2 |
| easy_software_products | cups | 1.1.7 |
| easy_software_products | cups | 1.1.14 |
| pdftohtml | pdftohtml | 0.32b |
| kde | koffice | 1.3_beta1 |
| kde | koffice | 1.3 |
| ascii | ptex | 3.1.4 |
| xpdf | xpdf | 0.90 |
| suse | suse_linux | 6.3 |
| redhat | fedora_core | core_3.0 |
| easy_software_products | cups | 1.1.16 |
| kde | koffice | 1.3.3 |
| easy_software_products | cups | 1.1.19_rc5 |
| easy_software_products | cups | 1.1.4 |
| xpdf | xpdf | 1.1 |
| easy_software_products | cups | 1.1.17 |
| redhat | linux_advanced_workstation | 2.1 |
| kde | kde | 3.3.1 |
| suse | suse_linux | 7.2 |
| xpdf | xpdf | 0.91 |
| easy_software_products | cups | 1.1.4_5 |
| suse | suse_linux | 5.1 |
| gnome | gpdf | 0.112 |
| xpdf | xpdf | 0.92 |
| kde | koffice | 1.3.1 |
| tetex | tetex | 2.0.1 |
| gentoo | linux | * |
| sgi | advanced_linux_environment | 3.0 |
| suse | suse_linux | 4.4 |
| xpdf | xpdf | 2.1 |
| tetex | tetex | 2.0 |
| tetex | tetex | 1.0.6 |
| xpdf | xpdf | 2.3 |
| cstex | cstetex | 2.0.2 |
| suse | suse_linux | 9.0 |
| suse | suse_linux | 5.2 |
| suse | suse_linux | 6.4 |
| easy_software_products | cups | 1.0.4 |
| easy_software_products | cups | 1.1.19 |
| easy_software_products | cups | 1.1.18 |
| suse | suse_linux | 6.2 |
| kde | kde | 3.2.2 |
| pdftohtml | pdftohtml | 0.35 |
| kde | kde | 3.2.1 |
| tetex | tetex | 2.0.2 |
| suse | suse_linux | 4.2 |
| suse | suse_linux | 8.2 |
| suse | suse_linux | 4.4.1 |
| xpdf | xpdf | 2.0 |
| kde | koffice | 1.3.2 |
| ubuntu | ubuntu_linux | 4.1 |
| suse | suse_linux | 8.1 |
| suse | suse_linux | 2.0 |
| tetex | tetex | 1.0.7 |
| redhat | fedora_core | core_2.0 |
| suse | suse_linux | 9.1 |
| xpdf | xpdf | 3.0 |
| easy_software_products | cups | 1.1.4_3 |
| kde | kde | 3.3 |
| kde | koffice | 1.3_beta3 |
| suse | suse_linux | 5.0 |
| xpdf | xpdf | 1.0 |
| pdftohtml | pdftohtml | 0.36 |
| xpdf | xpdf | 1.0a |
| easy_software_products | cups | 1.1.13 |
| redhat | linux | 9.0 |
The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the encrypted root password in the miniserv.users file when building a tbz2 of the webmin package, which allows remote attackers to obtain and possibly crack the encrypted password.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | webmin | 1.160 |
| gentoo | webmin | 1.140 |
| gentoo | webmin | 1.170 |
| gentoo | webmin | 1.150 |
Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| wpa_supplicant | wpa_supplicant | 0.2 |
| wpa_supplicant | wpa_supplicant | 0.2.1 |
| wpa_supplicant | wpa_supplicant | 0.2.4 |
| wpa_supplicant | wpa_supplicant | 0.2.5 |
| wpa_supplicant | wpa_supplicant | 0.2.6 |
| wpa_supplicant | wpa_supplicant | 0.2.3 |
| gentoo | linux | * |
| suse | suse_linux | 9.2 |
| wpa_supplicant | wpa_supplicant | 0.2.2 |
Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mediawiki | mediawiki | 1.3 |
| mediawiki | mediawiki | 1.3.7 |
| mediawiki | mediawiki | 1.3.2 |
| mediawiki | mediawiki | 1.3.4 |
| mediawiki | mediawiki | 1.3.1 |
| mediawiki | mediawiki | 1.3.10 |
| mediawiki | mediawiki | 1.3.3 |
| mediawiki | mediawiki | 1.3.5 |
| mediawiki | mediawiki | 1.3.6 |
| gentoo | linux | * |
| mediawiki | mediawiki | 1.3.8 |
| mediawiki | mediawiki | 1.3.9 |
Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sylpheed | sylpheed | 0.9.9 |
| sylpheed | sylpheed | 1.0.1 |
| redhat | linux_advanced_workstation | 2.1 |
| sylpheed | sylpheed | 0.9.6 |
| sylpheed | sylpheed | 1.0.0 |
| sylpheed | sylpheed | 1.0.2 |
| sylpheed | sylpheed | 0.9.8 |
| sylpheed | sylpheed | 0.9.10 |
| sylpheed | sylpheed | 0.9.11 |
| redhat | fedora_core | core_3.0 |
| altlinux | alt_linux | 2.3 |
| sylpheed | sylpheed | 0.9.5 |
| sylpheed | sylpheed | 0.9.4 |
| sylpheed | sylpheed | 0.9.7 |
| redhat | enterprise_linux | 2.1 |
| sylpheed-claws | sylpheed-claws | 1.0.2 |
| sylpheed | sylpheed | 0.8.11 |
| sylpheed | sylpheed | 0.9.12 |
| sylpheed | sylpheed | 0.9.99 |
| gentoo | linux | * |
Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 3.3 |
| kde | kde | 3.3.1 |
| kde | kde | 3.2.3 |
| conectiva | linux | 10.0 |
| conectiva | linux | 9.0 |
| redhat | fedora_core | core_3.0 |
| kde | kde | 3.3.2 |
| ubuntu | ubuntu_linux | 4.1 |
| kde | kde | 3.2.2 |
| kde | kde | 3.2 |
| kde | quanta | 3.1 |
| kde | kde | 3.2.1 |
| gentoo | linux | * |
| kde | kde | 3.4 |
| ubuntu | ubuntu_linux | 5.04 |
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freebsd | freebsd | 4.2 |
| redhat | linux_advanced_workstation | 2.1 |
| turbolinux | turbolinux_server | 8.0 |
| turbolinux | turbolinux_home | * |
| freebsd | freebsd | 4.4 |
| freebsd | freebsd | 5.3 |
| turbolinux | turbolinux_workstation | 7.0 |
| gnu | gzip | 1.2.4a |
| freebsd | freebsd | 5.2 |
| freebsd | freebsd | 4.7 |
| freebsd | freebsd | 4.6.2 |
| redhat | enterprise_linux | 2.1 |
| freebsd | freebsd | 5.4 |
| gnu | gzip | 1.2.4 |
| ubuntu | ubuntu_linux | 4.1 |
| freebsd | freebsd | 5.0 |
