MidnightBSD

Advisories for gentoo

CVE-2002-1337 HIGH

Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
hp hp-ux 11.0.4
hp hp-ux 11.11
sun sunos 5.7
windriver bsdos 4.3.1
netbsd netbsd 1.6
sun sunos -
netbsd netbsd 1.5
hp hp-ux 10.10
sendmail sendmail *
hp alphaserver_sc *
netbsd netbsd 1.5.1
hp hp-ux 11.00
netbsd netbsd 1.5.2
gentoo linux 1.4
oracle solaris 9
oracle solaris 8
netbsd netbsd 1.5.3
hp hp-ux 10.20
sun sunos 5.8
hp hp-ux 11.22
oracle solaris 7.0
oracle solaris 2.6
windriver bsdos 5.0
windriver bsdos 4.2
windriver platform_sa 1.0
CVE-2003-0681 HIGH

A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.0.4
netbsd netbsd 1.6
sendmail sendmail 8.12.6
apple mac_os_x_server 10.2.6
sendmail sendmail 2.6.2
sendmail sendmail 8.12
sendmail sendmail 8.10
gentoo linux 1.1a
netbsd netbsd 1.5.1
turbolinux turbolinux_server 7.0
turbolinux turbolinux_advanced_server 6.0
sendmail sendmail_switch 3.0.2
sendmail sendmail 8.12.7
sendmail sendmail 2.6.1
ibm aix 4.3.3
sendmail sendmail 8.12.5
sendmail sendmail_switch 2.1.1
turbolinux turbolinux_server 6.5
apple mac_os_x 10.2.2
apple mac_os_x 10.2.6
apple mac_os_x_server 10.2
sendmail sendmail 3.0.3
gentoo linux 0.7
ibm aix 5.1
apple mac_os_x_server 10.2.5
sendmail sendmail_switch 3.0.1
apple mac_os_x_server 10.2.4
sendmail sendmail_switch 3.0
sendmail sendmail 2.6
sendmail advanced_message_server 1.3
turbolinux turbolinux_workstation 6.0
sendmail sendmail 8.11.4
sendmail sendmail 8.9.3
ibm aix 5.2
netbsd netbsd 1.4.3
apple mac_os_x 10.2.4
sendmail sendmail 8.12.3
apple mac_os_x 10.2.5
netbsd netbsd 1.6.1
sendmail sendmail 8.11.2
apple mac_os_x_server 10.2.3
openbsd openbsd 3.3
sendmail sendmail 8.12.2
turbolinux turbolinux_server 6.1
gentoo linux 1.2
sendmail sendmail 8.12.8
sendmail sendmail 8.9.0
hp hp-ux 11.11
sendmail advanced_message_server 1.2
apple mac_os_x 10.2
apple mac_os_x 10.2.1
sendmail sendmail 8.11.0
sendmail sendmail 8.11.1
sendmail sendmail_switch 2.1.3
sendmail sendmail 8.11.6
sendmail sendmail 3.0
hp hp-ux 11.00
sendmail sendmail_switch 2.2.4
netbsd netbsd 1.5.2
gentoo linux 1.4
sendmail sendmail_pro 8.9.3
netbsd netbsd 1.5.3
sendmail sendmail 8.9.2
gentoo linux 0.5
apple mac_os_x_server 10.2.1
sendmail sendmail_switch 2.1
sendmail sendmail 8.12.9
sendmail sendmail 8.8.8
turbolinux turbolinux_workstation 8.0
turbolinux turbolinux_server 8.0
sendmail sendmail 8.9.1
turbolinux turbolinux_workstation 7.0
sendmail sendmail 3.0.1
netbsd netbsd 1.5
apple mac_os_x_server 10.2.2
sendmail sendmail 3.0.2
sendmail sendmail_switch 2.2
sendmail sendmail 8.12.4
sendmail sendmail_switch 2.1.2
sendmail sendmail_switch 2.2.2
apple mac_os_x 10.2.3
sendmail sendmail 8.10.2
sendmail sendmail 8.12.1
sendmail sendmail 8.12.0
sendmail sendmail_switch 2.1.4
openbsd openbsd 3.2
sendmail sendmail 8.10.1
sendmail sendmail 8.11.3
sendmail sendmail_pro 8.9.2
sendmail sendmail_switch 2.2.5
sendmail sendmail_switch 2.2.1
hp hp-ux 11.22
sendmail sendmail_switch 2.1.5
sendmail sendmail_switch 2.2.3
sendmail sendmail 8.11.5
sendmail sendmail_switch 3.0.3
CVE-2003-0694 HIGH

The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.0.4
freebsd freebsd 4.4
netbsd netbsd 1.6
sgi irix 6.5.16
sgi irix 6.5.21m
freebsd freebsd 4.7
compaq tru64 5.1b_pk2_bl22
sendmail sendmail 8.12.6
apple mac_os_x_server 10.2.6
sgi irix 6.5.21f
sendmail sendmail 2.6.2
sendmail sendmail 8.12
sendmail sendmail 8.10
compaq tru64 5.1a_pk1_bl1
gentoo linux 1.1a
netbsd netbsd 1.5.1
turbolinux turbolinux_server 7.0
turbolinux turbolinux_advanced_server 6.0
sendmail sendmail_switch 3.0.2
compaq tru64 5.1a
sgi irix 6.5.20m
freebsd freebsd 4.6
sendmail sendmail 8.12.7
sendmail sendmail 2.6.1
sgi irix 6.5.19f
sun sunos 5.8
compaq tru64 4.0f_pk8_bl22
freebsd freebsd 4.5
compaq tru64 5.1a_pk2_bl2
freebsd freebsd 4.3
ibm aix 4.3.3
compaq tru64 4.0f_pk7_bl18
compaq tru64 5.1
compaq tru64 4.0g_pk4_bl22
sendmail sendmail 8.12.5
sendmail sendmail_switch 2.1.1
sun sunos 5.7
turbolinux turbolinux_server 6.5
apple mac_os_x 10.2.2
apple mac_os_x 10.2.6
sun sunos -
sun solaris 2.6
apple mac_os_x_server 10.2
compaq tru64 4.0g
sendmail sendmail 3.0.3
gentoo linux 0.7
compaq tru64 4.0g_pk3_bl17
ibm aix 5.1
apple mac_os_x_server 10.2.5
sendmail sendmail_switch 3.0.1
sgi irix 6.5.15
apple mac_os_x_server 10.2.4
sendmail sendmail_switch 3.0
sendmail sendmail 2.6
sendmail advanced_message_server 1.3
turbolinux turbolinux_workstation 6.0
sun solaris 9.0
sendmail sendmail 8.11.4
compaq tru64 5.1_pk4_bl18
sun solaris 7.0
sendmail sendmail 8.9.3
ibm aix 5.2
freebsd freebsd 4.0
netbsd netbsd 1.4.3
apple mac_os_x 10.2.4
sendmail sendmail 8.12.3
apple mac_os_x 10.2.5
netbsd netbsd 1.6.1
sendmail sendmail 8.11.2
apple mac_os_x_server 10.2.3
sendmail sendmail 8.12.2
compaq tru64 5.1a_pk5_bl23
turbolinux turbolinux_server 6.1
gentoo linux 1.2
sendmail sendmail 8.12.8
sendmail sendmail 8.9.0
hp hp-ux 11.11
compaq tru64 5.1_pk5_bl19
sendmail advanced_message_server 1.2
sgi irix 6.5.17m
apple mac_os_x 10.2
apple mac_os_x 10.2.1
sendmail sendmail 8.11.0
sendmail sendmail 8.11.1
sendmail sendmail_switch 2.1.3
freebsd freebsd 5.0
compaq tru64 5.1a_pk3_bl3
compaq tru64 5.1a_pk4_bl21
sendmail sendmail 8.11.6
sgi irix 6.5.18m
sendmail sendmail 3.0
hp hp-ux 11.00
sendmail sendmail_switch 2.2.4
netbsd netbsd 1.5.2
gentoo linux 1.4
freebsd freebsd 5.1
sgi irix 6.5.19m
sendmail sendmail_pro 8.9.3
compaq tru64 5.1b_pk1_bl1
sgi irix 6.5.18f
freebsd freebsd 4.8
netbsd netbsd 1.5.3
sendmail sendmail 8.9.2
compaq tru64 5.1_pk6_bl20
gentoo linux 0.5
apple mac_os_x_server 10.2.1
sendmail sendmail_switch 2.1
sendmail sendmail 8.12.9
sendmail sendmail 8.8.8
turbolinux turbolinux_workstation 8.0
turbolinux turbolinux_server 8.0
sgi irix 6.5.17f
compaq tru64 4.0f_pk6_bl17
sendmail sendmail 8.9.1
turbolinux turbolinux_workstation 7.0
sendmail sendmail 3.0.1
netbsd netbsd 1.5
apple mac_os_x_server 10.2.2
sendmail sendmail 3.0.2
sendmail sendmail_switch 2.2
compaq tru64 5.1b
sendmail sendmail 8.12.4
sendmail sendmail_switch 2.1.2
sendmail sendmail_switch 2.2.2
apple mac_os_x 10.2.3
sendmail sendmail 8.10.2
sgi irix 6.5.20f
sendmail sendmail 8.12.1
sendmail sendmail 8.12.0
sendmail sendmail_switch 2.1.4
sendmail sendmail 8.10.1
sendmail sendmail 8.11.3
freebsd freebsd 4.9
sendmail sendmail_pro 8.9.2
sun solaris 8.0
sendmail sendmail_switch 2.2.5
sendmail sendmail_switch 2.2.1
hp hp-ux 11.22
compaq tru64 5.1_pk3_bl17
sendmail sendmail_switch 2.1.5
freebsd freebsd 3.0
sendmail sendmail_switch 2.2.3
sendmail sendmail 8.11.5
sendmail sendmail_switch 3.0.3
compaq tru64 4.0f
CVE-2003-1422 HIGH