| freebsd | freebsd | 5.2.1 |
| turbolinux | turbolinux_desktop | 10.0 |
| trustix | secure_linux | 2.1 |
| redhat | enterprise_linux | 3.0 |
| gentoo | linux | * |
| turbolinux | turbolinux_server | 7.0 |
| freebsd | freebsd | 4.1 |
| gnu | gzip | 1.3.3 |
| redhat | enterprise_linux_desktop | 4.0 |
| freebsd | freebsd | 4.6 |
| freebsd | freebsd | 5.1 |
| redhat | enterprise_linux_desktop | 3.0 |
| freebsd | freebsd | 4.8 |
| freebsd | freebsd | 4.9 |
| freebsd | freebsd | 4.10 |
| trustix | secure_linux | 2.0 |
| freebsd | freebsd | 4.11 |
| redhat | enterprise_linux | 4.0 |
| freebsd | freebsd | 4.0 |
| trustix | secure_linux | 2.2 |
| freebsd | freebsd | 4.1.1 |
| turbolinux | turbolinux_appliance_server | 1.0_hosting |
| turbolinux | turbolinux_server | 10.0 |
| freebsd | freebsd | 4.5 |
| freebsd | freebsd | 4.3 |
| turbolinux | turbolinux_workstation | 8.0 |
| ubuntu | ubuntu_linux | 5.04 |
| turbolinux | turbolinux_appliance_server | 1.0_workgroup |
Format string vulnerability in the my_xlog function in lib.c for Oops! Proxy Server 1.5.23 and earlier, as called by the auth functions in the passwd_mysql and passwd_pgsql modules, may allow attackers to execute arbitrary code via a URL.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| igor_khasilev | oops_proxy_server | 1.4.22 |
| gentoo | linux | * |
| igor_khasilev | oops_proxy_server | 1.5.19 |
| igor_khasilev | oops_proxy_server | 1.5.53 |
The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lbl | tcpdump | 3.8.2 |
| lbl | tcpdump | 3.4 |
| lbl | tcpdump | 3.7.2 |
| lbl | tcpdump | 3.7.1 |
| mandrakesoft | mandrake_linux | 10.2 |
| lbl | tcpdump | 3.8.1 |
| trustix | secure_linux | 2.0 |
| lbl | tcpdump | 3.8.3 |
| redhat | fedora_core | core_3.0 |
| lbl | tcpdump | 3.5_alpha |
| trustix | secure_linux | 2.2 |
| lbl | tcpdump | 3.9.1 |
| lbl | tcpdump | 3.6.3 |
| lbl | tcpdump | 3.9 |
| lbl | tcpdump | 3.7 |
| lbl | tcpdump | 3.5 |
| lbl | tcpdump | 3.5.2 |
| trustix | secure_linux | 2.1 |
| redhat | fedora_core | core_4.0 |
| lbl | tcpdump | 3.4a6 |
| gentoo | linux | * |
| lbl | tcpdump | 3.6.2 |
| mandrakesoft | mandrake_linux | 10.1 |
The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter before 1.2.3-r1 create temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | rootkit_hunter | 1.2 |
| gentoo | rootkit_hunter | 1.2.2 |
| gentoo | rootkit_hunter | 1.2.3 |
| gentoo | rootkit_hunter | 1.2.1 |
The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 allows local users to overwrite arbitrary files via a symlink attack on the postinst.txt temporary file.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | linux_webapp-config | 1.10 |
Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mantis | mantis | 0.19.1 |
| mantis | mantis | 0.19.0a2 |
| mantis | mantis | 1.0.0a3 |
| debian | debian_linux | 3.1 |
| mantis | mantis | 1.0.0a1 |
| mantis | mantis | 0.19.0_rc1 |
| mantis | mantis | 1.0.0a2 |
| gentoo | linux | * |
| mantis | mantis | 0.19.2 |
| mantis | mantis | 0.19.0a1 |
| mantis | mantis | 0.19.0 |
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | linux_advanced_workstation | 2.1 |
| mandrakesoft | mandrake_linux | 2006 |
| ubuntu | ubuntu_linux | 5.10 |
| easy_software_products | cups | 1.1.23 |
| kde | kpdf | 3.2 |
| suse | suse_linux | 9.3 |
| turbolinux | turbolinux_personal | * |
| easy_software_products | cups | 1.1.22_rc1 |
| kde | koffice | 1.4 |
| turbolinux | turbolinux_multimedia | * |
| kde | kdegraphics | 3.4.3 |
| tetex | tetex | 2.0.1 |
| kde | kdegraphics | 3.2 |
| redhat | enterprise_linux | 3.0 |
| slackware | slackware_linux | 9.1 |
| tetex | tetex | 3.0 |
| gentoo | linux | * |
| turbolinux | turbolinux_appliance_server | 1.0_hosting_edition |
| tetex | tetex | 2.0 |
| libextractor | libextractor | * |
| mandrakesoft | mandrake_linux | 10.2 |
| debian | debian_linux | 3.1 |
| redhat | enterprise_linux_desktop | 3.0 |
| slackware | slackware_linux | 9.0 |
| conectiva | linux | 10.0 |
| suse | suse_linux | 9.0 |
| kde | kpdf | 3.4.3 |
| suse | suse_linux | 1.0 |
| trustix | secure_linux | 2.0 |
| redhat | enterprise_linux | 4.0 |
| trustix | secure_linux | 2.2 |
| turbolinux | turbolinux_workstation | 8.0 |
| redhat | fedora_core | core_4.0 |
| redhat | linux | 7.3 |
| easy_software_products | cups | 1.1.22 |
| suse | suse_linux | 9.2 |
| tetex | tetex | 2.0.2 |
| easy_software_products | cups | 1.1.23_rc1 |
| turbolinux | turbolinux_server | 8.0 |
| turbolinux | turbolinux_home | * |
| kde | kword | 1.4.2 |
| mandrakesoft | mandrake_linux_corporate_server | 3.0 |
| sgi | propack | 3.0 |
| redhat | fedora_core | core_1.0 |
| sco | openserver | 5.0.7 |
| slackware | slackware_linux | 10.0 |
| slackware | slackware_linux | 10.1 |
| debian | debian_linux | 3.0 |
| redhat | enterprise_linux | 2.1 |
| turbolinux | turbolinux_appliance_server | 1.0_workgroup_edition |
| kde | koffice | 1.4.1 |
| ubuntu | ubuntu_linux | 4.1 |
| sco | openserver | 6.0 |
| turbolinux | turbolinux_desktop | 10.0 |
| turbolinux | turbolinux | fuji |
| tetex | tetex | 1.0.7 |
| redhat | fedora_core | core_2.0 |
| kde | koffice | 1.4.2 |
| turbolinux | turbolinux | 10 |
| suse | suse_linux | 9.1 |
| mandrakesoft | mandrake_linux | 10.1 |
| xpdf | xpdf | 3.0 |
| trustix | secure_linux | 3.0 |
| redhat | enterprise_linux_desktop | 4.0 |
| poppler | poppler | 0.4.2 |
| slackware | slackware_linux | 10.2 |
| redhat | fedora_core | core_3.0 |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
| redhat | linux | 9.0 |
| turbolinux | turbolinux_server | 10.0 |
| turbolinux | turbolinux_server | 10.0_x86 |
| suse | suse_linux | 10.0 |
| ubuntu | ubuntu_linux | 5.04 |
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | linux_advanced_workstation | 2.1 |
| mandrakesoft | mandrake_linux | 2006 |
| ubuntu | ubuntu_linux | 5.10 |
| easy_software_products | cups | 1.1.23 |
| kde | kpdf | 3.2 |
| suse | suse_linux | 9.3 |
| turbolinux | turbolinux_personal | * |
| easy_software_products | cups | 1.1.22_rc1 |
| kde | koffice | 1.4 |
| turbolinux | turbolinux_multimedia | * |
| kde | kdegraphics | 3.4.3 |
| tetex | tetex | 2.0.1 |
| kde | kdegraphics | 3.2 |
| redhat | enterprise_linux | 3.0 |
| slackware | slackware_linux | 9.1 |
| tetex | tetex | 3.0 |
| gentoo | linux | * |
| turbolinux | turbolinux_appliance_server | 1.0_hosting_edition |
| tetex | tetex | 2.0 |
| libextractor | libextractor | * |
| mandrakesoft | mandrake_linux | 10.2 |
| debian | debian_linux | 3.1 |
| redhat | enterprise_linux_desktop | 3.0 |
| slackware | slackware_linux | 9.0 |
| conectiva | linux | 10.0 |
| suse | suse_linux | 9.0 |
| kde | kpdf | 3.4.3 |
| suse | suse_linux | 1.0 |
| trustix | secure_linux | 2.0 |
| redhat | enterprise_linux | 4.0 |
| trustix | secure_linux | 2.2 |
| turbolinux | turbolinux_workstation | 8.0 |
| redhat | fedora_core | core_4.0 |
| redhat | linux | 7.3 |
| easy_software_products | cups | 1.1.22 |
| suse | suse_linux | 9.2 |
| tetex | tetex | 2.0.2 |
| easy_software_products | cups | 1.1.23_rc1 |
| turbolinux | turbolinux_server | 8.0 |
| turbolinux | turbolinux_home | * |
| kde | kword | 1.4.2 |
| mandrakesoft | mandrake_linux_corporate_server | 3.0 |
| sgi | propack | 3.0 |
| redhat | fedora_core | core_1.0 |
| sco | openserver | 5.0.7 |
| slackware | slackware_linux | 10.0 |
| slackware | slackware_linux | 10.1 |
| debian | debian_linux | 3.0 |
| redhat | enterprise_linux | 2.1 |
| turbolinux | turbolinux_appliance_server | 1.0_workgroup_edition |
| kde | koffice | 1.4.1 |
| ubuntu | ubuntu_linux | 4.1 |
| sco | openserver | 6.0 |
| turbolinux | turbolinux_desktop | 10.0 |
| turbolinux | turbolinux | fuji |
| tetex | tetex | 1.0.7 |
| redhat | fedora_core | core_2.0 |
| kde | koffice | 1.4.2 |
| turbolinux | turbolinux | 10 |
| suse | suse_linux | 9.1 |
| mandrakesoft | mandrake_linux | 10.1 |
| xpdf | xpdf | 3.0 |
| trustix | secure_linux | 3.0 |
| redhat | enterprise_linux_desktop | 4.0 |
| poppler | poppler | 0.4.2 |
| slackware | slackware_linux | 10.2 |
| redhat | fedora_core | core_3.0 |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
| redhat | linux | 9.0 |
| turbolinux | turbolinux_server | 10.0 |
| turbolinux | turbolinux_server | 10.0_x86 |
| suse | suse_linux | 10.0 |
| ubuntu | ubuntu_linux | 5.04 |
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | linux_advanced_workstation | 2.1 |
| mandrakesoft | mandrake_linux | 2006 |
| ubuntu | ubuntu_linux | 5.10 |
| easy_software_products | cups | 1.1.23 |
| kde | kpdf | 3.2 |
| suse | suse_linux | 9.3 |
| turbolinux | turbolinux_personal | * |
| easy_software_products | cups | 1.1.22_rc1 |
| kde | koffice | 1.4 |
| turbolinux | turbolinux_multimedia | * |
| kde | kdegraphics | 3.4.3 |
| tetex | tetex | 2.0.1 |
| kde | kdegraphics | 3.2 |
| redhat | enterprise_linux | 3.0 |
| slackware | slackware_linux | 9.1 |
| tetex | tetex | 3.0 |
| gentoo | linux | * |
| turbolinux | turbolinux_appliance_server | 1.0_hosting_edition |
| tetex | tetex | 2.0 |
| libextractor | libextractor | * |
| mandrakesoft | mandrake_linux | 10.2 |
| debian | debian_linux | 3.1 |
| redhat | enterprise_linux_desktop | 3.0 |
| slackware | slackware_linux | 9.0 |
| conectiva | linux | 10.0 |
| suse | suse_linux | 9.0 |
| kde | kpdf | 3.4.3 |
| suse | suse_linux | 1.0 |
| trustix | secure_linux | 2.0 |
| redhat | enterprise_linux | 4.0 |
| trustix | secure_linux | 2.2 |
| turbolinux | turbolinux_workstation | 8.0 |
| redhat | fedora_core | core_4.0 |
| redhat | linux | 7.3 |
| easy_software_products | cups | 1.1.22 |
| suse | suse_linux | 9.2 |
| tetex | tetex | 2.0.2 |
| easy_software_products | cups | 1.1.23_rc1 |
| turbolinux | turbolinux_server | 8.0 |
| turbolinux | turbolinux_home | * |
| kde | kword | 1.4.2 |
| mandrakesoft | mandrake_linux_corporate_server | 3.0 |
| sgi | propack | 3.0 |
| redhat | fedora_core | core_1.0 |