Multiple unspecified vulnerabilities in the installer for SYSLINUX 2.01, when running setuid root, allow local users to gain privileges via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-16,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
gentoo syslinux 2.0.1
CVE-2004-0224 HIGH

Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
inter7 courier-imap 2.1.2
double_precision_incorporated sqwebmail 3.6_.0
gentoo linux 1.4
inter7 courier-imap 1.6
double_precision_incorporated courier_mta 0.44
double_precision_incorporated courier_mta 0.43.1
double_precision_incorporated sqwebmail 3.6.1
double_precision_incorporated courier_mta 0.44.2
inter7 courier-imap 2.1
double_precision_incorporated courier_mta 0.43
double_precision_incorporated sqwebmail 3.6.2
inter7 courier-imap 2.1.1
double_precision_incorporated courier_mta 0.43.2
inter7 courier-imap 2.2.0
double_precision_incorporated sqwebmail 3.5.2
inter7 courier-imap 2.0.0
double_precision_incorporated sqwebmail 3.5.3
inter7 courier-imap 1.7
inter7 courier-imap 2.2.1
CVE-2004-0226 HIGH

Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
midnight_commander midnight_commander 4.5.49
midnight_commander midnight_commander 4.5.45
midnight_commander midnight_commander 4.5.47
gentoo linux 0.7
midnight_commander midnight_commander 4.5.43
midnight_commander midnight_commander 4.5.52
slackware slackware_linux 9.1
slackware slackware_linux *
midnight_commander midnight_commander 4.5.40
midnight_commander midnight_commander 4.5.46
gentoo linux 1.1a
midnight_commander midnight_commander 4.6
midnight_commander midnight_commander 4.5.48
midnight_commander midnight_commander 4.5.50
midnight_commander midnight_commander 4.5.51
gentoo linux 1.4
slackware slackware_linux 9.0
midnight_commander midnight_commander 4.5.44
gentoo linux 0.5
midnight_commander midnight_commander 4.5.42
sgi propack 2.4
midnight_commander midnight_commander 4.5.41
midnight_commander midnight_commander 4.5.55
gentoo linux 1.2
sgi propack 2.3
CVE-2004-0229 MEDIUM

The framebuffer driver in Linux kernel 2.6.x does not properly use the fb_copy_cmap function, with unknown impact.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.4.24_ow1
gentoo linux 1.4
linux linux_kernel 2.4.22
linux linux_kernel 2.6.4
linux linux_kernel 2.6.1
linux linux_kernel 2.4.21
linux linux_kernel 2.4.25
linux linux_kernel 2.6_test9_cvs
linux linux_kernel 2.4.23_ow2
linux linux_kernel 2.6.0
linux linux_kernel 2.4.26
linux linux_kernel 2.6.3
linux linux_kernel 2.4.23
linux linux_kernel 2.4.20
linux linux_kernel 2.6.5
linux linux_kernel 2.4.24
linux linux_kernel 2.6.2
CVE-2004-0231 LOW

Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and directory creations."

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
midnight_commander midnight_commander 4.5.49
midnight_commander midnight_commander 4.5.45
midnight_commander midnight_commander 4.5.47
gentoo linux 0.7
midnight_commander midnight_commander 4.5.43
midnight_commander midnight_commander 4.5.52
slackware slackware_linux 9.1
slackware slackware_linux *
midnight_commander midnight_commander 4.5.40
midnight_commander midnight_commander 4.5.46
gentoo linux 1.1a
midnight_commander midnight_commander 4.6
midnight_commander midnight_commander 4.5.48
midnight_commander midnight_commander 4.5.50
midnight_commander midnight_commander 4.5.51
gentoo linux 1.4
slackware slackware_linux 9.0
midnight_commander midnight_commander 4.5.44
gentoo linux 0.5
midnight_commander midnight_commander 4.5.42
sgi propack 2.4
midnight_commander midnight_commander 4.5.41
midnight_commander midnight_commander 4.5.55
gentoo linux 1.2
sgi propack 2.3
CVE-2004-0232 MEDIUM

Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
midnight_commander midnight_commander 4.5.49
midnight_commander midnight_commander 4.5.45
midnight_commander midnight_commander 4.5.47
gentoo linux 0.7
midnight_commander midnight_commander 4.5.43
midnight_commander midnight_commander 4.5.52
slackware slackware_linux 9.1
slackware slackware_linux *
midnight_commander midnight_commander 4.5.40
midnight_commander midnight_commander 4.5.46
gentoo linux 1.1a
midnight_commander midnight_commander 4.6
midnight_commander midnight_commander 4.5.48
midnight_commander midnight_commander 4.5.50
midnight_commander midnight_commander 4.5.51
gentoo linux 1.4
slackware slackware_linux 9.0
midnight_commander midnight_commander 4.5.44
gentoo linux 0.5
midnight_commander midnight_commander 4.5.42
sgi propack 2.4
midnight_commander midnight_commander 4.5.41
midnight_commander midnight_commander 4.5.55
gentoo linux 1.2
sgi propack 2.3
CVE-2004-0333 HIGH

Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openpkg openpkg *
winzip winzip 7.0
gentoo linux 1.4
winzip winzip 8.1
winzip winzip 8.0
uudeview uudeview 0.5.18
uudeview uudeview 0.5.19
CVE-2004-0386 HIGH

Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mplayer mplayer 0.90
mandrakesoft mandrake_linux 10.0
gentoo linux 1.4
mplayer mplayer 1.0_pre1
mplayer mplayer 0.90_pre
mplayer mplayer 1.0_pre2
gentoo linux 0.5
mplayer mplayer 1.0_pre3
gentoo linux 0.7
gentoo linux 1.2
mandrakesoft mandrake_linux 9.2
mplayer mplayer 0.91
gentoo linux 1.1a
mplayer mplayer 0.90_rc
CVE-2004-0414 HIGH

CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cvs cvs 1.11.1_p1
sgi propack 3.0
cvs cvs 1.10.8
cvs cvs 1.12.2
cvs cvs 1.11.1
cvs cvs 1.12.5
openbsd openbsd *
cvs cvs 1.11.15
cvs cvs 1.11.6
cvs cvs 1.12.7
cvs cvs 1.11
cvs cvs 1.11.2
cvs cvs 1.11.16
gentoo linux 1.4
cvs cvs 1.11.4
cvs cvs 1.10.7
openpkg openpkg *
cvs cvs 1.11.14
openbsd openbsd 3.5
sgi propack 2.4
cvs cvs 1.11.11
openpkg openpkg 1.3
cvs cvs 1.12.8
cvs cvs 1.11.10
openpkg openpkg 2.0
cvs cvs 1.11.3
cvs cvs 1.11.5
openbsd openbsd 3.4
cvs cvs 1.12.1
CVE-2004-0416 HIGH

Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
cvs cvs 1.11.1_p1
sgi propack 3.0
cvs cvs 1.10.8
cvs cvs 1.12.2
cvs cvs 1.11.1
cvs cvs 1.12.5
openbsd openbsd *
cvs cvs 1.11.15
cvs cvs 1.11.6
cvs cvs 1.12.7
cvs cvs 1.11
cvs cvs 1.11.2
cvs cvs 1.11.16
gentoo linux 1.4
cvs cvs 1.11.4
cvs cvs 1.10.7
openpkg openpkg *
cvs cvs 1.11.14
openbsd openbsd 3.5
sgi propack 2.4
cvs cvs 1.11.11
openpkg openpkg 1.3
cvs cvs 1.12.8
cvs cvs 1.11.10
openpkg openpkg 2.0
cvs cvs 1.11.3
cvs cvs 1.11.5
openbsd openbsd 3.4
cvs cvs 1.12.1
CVE-2004-0417 MEDIUM

Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cvs cvs 1.11.1_p1
sgi propack 3.0
cvs cvs 1.10.8
cvs cvs 1.12.2
cvs cvs 1.11.1
cvs cvs 1.12.5
openbsd openbsd *
cvs cvs 1.11.15
cvs cvs 1.11.6
cvs cvs 1.12.7
cvs cvs 1.11
cvs cvs 1.11.2
cvs cvs 1.11.16
gentoo linux 1.4
cvs cvs 1.11.4
cvs cvs 1.10.7
openpkg openpkg *
cvs cvs 1.11.14
openbsd openbsd 3.5
sgi propack 2.4
cvs cvs 1.11.11
openpkg openpkg 1.3
cvs cvs 1.12.8
cvs cvs 1.11.10
openpkg openpkg 2.0
cvs cvs 1.11.3
cvs cvs 1.11.5
openbsd openbsd 3.4
cvs cvs 1.12.1
CVE-2004-0418 HIGH