| sco | openserver | 5.0.7 |
| slackware | slackware_linux | 10.0 |
| slackware | slackware_linux | 10.1 |
| debian | debian_linux | 3.0 |
| redhat | enterprise_linux | 2.1 |
| turbolinux | turbolinux_appliance_server | 1.0_workgroup_edition |
| kde | koffice | 1.4.1 |
| ubuntu | ubuntu_linux | 4.1 |
| sco | openserver | 6.0 |
| turbolinux | turbolinux_desktop | 10.0 |
| turbolinux | turbolinux | fuji |
| tetex | tetex | 1.0.7 |
| redhat | fedora_core | core_2.0 |
| kde | koffice | 1.4.2 |
| turbolinux | turbolinux | 10 |
| suse | suse_linux | 9.1 |
| mandrakesoft | mandrake_linux | 10.1 |
| xpdf | xpdf | 3.0 |
| trustix | secure_linux | 3.0 |
| redhat | enterprise_linux_desktop | 4.0 |
| poppler | poppler | 0.4.2 |
| slackware | slackware_linux | 10.2 |
| redhat | fedora_core | core_3.0 |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
| redhat | linux | 9.0 |
| turbolinux | turbolinux_server | 10.0 |
| turbolinux | turbolinux_server | 10.0_x86 |
| suse | suse_linux | 10.0 |
| ubuntu | ubuntu_linux | 5.04 |
Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX (eix) before 0.5.0_pre2 allows local users to overwrite arbitrary files via a symlink attack on the exi.X.sync temporary file, which is processed by the diff-eix program.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | linux_eix | * |
Untrusted search path vulnerability in Qt-UnixODBC before 3.3.4-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | qt-unixodbc | * |
Untrusted search path vulnerability (RPATH) in XnView 1.70 and NView 4.51 on Gentoo Linux allows local users to execute arbitrary code via a malicious library in the current working directory.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | nview | 4.51 |
| gentoo | xnview | 1.70 |
The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | linux | * |
| gentoo | app-crypt_pinentry | 0.7.2 |
The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a and earlier, and Slash'EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files to execute arbitrary code via buffer overflows and overwrite arbitrary files via symlink attacks.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | linux | 0.5 |
| gentoo | linux | 0.7 |
| gentoo | linux | 1.4 |
| gentoo | linux | 1.2 |
| gentoo | linux | 1.1a |
The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted JPEG file that exceeds the intended memory limits.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | media-libs_jpeg | 6b |
| gentoo | linux | * |
Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitable for code execution
CVSS 2.0
Severity: HIGH
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | glibc | * |
Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2) xdg-email.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | xdg-utils | * |
expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | linux | * |
| rpath | rpath_linux | * |
The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file.
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | fence | 2.02.00 |
| gentoo | cman | 2.02.00 |
fence_manual, as used in fence 2.02.00-r1 and possibly cman, allows local users to modify arbitrary files via a symlink attack on the fence_manual.fifo temporary file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-59,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | fence | 2.02.00 |
| gentoo | cman | 2.02.00 |
Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.
CVSS 2.0
Severity: LOW
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | logrotate | 3.3 |
| gentoo | logrotate | 3.6.5 |
| gentoo | logrotate | 3.7.7 |
| gentoo | logrotate | 3.7 |
| gentoo | logrotate | 3.7.2 |
| gentoo | logrotate | 3.7.6 |
| gentoo | logrotate | 3.5.9 |
| gentoo | logrotate | 3.7.1 |
| gentoo | logrotate | 3.7.8 |
| gentoo | logrotate | * |
The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | logrotate | 3.3 |
| gentoo | logrotate | 3.6.5 |
| gentoo | logrotate | 3.7.7 |
| gentoo | logrotate | 3.7 |
| gentoo | logrotate | 3.7.2 |
| gentoo | logrotate | 3.7.6 |
| gentoo | logrotate | 3.5.9 |
| gentoo | logrotate | 3.7.1 |
| gentoo | logrotate | 3.7.8 |
| gentoo | logrotate | * |
The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
CVSS 2.0
Severity: LOW
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | logrotate | 3.3 |
| gentoo | logrotate | 3.6.5 |
| gentoo | logrotate | 3.7.7 |
| gentoo | logrotate | 3.7 |
| gentoo | logrotate | 3.7.2 |
| gentoo | logrotate | 3.7.6 |
| gentoo | logrotate | 3.5.9 |
| gentoo | logrotate | 3.7.1 |
| gentoo | logrotate | 3.7.8 |
| gentoo | logrotate | * |
The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by /var/log/postgresql/.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | logrotate | * |
The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | logrotate | * |
The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | logrotate | * |
thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.
CVSS 2.0
Severity: LOW
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 12.3 |
| open_source_development_team | sthttpd | * |
| open_source_development_team | sthttpd | 2.26.3 |
| opensuse | opensuse | 13.1 |
| opensuse | opensuse | 12.2 |
| fedoraproject | fedora | 17 |
| open_source_development_team | sthttpd | 2.26 |
| open_source_development_team | sthttpd | 2.26.1 |
| open_source_development_team | sthttpd | 2.26.2 |
| acme | thttpd | 2.25 |
| fedoraproject | fedora | 18 |
| gentoo | linux | * |
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mediawiki | mediawiki | 1.13.3 |
| mediawiki | mediawiki | 1.20.1 |
| mediawiki | mediawiki | 1.11.0 |
| mediawiki | mediawiki | 1.11.2 |
| mediawiki | mediawiki | 1.12.1 |
| mediawiki | mediawiki | 1.1.0 |
| mediawiki | mediawiki | 1.19 |
| mediawiki | mediawiki | 1.15.4 |
| gentoo | linux | * |
| mediawiki | mediawiki | 1.18.1 |
| mediawiki | mediawiki | 1.15.1 |
| mediawiki | mediawiki | 1.16.1 |
| mediawiki | mediawiki | 1.19.3 |
| mediawiki | mediawiki | 1.19.4 |
| mediawiki | mediawiki | 1.17.2 |
| mediawiki | mediawiki | 1.15.3 |
| mediawiki | mediawiki | 1.10.1 |
| mediawiki | mediawiki | 1.18 |
| mediawiki | mediawiki | 1.10.4 |
| mediawiki | mediawiki | 1.19.2 |
| mediawiki | mediawiki | 1.20.2 |
| mediawiki | mediawiki | 1.12.2 |
| mediawiki | mediawiki | 1.16.2 |
| mediawiki | mediawiki | 1.10.2 |
| mediawiki | mediawiki | 1.10.0 |
| mediawiki | mediawiki | 1.15.2 |
| mediawiki | mediawiki | 1.14.0 |
| mediawiki | mediawiki | * |
| mediawiki | mediawiki | 1.18.3 |
| mediawiki | mediawiki | 1.17.3 |
| mediawiki | mediawiki | 1.15.0 |
| mediawiki | mediawiki | 1.19.1 |
| mediawiki | mediawiki | 1.18.0 |
| mediawiki | mediawiki | 1.20.4 |
| mediawiki | mediawiki | 1.13.0 |
| mediawiki | mediawiki | 1.18.2 |
| mediawiki | mediawiki | 1.17.1 |
| mediawiki | mediawiki | 1.16.0 |
| mediawiki | mediawiki | 1.20.3 |
| mediawiki | mediawiki | 1.10.3 |
| mediawiki | mediawiki | 1.17.0 |
| mediawiki | mediawiki | 1.19.0 |
| mediawiki | mediawiki | 1.17.4 |
| mediawiki | mediawiki | 1.11 |
| mediawiki | mediawiki | 1.13.4 |
| mediawiki | mediawiki | 1.17 |
| mediawiki | mediawiki | 1.15.5 |
| mediawiki | mediawiki | 1.13.2 |
| mediawiki | mediawiki | 1.12.3 |
| mediawiki | mediawiki | 1.11.1 |
| mediawiki | mediawiki | 1.14.1 |
| mediawiki | mediawiki | 1.12.0 |
| mediawiki | mediawiki | 1.12.4 |
| mediawiki | mediawiki | 1.13.1 |
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mediawiki | mediawiki | 1.13.3 |
| mediawiki | mediawiki | 1.20.1 |
| mediawiki | mediawiki | 1.11.0 |
| mediawiki | mediawiki | 1.11.2 |
| mediawiki | mediawiki | 1.12.1 |
| fedoraproject | fedora | 18 |
| mediawiki | mediawiki | 1.1.0 |
| mediawiki | mediawiki | 1.19 |
| mediawiki | mediawiki | 1.15.4 |
| gentoo | linux | * |
| mediawiki | mediawiki | 1.18.1 |
| mediawiki | mediawiki | 1.15.1 |
| mediawiki | mediawiki | 1.16.1 |
| mediawiki | mediawiki | 1.19.3 |
| mediawiki | mediawiki | 1.19.4 |
| mediawiki | mediawiki | 1.17.2 |
| mediawiki | mediawiki | 1.15.3 |
| mediawiki | mediawiki | 1.10.1 |
| mediawiki | mediawiki | 1.18 |
| mediawiki | mediawiki | 1.10.4 |
| mediawiki | mediawiki | 1.19.2 |
| mediawiki | mediawiki | 1.20.2 |
| mediawiki | mediawiki | 1.12.2 |
| mediawiki | mediawiki | 1.16.2 |
| mediawiki | mediawiki | 1.10.2 |
| mediawiki | mediawiki | 1.10.0 |
| mediawiki | mediawiki | 1.15.2 |
| mediawiki | mediawiki | 1.14.0 |
| mediawiki | mediawiki | * |
| mediawiki | mediawiki | 1.18.3 |
| mediawiki | mediawiki | 1.17.3 |
| mediawiki | mediawiki | 1.15.0 |
| mediawiki | mediawiki | 1.19.1 |
| mediawiki | mediawiki | 1.18.0 |
| mediawiki | mediawiki | 1.20.4 |
| mediawiki | mediawiki | 1.13.0 |
| mediawiki | mediawiki | 1.18.2 |
| mediawiki | mediawiki | 1.17.1 |
| mediawiki | mediawiki | 1.16.0 |
| mediawiki | mediawiki | 1.20.3 |
| mediawiki | mediawiki | 1.10.3 |
| mediawiki | mediawiki | 1.17.0 |
| mediawiki | mediawiki | 1.19.0 |
| mediawiki | mediawiki | 1.17.4 |
| mediawiki | mediawiki | 1.11 |
| mediawiki | mediawiki | 1.13.4 |
| mediawiki | mediawiki | 1.17 |
| mediawiki | mediawiki | 1.15.5 |
| fedoraproject | fedora | 17 |
| mediawiki | mediawiki | 1.13.2 |
| fedoraproject | fedora | 19 |
| mediawiki | mediawiki | 1.12.3 |
| mediawiki | mediawiki | 1.11.1 |
| mediawiki | mediawiki | 1.14.1 |
| mediawiki | mediawiki | 1.12.0 |
| mediawiki | mediawiki | 1.12.4 |
| mediawiki | mediawiki | 1.13.1 |
The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a crafted certificate.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | portage | 2.1.12 |
The Gentoo Nullmailer package before 1.11-r2 uses world-readable permissions for /etc/nullmailer/remotes, which allows local users to obtain SMTP authentication credentials by reading the file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | nullmailer | 1.11 |
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| transmissionbt | transmission | 2.33 |
| transmissionbt | transmission | 1.72 |
| transmissionbt | transmission | 1.92 |
| transmissionbt | transmission | 1.42 |
| transmissionbt | transmission | 1.30 |
| transmissionbt | transmission | 0.95 |
| transmissionbt | transmission | 1.90 |
| transmissionbt | transmission | * |
| transmissionbt | transmission | 1.54 |
| transmissionbt | transmission | 1.53 |
| transmissionbt | transmission | 2.10 |
| fedoraproject | fedora | 20 |
| transmissionbt | transmission | 2.12 |
| transmissionbt | transmission | 2.32 |
| transmissionbt | transmission | 1.51 |
| transmissionbt | transmission | 2.11 |
| transmissionbt | transmission | 1.10 |
| transmissionbt | transmission | 1.93 |
| transmissionbt | transmission | 2.21 |
| transmissionbt | transmission | 1.75 |
| transmissionbt | transmission | 2.76 |
| transmissionbt | transmission | 1.00 |
| transmissionbt | transmission | 0.94 |
| transmissionbt | transmission | 1.80 |
| transmissionbt | transmission | 2.82 |
| transmissionbt | transmission | 0.4 |
| transmissionbt | transmission | 1.11 |
| transmissionbt | transmission | 2.80 |
| transmissionbt | transmission | 1.2 |
| transmissionbt | transmission | 2.61 |
| transmissionbt | transmission | 2.50 |
| transmissionbt | transmission | 1.34 |
| transmissionbt | transmission | 2.75 |
| transmissionbt | transmission | 1.20 |
| transmissionbt | transmission | 0.1 |
| transmissionbt | transmission | 1.52 |
| transmissionbt | transmission | 1.82 |
| transmissionbt | transmission | 2.42 |
| transmissionbt | transmission | 0.6.1 |
| transmissionbt | transmission | 2.70 |
| transmissionbt | transmission | 0.96 |
| transmissionbt | transmission | 1.61 |
| transmissionbt | transmission | 1.81 |
| transmissionbt | transmission | 0.80 |
| transmissionbt | transmission | 1.50 |
| transmissionbt | transmission | 2.60 |
| transmissionbt | transmission | 2.31 |
| transmissionbt | transmission | 2.72 |
| transmissionbt | transmission | 1.83 |
| transmissionbt | transmission | 1.03 |
| transmissionbt | transmission | 2.00 |
| transmissionbt | transmission | 2.13 |
| transmissionbt | transmission | 2.03 |
| transmissionbt | transmission | 0.81 |
| transmissionbt | transmission | 0.3 |
| transmissionbt | transmission | 0.90 |
| transmissionbt | transmission | 2.71 |
| transmissionbt | transmission | 1.01 |
| transmissionbt | transmission | 2.04 |
| gentoo | linux | * |
| transmissionbt | transmission | 0.93 |
| transmissionbt | transmission | 1.70 |
| transmissionbt | transmission | 2.52 |
| transmissionbt | transmission | 1.40 |
| transmissionbt | transmission | 1.05 |
| transmissionbt | transmission | 2.81 |
| transmissionbt | transmission | 2.51 |
| transmissionbt | transmission | 2.01 |
| transmissionbt | transmission | 2.22 |
| transmissionbt | transmission | 2.77 |
| transmissionbt | transmission | 0.92 |
| transmissionbt | transmission | 1.91 |
| transmissionbt | transmission | 1.02 |
| transmissionbt | transmission | 1.04 |
| transmissionbt | transmission | 0.71 |
| transmissionbt | transmission | 1.74 |
| transmissionbt | transmission | 2.41 |
| transmissionbt | transmission | 2.73 |
| transmissionbt | transmission | 1.22 |
| transmissionbt | transmission | 2.30 |
| transmissionbt | transmission | 1.71 |
| canonical | ubuntu_linux | 14.04 |
| transmissionbt | transmission | 1.06 |
| transmissionbt | transmission | 1.73 |
| transmissionbt | transmission | 1.33 |
| transmissionbt | transmission | 0.82 |
| transmissionbt | transmission | 0.91 |
| transmissionbt | transmission | 1.21 |
| transmissionbt | transmission | 1.31 |
| canonical | ubuntu_linux | 13.10 |
| transmissionbt | transmission | 2.20 |
| transmissionbt | transmission | 0.72 |
| transmissionbt | transmission | 1.60 |
| transmissionbt | transmission | 0.6 |
| transmissionbt | transmission | 1.77 |
| transmissionbt | transmission | 2.74 |
| canonical | ubuntu_linux | 12.04 |
| transmissionbt | transmission | 1.32 |
| transmissionbt | transmission | 1.76 |
| transmissionbt | transmission | 0.70 |
| transmissionbt | transmission | 0.2 |
| transmissionbt | transmission | 2.02 |
| transmissionbt | transmission | 2.40 |
| transmissionbt | transmission | 0.5 |
| transmissionbt | transmission | 1.41 |
Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-77,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | xdg-utils | 1.1.0 |
In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | portage | * |
flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | dev-python-flower | * |
The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users to gain privileges by creating a hard link under /var/lib/gimps, because an unsafe "chown -R" command is executed.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | sci-mathematics-gimps | 28.10 |
Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | portage | * |
pkg_postinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root's ownership on files in the live root filesystem. This could be exploited by the slurm user to become the owner of root-owned files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | ebuild_for_slurm | * |
Gentoo soko is the code that powers packages.gentoo.org. Versions prior to 1.0.1 are vulnerable to SQL Injection, leading to a Denial of Service. If the user selects (in user preferences) the "Recently Visited Packages" view for the index page, the value of the `search_history` cookie is used as a base64 encoded comma separated list of atoms. These are string loaded directly into the SQL query with `atom = '%s'` format string. As a result, any user can modify the browser's cookie value and inject most SQL queries. A proof of concept malformed cookie was generated that wiped the database or changed it's content. On the database, only public data is stored, so there is no confidentiality issues to site users. If it is known that the database was modified, a full restoration of data is possible by performing a full database wipe and performing full update of all components. This issue is patched with commit id 5ae9ca83b73. Version 1.0.1 contains the patch. If users are unable to upgrade immediately, the following workarounds may be applied: (1.) Use a proxy to always drop the `search_history` cookie until upgraded. The impact on user experience is low. (2.) Sanitize to the value of `search_history` cookie after base64 decoding it.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H | 3.9 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | soko | * |
Soko if the code that powers packages.gentoo.org. Prior to version 1.0.2, the two package search handlers, `Search` and `SearchFeed`, implemented in `pkg/app/handler/packages/search.go`, are affected by a SQL injection via the `q` parameter. As a result, unauthenticated attackers can execute arbitrary SQL queries on `https://packages.gentoo.org/`. It was also demonstrated that primitive was enough to gain code execution in the context of the PostgreSQL container. The issue was addressed in commit `4fa6e4b619c0362728955b6ec56eab0e0cbf1e23y` of version 1.0.2 using prepared statements to interpolate user-controlled data in SQL queries.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H | 3.9 | 5.2 |
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | soko | * |
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N | 2.2 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ssh | ssh | * |
| ssh2_project | ssh2 | * |
| connectbot | sshlib | * |
| apple | macos | * |
| filezilla-project | filezilla_client | * |
| crates | thrussh | * |
| debian | debian_linux | 10.0 |
| bitvise | ssh_server | * |
| panic | transmit_5 | * |
| netgate | pfsense_plus | * |
| redhat | openshift_api_for_data_protection | - |
| lancom-systems | lcos_sx | 5.20 |
| apache | sshd | * |
| redhat | openshift_developer_tools_and_services | - |
| redhat | single_sign-on | 7.0 |
| dropbear_ssh_project | dropbear_ssh | * |
| proftpd | proftpd | * |
| redhat | openshift_pipelines | - |
| redhat | openshift_data_foundation | 4.0 |
| netgate | pfsense_ce | * |
| redhat | jboss_enterprise_application_platform | 7.0 |
| netsarang | xshell_7 | * |
| panic | nova | * |
| microsoft | powershell | * |
| paramiko | paramiko | * |
| lancom-systems | lcos | * |
| apache | sshj | * |
| redhat | enterprise_linux | 8.0 |
| redhat | openstack_platform | 16.2 |
| asyncssh_project | asyncssh | * |
| libssh | libssh | * |
| redhat | storage | 3.0 |
| lancom-systems | lcos_sx | 4.20 |
| jadaptive | maverick_synergy_java_ssh_api | * |
| redhat | advanced_cluster_security | 4.0 |
| redhat | discovery | - |
| libssh2 | libssh2 | * |
| golang | crypto | * |
| tera_term_project | tera_term | * |
| redhat | enterprise_linux | 9.0 |
| tinyssh | tinyssh | * |
| net-ssh | net-ssh | 7.2.0 |
| roumenpetrov | pkixssh | * |
| redhat | openshift_gitops | - |
| winscp | winscp | * |
| openbsd | openssh | * |
| redhat | openshift_serverless | - |
| fedoraproject | fedora | 38 |
| redhat | openstack_platform | 16.1 |
| redhat | openshift_container_platform | 4.0 |
| crushftp | crushftp | * |
| oryx-embedded | cyclone_ssh | * |
| fedoraproject | fedora | 39 |
| erlang | erlang/otp | * |
| redhat | keycloak | - |
| russh_project | russh | * |
| bitvise | ssh_client | * |
| lancom-systems | lanconfig | - |
| matez | jsch | * |
| redhat | cert-manager_operator_for_red_hat_openshift | - |
| redhat | advanced_cluster_security | 3.0 |
| freebsd | freebsd | * |
| vandyke | securecrt | * |
| redhat | openstack_platform | 17.1 |
| putty | putty | * |
| kitty_project | kitty | * |
| redhat | ceph_storage | 6.0 |
| trilead | ssh2 | 6401 |
| lancom-systems | lcos_lx | - |
| gentoo | security | - |
| redhat | openshift_dev_spaces | - |
| lancom-systems | lcos_fx | - |
| sftpgo_project | sftpgo | * |
| redhat | openshift_virtualization | 4 |
| thorntech | sftp_gateway_firmware | * |
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | linux | - |
| samba | rsync | 3.2.7 |
| tritondatacenter | smartos | * |
| redhat | enterprise_linux | 10.0 |
| archlinux | arch_linux | - |
| almalinux | almalinux | 10.0 |
| nixos | nixos | * |
| novell | suse_linux | - |
| samba | rsync | 3.3.0 |
| nixos | nixos | 24.11 |
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_eus | 9.4 |
| redhat | enterprise_linux_for_power_little_endian | 9.2_ppc64le |
| redhat | enterprise_linux_eus | 9.6 |
| redhat | enterprise_linux_update_services_for_sap_solutions | 8.6 |
| redhat | enterprise_linux_for_arm_64 | 9.0_aarch64 |
| redhat | enterprise_linux_for_power_little_endian_eus | 9.6_ppc64le |
| redhat | enterprise_linux_for_arm_64_eus | 8.8_aarch64 |
| redhat | openshift_container_platform | 4.15 |
| redhat | enterprise_linux_server_aus | 9.4 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_eus | 8.8 |
| redhat | enterprise_linux_for_power_little_endian_eus | 9.4_ppc64le |
| almalinux | almalinux | 10.0 |
| redhat | enterprise_linux_for_ibm_z_systems | 8.0_s390x |
| redhat | enterprise_linux_update_services_for_sap_solutions | 9.2 |
| redhat | openshift_container_platform | 4.17 |
| redhat | enterprise_linux_server_tus | 8.8 |
| redhat | enterprise_linux_server_aus | 9.6 |
| almalinux | almalinux | 9.0 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 9.6_ppc64le |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 9.2_ppc64le |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 8.8_s390x |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 9.4_s390x |
| redhat | enterprise_linux_for_ibm_z_systems | 9.2_s390x |
| redhat | enterprise_linux_for_arm_64_eus | 9.6_aarch64 |
| redhat | enterprise_linux | 8.0 |
| redhat | openshift_container_platform | 4.16 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.4_ppc64le |
| redhat | openshift_container_platform | 4.12 |
| redhat | enterprise_linux_update_services_for_sap_solutions | 9.6 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 9.0_ppc64le |
| suse | suse_linux | - |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 9.6_s390x |
| redhat | enterprise_linux_server_tus | 8.6 |
| archlinux | arch_linux | - |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.6_ppc64le |
| nixos | nixos | * |
| redhat | enterprise_linux_server_aus | 8.4 |
| redhat | enterprise_linux_for_power_little_endian | 9.0_ppc64le |
| redhat | enterprise_linux_server_tus | 8.4 |
| redhat | enterprise_linux_for_arm_64 | 8.0_aarch64 |
| almalinux | almalinux | 8.0 |
| tritondatacenter | smartos | * |
| samba | rsync | * |
| redhat | enterprise_linux_eus | 9.2 |
| redhat | enterprise_linux_for_arm_64_eus | 9.4_aarch64 |
| redhat | enterprise_linux_update_services_for_sap_solutions | 8.4 |
| redhat | enterprise_linux_update_services_for_sap_solutions | 9.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_aus | 8.6 |
| gentoo | linux | - |
| redhat | openshift_container_platform | 4.13 |
| redhat | enterprise_linux_for_arm_64 | 9.2_aarch64 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.8_ppc64le |
| redhat | enterprise_linux_for_power_little_endian | 8.0_ppc64le |
| redhat | enterprise_linux_server_aus | 8.2 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 9.4_ppc64le |
| redhat | openshift | 5.0 |
| redhat | enterprise_linux_server_aus | 9.2 |
| redhat | enterprise_linux_for_ibm_z_systems | 9.0_s390x |
| redhat | openshift_container_platform | 4.14 |
| redhat | enterprise_linux_for_power_little_endian | 8.8_ppc64le |
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N | 1.6 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 9.0 |
| suse | suse_linux | - |
| archlinux | arch_linux | - |
| almalinux | almalinux | 10.0 |
| redhat | enterprise_linux | 7.0 |
| nixos | nixos | * |
| redhat | enterprise_linux | 6.0 |
| gentoo | linux | - |
| redhat | enterprise_linux | 8.0 |
| redhat | openshift_container_platform | 4.0 |
| almalinux | almalinux | 8.0 |
| tritondatacenter | smartos | * |
| redhat | enterprise_linux | 10.0 |
| samba | rsync | * |
| almalinux | almalinux | 9.0 |
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N | 2.8 | 3.6 |
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_eus | 9.6 |
| redhat | enterprise_linux_for_arm_64 | 9.0_aarch64 |
| redhat | enterprise_linux_update_services_for_sap_solutions | 9.6 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux_for_power_little_endian_eus | 9.6_ppc64le |
| suse | suse_linux | - |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 9.6_s390x |
| archlinux | arch_linux | - |
| almalinux | almalinux | 10.0 |
| redhat | enterprise_linux_for_ibm_z_systems | 8.0_s390x |
| nixos | nixos | * |
| redhat | enterprise_linux_for_power_little_endian | 9.0_ppc64le |
| redhat | enterprise_linux_for_arm_64 | 8.0_aarch64 |
| almalinux | almalinux | 8.0 |
| tritondatacenter | smartos | * |
| samba | rsync | * |
| redhat | enterprise_linux_server_aus | 9.6 |
| almalinux | almalinux | 9.0 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 9.6_ppc64le |
| gentoo | linux | - |
| redhat | enterprise_linux_for_power_little_endian | 8.0_ppc64le |
| redhat | enterprise_linux_for_arm_64_eus | 9.6_aarch64 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_for_ibm_z_systems | 9.0_s390x |
A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
| secalert@redhat.com | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_eus | 9.6 |
| redhat | enterprise_linux_for_arm_64 | 9.0_aarch64 |
| redhat | enterprise_linux_update_services_for_sap_solutions | 9.6 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux_for_power_little_endian_eus | 9.6_ppc64le |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 9.6_s390x |
| archlinux | arch_linux | - |
| almalinux | almalinux | 10.0 |
| redhat | enterprise_linux_for_ibm_z_systems | 8.0_s390x |
| nixos | nixos | * |
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux_for_power_little_endian | 9.0_ppc64le |
| redhat | discovery | 1.14 |
| redhat | enterprise_linux_for_arm_64 | 8.0_aarch64 |
| redhat | openshift_container_platform | 4.0 |
| almalinux | almalinux | 8.0 |
| tritondatacenter | smartos | * |
| samba | rsync | * |
| redhat | enterprise_linux_server_aus | 9.6 |
| almalinux | almalinux | 9.0 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 9.6_ppc64le |
| redhat | enterprise_linux | 7.0 |
| gentoo | linux | - |
| redhat | enterprise_linux_for_power_little_endian | 8.0_ppc64le |
| redhat | enterprise_linux_for_arm_64_eus | 9.6_aarch64 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 10.0 |
| redhat | enterprise_linux_for_ibm_z_systems | 9.0_s390x |
| novell | suse_linux | - |