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cvs cvs 1.11.1_p1
sgi propack 3.0
cvs cvs 1.10.8
cvs cvs 1.12.2
cvs cvs 1.11.1
cvs cvs 1.12.5
openbsd openbsd *
cvs cvs 1.11.15
cvs cvs 1.11.6
cvs cvs 1.12.7
cvs cvs 1.11
cvs cvs 1.11.2
cvs cvs 1.11.16
gentoo linux 1.4
cvs cvs 1.11.4
cvs cvs 1.10.7
openpkg openpkg *
cvs cvs 1.11.14
openbsd openbsd 3.5
sgi propack 2.4
cvs cvs 1.11.11
openpkg openpkg 1.3
cvs cvs 1.12.8
cvs cvs 1.11.10
openpkg openpkg 2.0
cvs cvs 1.11.3
cvs cvs 1.11.5
openbsd openbsd 3.4
cvs cvs 1.12.1
CVE-2004-0419 HIGH

XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gentoo linux 1.4
xfree86_project xdm cvs
x.org x11r6 6.7.0
CVE-2004-0432 HIGH

ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gentoo linux 0.5
gentoo linux 0.7
gentoo linux 1.4
gentoo linux 1.2
trustix secure_linux 2.1
proftpd_project proftpd 1.2.9
trustix secure_linux 2.0
gentoo linux 1.1a
CVE-2004-0456 HIGH

Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
debian debian_linux 3.0
pavuk pavuk 0.928r1
gentoo linux 1.4
gentoo linux 1.2
pavuk pavuk 0.9pl28i
gentoo linux 1.1a
CVE-2004-0493 MEDIUM

The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya converged_communications_server 2.0
avaya s8500 r2.0.0
apache http_server 2.0.48
gentoo linux 1.4
trustix secure_linux 1.5
apache http_server 2.0.47
trustix secure_linux 2.0
ibm http_server 2.0.47
ibm http_server 2.0.42.1
avaya s8300 r2.0.0
ibm http_server 2.0.47.1
avaya s8700 r2.0.0
apache http_server 2.0.49
trustix secure_linux 2.1
ibm http_server 2.0.42
ibm http_server 2.0.42.2
CVE-2004-0495 HIGH

Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya intuity_audix *
suse suse_linux 8
linux linux_kernel 2.4.19
suse suse_linux 8.2
linux linux_kernel 2.4.22
linux linux_kernel 2.4.21
linux linux_kernel 2.4.25
conectiva linux 9.0
suse suse_linux_database_server *
redhat enterprise_linux 2.1
suse suse_office_server *
suse suse_linux_office_server *
avaya s8700 r2.0.1
linux linux_kernel 2.4.18
linux linux_kernel 2.6.6
suse suse_email_server 3.1
suse suse_linux 8.1
avaya s8500 r2.0.1
linux linux_kernel 2.6.5
linux linux_kernel 2.4.24
conectiva linux 8.0
suse suse_email_server iii
linux linux_kernel 2.6.2
redhat enterprise_linux 3.0
suse suse_linux_firewall_cd *
suse suse_linux 9.1
avaya converged_communications_server 2.0
avaya modular_messaging_message_storage_server s3400
suse suse_linux_connectivity_server *
suse suse_linux_admin-cd_for_firewall *
avaya s8500 r2.0.0
gentoo linux 1.4
linux linux_kernel 2.6.4
suse suse_linux 9.0
linux linux_kernel 2.6.1
suse suse_linux 7
linux linux_kernel 2.6.0
avaya s8300 r2.0.0
suse suse_linux 8.0
linux linux_kernel 2.4.26
linux linux_kernel 2.6.3
avaya s8700 r2.0.0
linux linux_kernel 2.4.23
linux linux_kernel 2.6.7
avaya s8300 r2.0.1
CVE-2004-0496 HIGH

Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 9.0
mandrakesoft mandrake_multi_network_firewall 8.2
suse suse_linux_connectivity_server *
suse suse_linux 8
mandrakesoft mandrake_linux 9.1
mandrakesoft mandrake_linux 10.0
sun sunos 5.9
suse suse_linux 7
suse suse_linux_database_server *
sun sunos 5.8
linux linux_kernel 2.6.0
mandrakesoft mandrake_linux_corporate_server 2.1
suse suse_linux_office_server *
suse suse_email_server 3.1
suse suse_email_server 3
gentoo linux *
mandrakesoft mandrake_linux 9.2
suse suse_linux_firewall *
CVE-2004-0497 LOW

Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_multi_network_firewall 8.2
mandrakesoft mandrake_linux 9.1
suse suse_linux 8.2
mandrakesoft mandrake_linux 10.0
suse suse_linux 9.0
trustix secure_linux 2.0
trustix secure_linux 2
mandrakesoft mandrake_linux_corporate_server 2.1
suse suse_linux 8.0
redhat enterprise_linux 2.1
linux linux_kernel 2.0
conectiva linux 10
suse suse_linux 8.1
trustix secure_linux 2.1
redhat enterprise_linux 3.0
gentoo linux *
mandrakesoft mandrake_linux 9.2
suse suse_linux 9.1
CVE-2004-0500 HIGH

Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via MSNSLP protocol messages that are not properly handled in a strncpy call.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
rob_flynn gaim 0.67
rob_flynn gaim 0.69
rob_flynn gaim 0.64
rob_flynn gaim 0.59
rob_flynn gaim 0.10.3
rob_flynn gaim 0.53
rob_flynn gaim 0.58
rob_flynn gaim 0.63
rob_flynn gaim 0.54
rob_flynn gaim 0.70
rob_flynn gaim 0.51
rob_flynn gaim 0.52
rob_flynn gaim 0.62
rob_flynn gaim 0.57
mandrakesoft mandrake_linux 10.0
gentoo linux 1.4
rob_flynn gaim 0.50
rob_flynn gaim 0.61
rob_flynn gaim 0.71
rob_flynn gaim 0.59.1
rob_flynn gaim 0.68
rob_flynn gaim 0.72
rob_flynn gaim 0.66
rob_flynn gaim 0.60
rob_flynn gaim 0.56
rob_flynn gaim 0.10
rob_flynn gaim 0.74
rob_flynn gaim 0.75
rob_flynn gaim 0.65
rob_flynn gaim 0.73
rob_flynn gaim 0.55
mandrakesoft mandrake_linux 9.2
CVE-2004-0535 LOW

The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
engardelinux secure_linux 1.5
suse suse_linux 8
linux linux_kernel 2.4.19
mandrakesoft mandrake_linux 9.1
linux linux_kernel 2.4.1
linux linux_kernel 2.4.14
linux linux_kernel 2.4.7
linux linux_kernel 2.4.2
linux linux_kernel 2.4.6
suse suse_linux_database_server *
linux linux_kernel 2.4.13
linux linux_kernel 2.4.27
suse suse_office_server *
linux linux_kernel 2.4.17
suse suse_linux_office_server *
linux linux_kernel 2.4.11
linux linux_kernel 2.4.18
linux linux_kernel 2.4.24
conectiva linux 8.0
linux linux_kernel 2.4.24_ow1
suse suse_linux_connectivity_server *
mandrakesoft mandrake_linux 10.0
gentoo linux 1.4
suse suse_linux 9.0
suse suse_linux 7
suse suse_linux 8.0
linux linux_kernel 2.4.15
mandrakesoft mandrake_multi_network_firewall 8.2
suse suse_linux 8.2
linux linux_kernel 2.4.22
suse suse_linux_firewall_live-cd *
linux linux_kernel 2.4.21
linux linux_kernel 2.4.25
conectiva linux 9.0
linux linux_kernel 2.4.4
linux linux_kernel 2.4.5
linux linux_kernel 2.4.12
linux linux_kernel 2.4.8
linux linux_kernel 2.4.9
suse suse_email_server 3.1
suse suse_linux 8.1
suse suse_email_server iii
linux linux_kernel 2.4.10
linux linux_kernel 2.4.16
suse suse_linux_firewall_cd *
suse suse_linux 9.1
suse suse_linux_admin-cd_for_firewall *
linux linux_kernel 2.4.3
linux linux_kernel 2.4.23_ow2
mandrakesoft mandrake_linux_corporate_server 2.1
linux linux_kernel 2.4.26
engardelinux secure_community 2.0
linux linux_kernel 2.4.23
linux linux_kernel 2.4.20
mandrakesoft mandrake_linux 9.2
linux linux_kernel 2.4.0
CVE-2004-0548 HIGH

Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properly handled when using the (1) "c" compress option or (2) "d" decompress option.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu aspell 0.50.5
gentoo linux 1.4
CVE-2004-0554 LOW

Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya intuity_audix *
suse suse_linux 8
linux linux_kernel 2.4.19
suse suse_linux 8.2
linux linux_kernel 2.4.22
linux linux_kernel 2.4.21
linux linux_kernel 2.4.25
conectiva linux 9.0
suse suse_linux_database_server *
redhat enterprise_linux 2.1
suse suse_office_server *
suse suse_linux_office_server *
avaya s8700 r2.0.1
linux linux_kernel 2.4.18
linux linux_kernel 2.6.6
suse suse_email_server 3.1
suse suse_linux 8.1
avaya s8500 r2.0.1
linux linux_kernel 2.6.5
linux linux_kernel 2.4.24
conectiva linux 8.0
suse suse_email_server iii
linux linux_kernel 2.6.2
redhat enterprise_linux 3.0
suse suse_linux_firewall_cd *
suse suse_linux 9.1
avaya converged_communications_server 2.0
avaya modular_messaging_message_storage_server s3400
suse suse_linux_connectivity_server *
suse suse_linux_admin-cd_for_firewall *
avaya s8500 r2.0.0
gentoo linux 1.4
linux linux_kernel 2.6.4
suse suse_linux 9.0
linux linux_kernel 2.6.1
suse suse_linux 7
linux linux_kernel 2.6.0
avaya s8300 r2.0.0
suse suse_linux 8.0
linux linux_kernel 2.4.26
linux linux_kernel 2.6.3
avaya s8700 r2.0.0
linux linux_kernel 2.4.23
linux linux_kernel 2.6.7
avaya s8300 r2.0.1
CVE-2004-0557 HIGH

Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gentoo linux 1.4
redhat enterprise_linux_desktop 3.0
sox sox 12.17.2
conectiva linux 10.0
sox sox 12.17.3
conectiva linux 8.0
sox sox 12.17.4
redhat fedora_core core_1.0
redhat enterprise_linux 3.0
redhat fedora_core core_2.0
conectiva linux 9.0
CVE-2004-0565 LOW

Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_multi_network_firewall 8.2
mandrakesoft mandrake_linux 9.1
mandrakesoft mandrake_linux_corporate_server 2.1
mandrakesoft mandrake_linux 10.0
trustix secure_linux 2.1
trustix secure_linux 2.0
gentoo linux *
mandrakesoft mandrake_linux 9.2
linux linux_kernel 2.4.0
trustix secure_linux 2
CVE-2004-0604 MEDIUM

The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows remote attackers to cause a denial of service (crash), possibly via an empty search query, which triggers a NULL dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gift-fasttrack gift-fasttrack 0.8.5
gift-fasttrack gift-fasttrack 0.8.0
gift-fasttrack gift-fasttrack 0.8.4
gift-fasttrack gift-fasttrack 0.8.6
gift-fasttrack gift-fasttrack 0.8.1
gentoo linux 1.4
gift-fasttrack gift-fasttrack 0.8.3
gift-fasttrack gift-fasttrack 0.8.2
CVE-2004-0608 HIGH

The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena Blast 1.2 and earlier, Postal 2 1337 and earlier, Rune 107 and earlier, Tactical Ops 3.4.0 and earlier, Unreal 1 226f and earlier, Unreal II XMP 7710 and earlier, Unreal Tournament 451b and earlier, Unreal Tournament 2003 2225 and earlier, Unreal Tournament 2004 before 3236, Wheel of Time 333b and earlier, and X-com Enforcer, allows remote attackers to execute arbitrary code via a UDP packet containing a secure query with a long value, which overwrites memory.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
epic_games unreal_tournament_2003 2199_linux
epic_games unreal_tournament_2003 2225_macos
rage_software mobile_forces 20000.0
gentoo linux 1.4
epic_games unreal_engine 226f
infogrames x-com_enforcer *
epic_games unreal_tournament_2003 2225_win32
ion_storm deusex 1.112_fm
epic_games unreal_tournament_2004 win32
arush devastation 390.0
epic_games unreal_tournament_2004 macos
epic_games unreal_engine 433
epic_games unreal_engine 436
epic_games unreal_tournament 451b
nerf_arena_blast nerf_arena_blast 1.2
epic_games unreal_tournament_2003 2199_macos
infogrames tacticalops 3.4
epic_games unreal_tournament_2003 2199_win32
robert_jordan wheel_of_time 333.0b
dreamforge tnn_outdoors_pro_hunter *
running_with_scissors postal_2 1337
CVE-2004-0626 MEDIUM

The tcp_find_option function of the netfilter subsystem in Linux kernel 2.6, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a casting operation to the char type.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.6.0
suse suse_linux 8.0
suse suse_linux 8.2
conectiva linux 10
suse suse_linux 8.1
suse suse_linux 9.0
gentoo linux *
suse suse_linux 9.1
CVE-2004-0633 MEDIUM

The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux_advanced_workstation 2.1
redhat enterprise_linux 2.1
mandrakesoft mandrake_linux 10.0
ethereal_group ethereal 0.10.3
redhat enterprise_linux 3.0
gentoo linux *
mandrakesoft mandrake_linux 9.2
ethereal_group ethereal 0.10.4
CVE-2004-0634 MEDIUM

The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a handle without a policy name, which causes a null dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux_advanced_workstation 2.1
redhat enterprise_linux 2.1
mandrakesoft mandrake_linux 10.0
ethereal_group ethereal 0.9.15
redhat enterprise_linux 3.0
gentoo linux *
mandrakesoft mandrake_linux 9.2
ethereal_group ethereal 0.10.4
CVE-2004-0635 MEDIUM

The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds read.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ethereal_group ethereal 0.9.8
redhat linux_advanced_workstation 2.1
ethereal_group ethereal 0.9
ethereal_group ethereal 0.9.1
ethereal_group ethereal 0.9.6
ethereal_group ethereal 0.8.17
redhat enterprise_linux 2.1
ethereal_group ethereal 0.10
ethereal_group ethereal 0.9.11
ethereal_group ethereal 0.8.19
redhat enterprise_linux 3.0
ethereal_group ethereal 0.9.2
ethereal_group ethereal 0.10.2
gentoo linux *
ethereal_group ethereal 0.9.13
ethereal_group ethereal 0.8.18
ethereal_group ethereal 0.8.15
mandrakesoft mandrake_linux 10.0
ethereal_group ethereal 0.10.3
ethereal_group ethereal 0.10.1
ethereal_group ethereal 0.9.15
ethereal_group ethereal 0.9.9
ethereal_group ethereal 0.9.7
ethereal_group ethereal 0.9.5
ethereal_group ethereal 0.9.16
ethereal_group ethereal 0.9.12
ethereal_group ethereal 0.9.14
ethereal_group ethereal 0.9.3
ethereal_group ethereal 0.9.4
mandrakesoft mandrake_linux 9.2
ethereal_group ethereal 0.9.10
ethereal_group ethereal 0.10.4
ethereal_group ethereal 0.8.16
CVE-2004-0649 HIGH

Buffer overflow in write_packet in control.c for l2tpd may allow remote attackers to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
l2tpd l2tpd 0.64
l2tpd l2tpd 0.67
gentoo linux 1.4
l2tpd l2tpd 0.65
l2tpd l2tpd 0.69
l2tpd l2tpd 0.66
l2tpd l2tpd 0.63
l2tpd l2tpd 0.62
l2tpd l2tpd 0.68
CVE-2004-0667 HIGH

Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows access to sys_creat, sys_open, and sys_mknod inside jails, which could allow local users to gain elevated privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
rsbac rule_set_based_access_control 1.2.2
rsbac rule_set_based_access_control 1.2.3
gentoo linux 1.4
CVE-2004-0700 HIGH

Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mod_ssl mod_ssl 2.6.5
mod_ssl mod_ssl 2.4.0
mod_ssl mod_ssl 2.8.1
mod_ssl mod_ssl 2.8.12
mod_ssl mod_ssl 2.6.3
mod_ssl mod_ssl 2.8.18
mod_ssl mod_ssl 2.5.1
mod_ssl mod_ssl 2.4.3
mod_ssl mod_ssl 2.4.5
mod_ssl mod_ssl 2.8.4
mod_ssl mod_ssl 2.8.5
mod_ssl mod_ssl 2.6.0
mod_ssl mod_ssl 2.8.9
mod_ssl mod_ssl 2.3.11
mod_ssl mod_ssl 2.6.2
mod_ssl mod_ssl 2.5.0
mod_ssl mod_ssl 2.6.6
mod_ssl mod_ssl 2.6.1
mod_ssl mod_ssl 2.8.0
mod_ssl mod_ssl 2.8.5.1
mod_ssl mod_ssl 2.8.8
mod_ssl mod_ssl 2.8.6
mod_ssl mod_ssl 2.8.7
mod_ssl mod_ssl 2.4.8
mod_ssl mod_ssl 2.8.10
mod_ssl mod_ssl 2.4.9
mod_ssl mod_ssl 2.8.15
mod_ssl mod_ssl 2.8.1.2
mod_ssl mod_ssl 2.4.10
gentoo linux 1.4
mod_ssl mod_ssl 2.4.6
mod_ssl mod_ssl 2.4.7
mod_ssl mod_ssl 2.8.14
mod_ssl mod_ssl 2.4.1
mod_ssl mod_ssl 2.7.0
mod_ssl mod_ssl 2.4.4
mod_ssl mod_ssl 2.8.5.2
mod_ssl mod_ssl 2.8.2
mod_ssl mod_ssl 2.8.3
mod_ssl mod_ssl 2.6.4
mod_ssl mod_ssl 2.4.2
mod_ssl mod_ssl 2.8.17
mod_ssl mod_ssl 2.8.16
mod_ssl mod_ssl 2.7.1
CVE-2004-0746 HIGH

Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kde konqueror 3.0.2
suse suse_linux 8
kde konqueror 3.1.2
suse suse_linux 8.2
mandrakesoft mandrake_linux 10.0
gentoo linux 1.4
kde konqueror 3.1.3
kde konqueror 3.2.3
kde konqueror 3.1
suse suse_linux 9.0
kde kde 3.1.3
kde konqueror 3.1.5
kde konqueror 3.0
kde konqueror 3.0.1
kde konqueror 3.1.1
suse suse_linux 8.1
kde kde 3.2
kde konqueror 3.0.3
kde konqueror 3.0.5b
mandrakesoft mandrake_linux 9.2
suse suse_linux 9.1
kde konqueror 3.0.5
kde konqueror 3.2.1
CVE-2004-0749 MEDIUM

The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
subversion subversion 1.0.7
subversion subversion 1.0.4
subversion subversion 1.0.2
gentoo linux 1.4
subversion subversion 1.1.0_rc2
subversion subversion 1.0
subversion subversion 1.0.1
subversion subversion 1.0.3
subversion subversion 1.1.0_rc1
gentoo linux 0.5
subversion subversion 1.0.6
gentoo linux 0.7
gentoo linux 1.2
subversion subversion 1.1.0_rc3
subversion subversion 1.0.5
gentoo linux 1.1a
CVE-2004-0809 MEDIUM

The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp secure_web_server_for_tru64 4.0_g
hp secure_web_server_for_tru64 5.1_a
hp hp-ux 11.11
turbolinux turbolinux_home *
debian debian_linux 3.0
hp secure_web_server_for_tru64 5.9.2
hp secure_web_server_for_tru64 5.0_a
turbolinux turbolinux_desktop 10.0
trustix secure_linux 2.1
redhat enterprise_linux 3.0
hp secure_web_server_for_tru64 4.0_f
hp secure_web_server_for_tru64 5.1
hp hp-ux 11.00
mandrakesoft mandrake_linux 10.0
gentoo linux 1.4
redhat enterprise_linux_desktop 3.0
hp secure_web_server_for_tru64 5.8.1
trustix secure_linux 2.0
apache http_server *
hp secure_web_server_for_tru64 5.9.1
hp hp-ux 11.22
turbolinux turbolinux_server 10.0
hp secure_web_server_for_tru64 6.3.0
hp hp-ux 11.23
hp secure_web_server_for_tru64 5.8.2
mandrakesoft mandrake_linux 9.2
CVE-2004-0834 HIGH

Format string vulnerability in Speedtouch USB driver before 1.3.1 allows local users to execute arbitrary code via (1) modem_run, (2) pppoa2, or (3) pppoa3.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_multi_network_firewall 8.2
mandrakesoft mandrake_linux 9.1
speedtouch speedtouch_usb_driver 1.0
speedtouch speedtouch_usb_driver 1.2_beta1
mandrakesoft mandrake_linux 10.0
gentoo linux 1.4
speedtouch speedtouch_usb_driver 1.1
mandrakesoft mandrake_linux 9.0
speedtouch speedtouch_usb_driver 1.2
speedtouch speedtouch_usb_driver 1.2_beta3
speedtouch speedtouch_usb_driver 1.3
mandrakesoft mandrake_linux 8.2
mandrakesoft mandrake_linux_corporate_server 2.1
mandrakesoft mandrake_linux 9.2
speedtouch speedtouch_usb_driver 1.2_beta2
mandrakesoft mandrake_linux 10.1
CVE-2004-0880 LOW

getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
slackware slackware_linux current
getmail getmail 4.1.5
getmail getmail 4.0.4
getmail getmail 4.1.3
getmail getmail 4.1.4
getmail getmail 4.0.1
getmail getmail 4.0.5
getmail getmail 4.1
slackware slackware_linux 10.0
getmail getmail 4.0.2
getmail getmail 4.1.2
getmail getmail 4.0.12
getmail getmail 4.0.0_b10
slackware slackware_linux 9.1
getmail getmail 4.0.8
getmail getmail 4.0.7
getmail getmail 2.3.7
getmail getmail 3.x
gentoo linux 1.4
getmail getmail 4.0.10
getmail getmail 4.0.11
getmail getmail 4.0
getmail getmail 4.0.3
getmail getmail 4.0.6
getmail getmail 4.1.1
getmail getmail 4.0.13
getmail getmail 4.0.9
CVE-2004-0881 LOW

getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
slackware slackware_linux current
getmail getmail 4.1.5
getmail getmail 4.0.4
getmail getmail 4.1.3
getmail getmail 4.1.4
getmail getmail 4.0.1
getmail getmail 4.0.5
getmail getmail 4.1
slackware slackware_linux 10.0
getmail getmail 4.0.2
getmail getmail 4.1.2
getmail getmail 4.0.12
getmail getmail 4.0.0_b10
slackware slackware_linux 9.1
getmail getmail 4.0.8
getmail getmail 4.0.7
getmail getmail 2.3.7
getmail getmail 3.x
gentoo linux 1.4
getmail getmail 4.0.10
getmail getmail 4.0.11
getmail getmail 4.0
getmail getmail 4.0.3
getmail getmail 4.0.6
getmail getmail 4.1.1
getmail getmail 4.0.13
getmail getmail 4.0.9
CVE-2004-0888 HIGH

Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
easy_software_products cups 1.1.17
easy_software_products cups 1.1.12
redhat linux_advanced_workstation 2.1
easy_software_products cups 1.1.10
kde kde 3.3.1
xpdf xpdf 0.91
kde kde 3.2.3
kde kpdf 3.2
easy_software_products cups 1.1.4_5
easy_software_products cups 1.1.6
easy_software_products cups 1.1.20
gnome gpdf 0.112
xpdf xpdf 0.93
easy_software_products cups 1.1.1
pdftohtml pdftohtml 0.33a
xpdf xpdf 0.92
kde koffice 1.3.1
gnome gpdf 0.131
tetex tetex 2.0.1
kde kde 3.2
redhat enterprise_linux 3.0
gentoo linux *
pdftohtml pdftohtml 0.32a
xpdf xpdf 2.1
pdftohtml pdftohtml 0.33
tetex tetex 2.0
xpdf xpdf 2.3
redhat enterprise_linux_desktop 3.0
pdftohtml pdftohtml 0.34
suse suse_linux 9.0
easy_software_products cups 1.1.15
easy_software_products cups 1.0.4
easy_software_products cups 1.0.4_8
suse suse_linux 8.0
easy_software_products cups 1.1.19
easy_software_products cups 1.1.18
kde kde 3.2.2
pdftohtml pdftohtml 0.35
kde kde 3.2.1
suse suse_linux 9.2
easy_software_products cups 1.1.4_2
tetex tetex 2.0.2
suse suse_linux 8.2
xpdf xpdf 2.0
kde koffice 1.3.2
debian debian_linux 3.0
redhat enterprise_linux 2.1
kde koffice 1.3_beta2
easy_software_products cups 1.1.7
ubuntu ubuntu_linux 4.1
easy_software_products cups 1.1.14
suse suse_linux 8.1
tetex tetex 1.0.7
redhat fedora_core core_2.0
pdftohtml pdftohtml 0.32b
suse suse_linux 9.1
xpdf xpdf 3.0
easy_software_products cups 1.1.4_3
kde kde 3.3
kde koffice 1.3_beta1
kde koffice 1.3
kde koffice 1.3_beta3
xpdf xpdf 0.90
xpdf xpdf 1.0
pdftohtml pdftohtml 0.36
easy_software_products cups 1.1.16
xpdf xpdf 1.0a
kde koffice 1.3.3
easy_software_products cups 1.1.13
easy_software_products cups 1.1.19_rc5
easy_software_products cups 1.1.4
xpdf xpdf 1.1
CVE-2004-0889 HIGH

Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
easy_software_products cups 1.1.17
easy_software_products cups 1.1.12
redhat linux_advanced_workstation 2.1
easy_software_products cups 1.1.10
kde kde 3.3.1
xpdf xpdf 0.91
kde kde 3.2.3
kde kpdf 3.2
easy_software_products cups 1.1.4_5
easy_software_products cups 1.1.6
easy_software_products cups 1.1.20
gnome gpdf 0.112
xpdf xpdf 0.93
easy_software_products cups 1.1.1
pdftohtml pdftohtml 0.33a
xpdf xpdf 0.92
kde koffice 1.3.1
gnome gpdf 0.131
tetex tetex 2.0.1
kde kde 3.2
redhat enterprise_linux 3.0
gentoo linux *
pdftohtml pdftohtml 0.32a
xpdf xpdf 2.1
pdftohtml pdftohtml 0.33
tetex tetex 2.0
xpdf xpdf 2.3
redhat enterprise_linux_desktop 3.0
pdftohtml pdftohtml 0.34
suse suse_linux 9.0
easy_software_products cups 1.1.15
easy_software_products cups 1.0.4
easy_software_products cups 1.0.4_8
suse suse_linux 8.0
easy_software_products cups 1.1.19
easy_software_products cups 1.1.18
kde kde 3.2.2
pdftohtml pdftohtml 0.35
kde kde 3.2.1
suse suse_linux 9.2
easy_software_products cups 1.1.4_2
tetex tetex 2.0.2
suse suse_linux 8.2
xpdf xpdf 2.0
kde koffice 1.3.2
debian debian_linux 3.0
redhat enterprise_linux 2.1
kde koffice 1.3_beta2
easy_software_products cups 1.1.7
ubuntu ubuntu_linux 4.1
easy_software_products cups 1.1.14
suse suse_linux 8.1
tetex tetex 1.0.7
redhat fedora_core core_2.0
pdftohtml pdftohtml 0.32b
suse suse_linux 9.1
xpdf xpdf 3.0
easy_software_products cups 1.1.4_3
kde kde 3.3
kde koffice 1.3_beta1
kde koffice 1.3
kde koffice 1.3_beta3
xpdf xpdf 0.90
xpdf xpdf 1.0
pdftohtml pdftohtml 0.36
easy_software_products cups 1.1.16
xpdf xpdf 1.0a
kde koffice 1.3.3
easy_software_products cups 1.1.13
easy_software_products cups 1.1.19_rc5
easy_software_products cups 1.1.4
xpdf xpdf 1.1
CVE-2004-0891 HIGH

Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
slackware slackware_linux current
rob_flynn gaim 0.82.1
rob_flynn gaim 0.67
rob_flynn gaim 0.69
rob_flynn gaim 1.0
rob_flynn gaim 0.64
rob_flynn gaim 0.59
slackware slackware_linux 10.0
rob_flynn gaim 0.78
rob_flynn gaim 0.10.3
rob_flynn gaim 0.53
rob_flynn gaim 0.58
ubuntu ubuntu_linux 4.1
rob_flynn gaim 0.63
rob_flynn gaim 0.54
rob_flynn gaim 0.70
slackware slackware_linux 9.1
gentoo linux *
rob_flynn gaim 0.51
rob_flynn gaim 0.52
rob_flynn gaim 0.62
rob_flynn gaim 0.57
gentoo linux 1.4
rob_flynn gaim 0.50
rob_flynn gaim 1.0.1
rob_flynn gaim 0.61
rob_flynn gaim 0.71
rob_flynn gaim 0.59.1
rob_flynn gaim 0.68
rob_flynn gaim 0.72
slackware slackware_linux 9.0
rob_flynn gaim 0.66
rob_flynn gaim 0.60
rob_flynn gaim 0.56
rob_flynn gaim 0.10
rob_flynn gaim 0.74
rob_flynn gaim 0.75
rob_flynn gaim 0.65
rob_flynn gaim 0.73
rob_flynn gaim 0.82
rob_flynn gaim 0.55
CVE-2004-0914 HIGH

Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xfree86_project x11r6 4.0
lesstif lesstif 0.93.40
suse suse_linux 8
suse suse_linux 8.2
lesstif lesstif 0.93.36
xfree86_project x11r6 3.3.5
xfree86_project x11r6 3.3
xfree86_project x11r6 3.3.6
xfree86_project x11r6 4.3.0
xfree86_project x11r6 4.1.11
xfree86_project x11r6 4.2.0
lesstif lesstif 0.93.18
suse suse_linux 8.1
xfree86_project x11r6 4.0.2.11
xfree86_project x11r6 3.3.3
redhat fedora_core core_2.0
xfree86_project x11r6 3.3.4
xfree86_project x11r6 4.1.12
gentoo linux *
suse suse_linux 9.1
xfree86_project x11r6 3.3.2
xfree86_project x11r6 4.2.1
xfree86_project x11r6 4.1.0
lesstif lesstif 0.93.12
suse suse_linux 9.0
suse suse_linux 1.0
lesstif lesstif 0.93.34
lesstif lesstif 0.93.96
xfree86_project x11r6 4.0.1
redhat fedora_core core_3.0
x.org x11r6 6.8
lesstif lesstif 0.93
x.org x11r6 6.7.0
lesstif lesstif 0.93.91
lesstif lesstif 0.93.94
suse suse_linux 9.2
xfree86_project x11r6 4.0.3
x.org x11r6 6.8.1
CVE-2004-0918 MEDIUM

The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
squid squid 2.5_.stable4
openpkg openpkg 2.2
squid squid 3.0_pre1
openpkg openpkg current
squid squid 2.0_patch2
squid squid 2.4_.stable7
squid squid 2.3_.stable4
squid squid 2.4_.stable2
squid squid 2.5_.stable6
squid squid 2.3_.stable5
ubuntu ubuntu_linux 4.1
squid squid 3.0_pre2
trustix secure_linux 2.1
redhat fedora_core core_2.0
squid squid 2.5_.stable3
squid squid 3.0_pre3
gentoo linux *
trustix secure_linux 1.5
trustix secure_linux 2.0
squid squid 2.5_.stable5
openpkg openpkg 2.1
squid squid 2.5_.stable1
squid squid 2.1_patch2
squid squid 2.4
squid squid 2.4_.stable6
CVE-2004-0930 MEDIUM

The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba 3.0.5
sgi samba 3.0.6
samba samba 3.0.3
redhat linux_advanced_workstation 2.1
sgi samba 3.0.3
samba samba 3.0.0
sgi samba 3.0.1
sgi samba 3.0
redhat enterprise_linux_desktop 3.0
conectiva linux 10.0
sgi samba 3.0.4
samba samba 3.0.4
redhat fedora_core core_3.0
samba samba 3.0.7
sgi samba 3.0.2
redhat enterprise_linux 2.1
sgi samba 3.0.5
samba samba 3.0.6
sgi samba 3.0.7
redhat enterprise_linux 3.0
redhat fedora_core core_2.0
gentoo linux *
CVE-2004-0932 HIGH

McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom etrust_ez_armor 2.0
sophos sophos_anti-virus 3.78d
sophos sophos_anti-virus 3.86
eset_software nod32_antivirus 1.0.11
broadcom etrust_ez_antivirus 6.2
sophos sophos_anti-virus 3.83
broadcom etrust_intrusion_detection 1.5
broadcom etrust_antivirus_gateway 7.1
broadcom etrust_ez_antivirus 6.3
broadcom etrust_intrusion_detection 1.4.5
broadcom etrust_ez_armor 2.4
archive_zip archive_zip 1.13
broadcom inoculateit 6.0
broadcom etrust_secure_content_manager 1.1
kaspersky_lab kaspersky_anti-virus 5.0
sophos sophos_anti-virus 3.85
gentoo linux *
eset_software nod32_antivirus 1.0.12
mandrakesoft mandrake_linux 10.1
ca etrust_antivirus 7.0_sp2
rav_antivirus rav_antivirus_desktop 8.6
sophos sophos_anti-virus 3.84
broadcom etrust_antivirus_gateway 7.0
rav_antivirus rav_antivirus_for_mail_servers 8.4.2
sophos sophos_small_business_suite 1.0
gentoo linux 1.4
sophos sophos_anti-virus 3.79
sophos sophos_anti-virus 3.78
sophos sophos_anti-virus 3.81
broadcom etrust_ez_antivirus 6.1
kaspersky_lab kaspersky_anti-virus 4.0
ca etrust_secure_content_manager 1.0
sophos sophos_anti-virus 3.4.6
rav_antivirus rav_antivirus_for_file_servers 1.0
broadcom brightstor_arcserve_backup 11.1
broadcom etrust_antivirus 7.0
kaspersky_lab kaspersky_anti-virus 3.0
sophos sophos_anti-virus 3.82
mcafee antivirus_engine 4.3.20
broadcom etrust_intrusion_detection 1.4.1.13
sophos sophos_puremessage_anti-virus 4.6
sophos sophos_anti-virus 3.80
eset_software nod32_antivirus 1.0.13
broadcom etrust_ez_armor 2.3
suse suse_linux 9.2
broadcom etrust_secure_content_manager 1.0
broadcom etrust_antivirus 7.1
CVE-2004-0933 HIGH

Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor 2.0 through 2.4, and EZ-Antivirus 6.1 through 6.3 allow remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom etrust_ez_armor 2.0
sophos sophos_anti-virus 3.78d
sophos sophos_anti-virus 3.86
eset_software nod32_antivirus 1.0.11
broadcom etrust_ez_antivirus 6.2
sophos sophos_anti-virus 3.83
broadcom etrust_intrusion_detection 1.5
broadcom etrust_antivirus_gateway 7.1
broadcom etrust_ez_antivirus 6.3
broadcom etrust_intrusion_detection 1.4.5
broadcom etrust_ez_armor 2.4
archive_zip archive_zip 1.13
broadcom inoculateit 6.0
broadcom etrust_secure_content_manager 1.1
kaspersky_lab kaspersky_anti-virus 5.0
sophos sophos_anti-virus 3.85
gentoo linux *
eset_software nod32_antivirus 1.0.12
mandrakesoft mandrake_linux 10.1
ca etrust_antivirus 7.0_sp2
rav_antivirus rav_antivirus_desktop 8.6
sophos sophos_anti-virus 3.84
broadcom etrust_antivirus_gateway 7.0
rav_antivirus rav_antivirus_for_mail_servers 8.4.2
sophos sophos_small_business_suite 1.0
gentoo linux 1.4
sophos sophos_anti-virus 3.79
sophos sophos_anti-virus 3.78
sophos sophos_anti-virus 3.81
broadcom etrust_ez_antivirus 6.1
kaspersky_lab kaspersky_anti-virus 4.0
ca etrust_secure_content_manager 1.0
sophos sophos_anti-virus 3.4.6
rav_antivirus rav_antivirus_for_file_servers 1.0
broadcom brightstor_arcserve_backup 11.1
broadcom etrust_antivirus 7.0
kaspersky_lab kaspersky_anti-virus 3.0
sophos sophos_anti-virus 3.82
mcafee antivirus_engine 4.3.20
broadcom etrust_intrusion_detection 1.4.1.13
sophos sophos_puremessage_anti-virus 4.6
sophos sophos_anti-virus 3.80
eset_software nod32_antivirus 1.0.13
broadcom etrust_ez_armor 2.3
suse suse_linux 9.2
broadcom etrust_secure_content_manager 1.0
broadcom etrust_antivirus 7.1
CVE-2004-0934 HIGH

Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom etrust_ez_armor 2.0
sophos sophos_anti-virus 3.78d
sophos sophos_anti-virus 3.86
eset_software nod32_antivirus 1.0.11
broadcom etrust_ez_antivirus 6.2
sophos sophos_anti-virus 3.83
broadcom etrust_intrusion_detection 1.5
broadcom etrust_antivirus_gateway 7.1
broadcom etrust_ez_antivirus 6.3
broadcom etrust_intrusion_detection 1.4.5
broadcom etrust_ez_armor 2.4
archive_zip archive_zip 1.13
broadcom inoculateit 6.0
broadcom etrust_secure_content_manager 1.1
kaspersky_lab kaspersky_anti-virus 5.0
sophos sophos_anti-virus 3.85
gentoo linux *
eset_software nod32_antivirus 1.0.12
mandrakesoft mandrake_linux 10.1
ca etrust_antivirus 7.0_sp2
rav_antivirus rav_antivirus_desktop 8.6
sophos sophos_anti-virus 3.84
broadcom etrust_antivirus_gateway 7.0
rav_antivirus rav_antivirus_for_mail_servers 8.4.2
sophos sophos_small_business_suite 1.0
gentoo linux 1.4
sophos sophos_anti-virus 3.79
sophos sophos_anti-virus 3.78
sophos sophos_anti-virus 3.81
broadcom etrust_ez_antivirus 6.1
kaspersky_lab kaspersky_anti-virus 4.0
ca etrust_secure_content_manager 1.0
sophos sophos_anti-virus 3.4.6
rav_antivirus rav_antivirus_for_file_servers 1.0
broadcom brightstor_arcserve_backup 11.1
broadcom etrust_antivirus 7.0
kaspersky_lab kaspersky_anti-virus 3.0
sophos sophos_anti-virus 3.82
mcafee antivirus_engine 4.3.20
broadcom etrust_intrusion_detection 1.4.1.13
sophos sophos_puremessage_anti-virus 4.6
sophos sophos_anti-virus 3.80
eset_software nod32_antivirus 1.0.13
broadcom etrust_ez_armor 2.3
suse suse_linux 9.2
broadcom etrust_secure_content_manager 1.0
broadcom etrust_antivirus 7.1
CVE-2004-0935 HIGH

Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom etrust_ez_armor 2.0
sophos sophos_anti-virus 3.78d
sophos sophos_anti-virus 3.86
eset_software nod32_antivirus 1.0.11
broadcom etrust_ez_antivirus 6.2
sophos sophos_anti-virus 3.83
broadcom etrust_intrusion_detection 1.5
broadcom etrust_antivirus_gateway 7.1
broadcom etrust_ez_antivirus 6.3
broadcom etrust_intrusion_detection 1.4.5
broadcom etrust_ez_armor 2.4
archive_zip archive_zip 1.13
broadcom inoculateit 6.0
broadcom etrust_secure_content_manager 1.1
kaspersky_lab kaspersky_anti-virus 5.0
sophos sophos_anti-virus 3.85
gentoo linux *
eset_software nod32_antivirus 1.0.12
mandrakesoft mandrake_linux 10.1
ca etrust_antivirus 7.0_sp2
rav_antivirus rav_antivirus_desktop 8.6
sophos sophos_anti-virus 3.84
broadcom etrust_antivirus_gateway 7.0
rav_antivirus rav_antivirus_for_mail_servers 8.4.2
sophos sophos_small_business_suite 1.0
gentoo linux 1.4
sophos sophos_anti-virus 3.79
sophos sophos_anti-virus 3.78
sophos sophos_anti-virus 3.81
broadcom etrust_ez_antivirus 6.1
kaspersky_lab kaspersky_anti-virus 4.0
ca etrust_secure_content_manager 1.0
sophos sophos_anti-virus 3.4.6
rav_antivirus rav_antivirus_for_file_servers 1.0
broadcom brightstor_arcserve_backup 11.1
broadcom etrust_antivirus 7.0
kaspersky_lab kaspersky_anti-virus 3.0
sophos sophos_anti-virus 3.82
mcafee antivirus_engine 4.3.20
broadcom etrust_intrusion_detection 1.4.1.13
sophos sophos_puremessage_anti-virus 4.6
sophos sophos_anti-virus 3.80
eset_software nod32_antivirus 1.0.13
broadcom etrust_ez_armor 2.3
suse suse_linux 9.2
broadcom etrust_secure_content_manager 1.0
broadcom etrust_antivirus 7.1
CVE-2004-0936 HIGH

RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom etrust_ez_armor 2.0
sophos sophos_anti-virus 3.78d
sophos sophos_anti-virus 3.86
eset_software nod32_antivirus 1.0.11
broadcom etrust_ez_antivirus 6.2
sophos sophos_anti-virus 3.83
broadcom etrust_intrusion_detection 1.5
broadcom etrust_antivirus_gateway 7.1
broadcom etrust_ez_antivirus 6.3
broadcom etrust_intrusion_detection 1.4.5
broadcom etrust_ez_armor 2.4
archive_zip archive_zip 1.13
broadcom inoculateit 6.0
broadcom etrust_secure_content_manager 1.1
kaspersky_lab kaspersky_anti-virus 5.0
sophos sophos_anti-virus 3.85
gentoo linux *
eset_software nod32_antivirus 1.0.12
mandrakesoft mandrake_linux 10.1
ca etrust_antivirus 7.0_sp2
rav_antivirus rav_antivirus_desktop 8.6
sophos sophos_anti-virus 3.84
broadcom etrust_antivirus_gateway 7.0
rav_antivirus rav_antivirus_for_mail_servers 8.4.2
sophos sophos_small_business_suite 1.0
gentoo linux 1.4
sophos sophos_anti-virus 3.79
sophos sophos_anti-virus 3.78
sophos sophos_anti-virus 3.81
broadcom etrust_ez_antivirus 6.1
kaspersky_lab kaspersky_anti-virus 4.0
ca etrust_secure_content_manager 1.0
sophos sophos_anti-virus 3.4.6
rav_antivirus rav_antivirus_for_file_servers 1.0
broadcom brightstor_arcserve_backup 11.1
broadcom etrust_antivirus 7.0
kaspersky_lab kaspersky_anti-virus 3.0
sophos sophos_anti-virus 3.82
mcafee antivirus_engine 4.3.20
broadcom etrust_intrusion_detection 1.4.1.13
sophos sophos_puremessage_anti-virus 4.6
sophos sophos_anti-virus 3.80
eset_software nod32_antivirus 1.0.13
broadcom etrust_ez_armor 2.3
suse suse_linux 9.2
broadcom etrust_secure_content_manager 1.0
broadcom etrust_antivirus 7.1
CVE-2004-0937 HIGH

Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom etrust_ez_armor 2.0
sophos sophos_anti-virus 3.78d
sophos sophos_anti-virus 3.86
eset_software nod32_antivirus 1.0.11
broadcom etrust_ez_antivirus 6.2
sophos sophos_anti-virus 3.83
broadcom etrust_intrusion_detection 1.5
broadcom etrust_antivirus_gateway 7.1
broadcom etrust_ez_antivirus 6.3
broadcom etrust_intrusion_detection 1.4.5
broadcom etrust_ez_armor 2.4
archive_zip archive_zip 1.13
broadcom inoculateit 6.0
broadcom etrust_secure_content_manager 1.1
kaspersky_lab kaspersky_anti-virus 5.0
sophos sophos_anti-virus 3.85
gentoo linux *
eset_software nod32_antivirus 1.0.12
mandrakesoft mandrake_linux 10.1
ca etrust_antivirus 7.0_sp2
rav_antivirus rav_antivirus_desktop 8.6
sophos sophos_anti-virus 3.84
broadcom etrust_antivirus_gateway 7.0
rav_antivirus rav_antivirus_for_mail_servers 8.4.2
sophos sophos_small_business_suite 1.0
gentoo linux 1.4
sophos sophos_anti-virus 3.79
sophos sophos_anti-virus 3.78
sophos sophos_anti-virus 3.81
broadcom etrust_ez_antivirus 6.1
kaspersky_lab kaspersky_anti-virus 4.0
ca etrust_secure_content_manager 1.0
sophos sophos_anti-virus 3.4.6
rav_antivirus rav_antivirus_for_file_servers 1.0
broadcom brightstor_arcserve_backup 11.1
broadcom etrust_antivirus 7.0
kaspersky_lab kaspersky_anti-virus 3.0
sophos sophos_anti-virus 3.82
mcafee antivirus_engine 4.3.20
broadcom etrust_intrusion_detection 1.4.1.13
sophos sophos_puremessage_anti-virus 4.6
sophos sophos_anti-virus 3.80
eset_software nod32_antivirus 1.0.13
broadcom etrust_ez_armor 2.3
suse suse_linux 9.2
broadcom etrust_secure_content_manager 1.0
broadcom etrust_antivirus 7.1
CVE-2004-0947 HIGH

Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
arj_software_inc. unarj 2.63_a
arj_software_inc. unarj 2.64
arj_software_inc. unarj 2.62
suse suse_linux 9.0
gentoo linux *
suse suse_linux 9.1
suse suse_linux 9.2
arj_software_inc. unarj 2.65
CVE-2004-0969 LOW

The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu groff 1.19
ubuntu ubuntu_linux 4.1
gentoo linux *
CVE-2004-0972 LOW

The lvmcreate_initrd script in the lvm package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
lvm logical_volume_management_utilities 1.0.4
lvm logical_volume_management_utilities 1.0.8
gentoo linux *
lvm logical_volume_management_utilities 1.0.1
lvm logical_volume_management_utilities 1.0.7
CVE-2004-0975 LOW

The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openssl openssl 0.9.6b
mandrakesoft mandrake_multi_network_firewall 8.2
openssl openssl 0.9.6a
openssl openssl 0.9.6i
mandrakesoft mandrake_linux 10.0
openssl openssl 0.9.7c
openssl openssl 0.9.6
openssl openssl 0.9.6k
openssl openssl 0.9.6l
openssl openssl 0.9.6c
openssl openssl 0.9.7d
openssl openssl 0.9.6m
mandrakesoft mandrake_linux_corporate_server 2.1
openssl openssl 0.9.6d
openssl openssl 0.9.6g
openssl openssl 0.9.6f
openssl openssl 0.9.6e
openssl openssl 0.9.6j
openssl openssl 0.9.6h
gentoo linux *
mandrakesoft mandrake_linux 9.2
mandrakesoft mandrake_linux 10.1
CVE-2004-0980 HIGH

Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 through 3.0.11b8, when running in daemon mode with certain service types in use, allows remote servers to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
debian debian_linux 3.0
angus_mackay ez-ipupdate 3.0.11b8
gentoo linux *
angus_mackay ez-ipupdate 3.0.11b5
CVE-2004-0981 HIGH

Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
suse suse_linux 8.2
imagemagick imagemagick 6.0.7
imagemagick imagemagick 5.4.3
debian debian_linux 3.0
imagemagick imagemagick 6.0.4
suse suse_linux 8.1
gentoo linux *
suse suse_linux 9.1
imagemagick imagemagick 5.4.8.2.1.1.0
imagemagick imagemagick 5.4.4.5
imagemagick imagemagick 5.5.6.0_2003-04-09
imagemagick imagemagick 6.0
imagemagick imagemagick 5.4.8
imagemagick imagemagick 5.3.3
suse suse_linux 9.0
imagemagick imagemagick 6.0.5
imagemagick imagemagick 5.5.7
imagemagick imagemagick 6.0.3
suse suse_linux 8.0
imagemagick imagemagick 6.0.6
imagemagick imagemagick 6.0.1
imagemagick imagemagick 5.4.7
imagemagick imagemagick 5.5.3.2.1.2.0
suse suse_linux 9.2
imagemagick imagemagick 6.0.8
CVE-2004-0983 MEDIUM

The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_linux 10.0
yukihiro_matsumoto ruby 1.8.2_pre1
yukihiro_matsumoto ruby 1.8
mandrakesoft mandrake_linux_corporate_server 2.1
yukihiro_matsumoto ruby 1.8.2_pre2
yukihiro_matsumoto ruby 1.6
yukihiro_matsumoto ruby 1.8.1
ubuntu ubuntu_linux 4.1
yukihiro_matsumoto ruby 1.6.7
gentoo linux *
mandrakesoft mandrake_linux 9.2
mandrakesoft mandrake_linux 10.1
CVE-2004-0990 HIGH

Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openpkg openpkg 2.2
gd_graphics_library gdlib 2.0.15
suse suse_linux 8.2
gd_graphics_library gdlib 2.0.27
openpkg openpkg current
suse suse_linux 8.1
gd_graphics_library gdlib 2.0.21
trustix secure_linux 2.1
gentoo linux *
suse suse_linux 9.1
gd_graphics_library gdlib 2.0.23
gd_graphics_library gdlib 2.0.28
trustix secure_linux 1.5
gd_graphics_library gdlib 1.8.4
suse suse_linux 9.0
trustix secure_linux 2.0
trustix secure_linux 2.2
gd_graphics_library gdlib 2.0.1
gd_graphics_library gdlib 2.0.20
suse suse_linux 8.0
gd_graphics_library gdlib 2.0.22
openpkg openpkg 2.1
gd_graphics_library gdlib 2.0.26
suse suse_linux 9.2
CVE-2004-0996 LOW

main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
debian debian_linux 3.0
cscope cscope 15.5
cscope cscope 15.1
cscope cscope 13.0
sco unixware 7.1.3
sco unixware 7.1.4
cscope cscope 15.3
cscope cscope 15.4
gentoo linux *
sco unixware 7.1.1
CVE-2004-1004 HIGH

Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux_advanced_workstation 2.1
midnight_commander midnight_commander 4.5.49
turbolinux turbolinux_server 8.0
suse suse_linux 8.2
turbolinux turbolinux_workstation 7.0
midnight_commander midnight_commander 4.5.45
debian debian_linux 3.0
midnight_commander midnight_commander 4.5.47
redhat enterprise_linux 2.1
suse suse_linux 8.1
midnight_commander midnight_commander 4.5.43
midnight_commander midnight_commander 4.5.52
gentoo linux *
suse suse_linux 9.1
midnight_commander midnight_commander 4.5.40
midnight_commander midnight_commander 4.5.46
turbolinux turbolinux_server 7.0
midnight_commander midnight_commander 4.6
midnight_commander midnight_commander 4.5.48
midnight_commander midnight_commander 4.5.50
midnight_commander midnight_commander 4.5.51
midnight_commander midnight_commander 4.5.54
suse suse_linux 9.0
midnight_commander midnight_commander 4.5.44
suse suse_linux 8.0
midnight_commander midnight_commander 4.5.42
midnight_commander midnight_commander 4.5.41
midnight_commander midnight_commander 4.5.55
turbolinux turbolinux_workstation 8.0
suse suse_linux 9.2
CVE-2004-1005 HIGH

Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux_advanced_workstation 2.1
midnight_commander midnight_commander 4.5.49
turbolinux turbolinux_server 8.0
suse suse_linux 8.2
turbolinux turbolinux_workstation 7.0
midnight_commander midnight_commander 4.5.45
debian debian_linux 3.0
midnight_commander midnight_commander 4.5.47
redhat enterprise_linux 2.1
suse suse_linux 8.1
midnight_commander midnight_commander 4.5.43
midnight_commander midnight_commander 4.5.52
gentoo linux *
suse suse_linux 9.1
midnight_commander midnight_commander 4.5.40
midnight_commander midnight_commander 4.5.46
turbolinux turbolinux_server 7.0
midnight_commander midnight_commander 4.6
midnight_commander midnight_commander 4.5.48
midnight_commander midnight_commander 4.5.50
midnight_commander midnight_commander 4.5.51
midnight_commander midnight_commander 4.5.54
suse suse_linux 9.0
midnight_commander midnight_commander 4.5.44
suse suse_linux 8.0
midnight_commander midnight_commander 4.5.42
midnight_commander midnight_commander 4.5.41
midnight_commander midnight_commander 4.5.55
turbolinux turbolinux_workstation 8.0
suse suse_linux 9.2
CVE-2004-1009 MEDIUM

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux_advanced_workstation 2.1
midnight_commander midnight_commander 4.5.49
turbolinux turbolinux_server 8.0
suse suse_linux 8.2
turbolinux turbolinux_workstation 7.0
midnight_commander midnight_commander 4.5.45
debian debian_linux 3.0
midnight_commander midnight_commander 4.5.47
redhat enterprise_linux 2.1
suse suse_linux 8.1
midnight_commander midnight_commander 4.5.43
midnight_commander midnight_commander 4.5.52
gentoo linux *
suse suse_linux 9.1
midnight_commander midnight_commander 4.5.40
midnight_commander midnight_commander 4.5.46
turbolinux turbolinux_server 7.0
midnight_commander midnight_commander 4.6
midnight_commander midnight_commander 4.5.48
midnight_commander midnight_commander 4.5.50
midnight_commander midnight_commander 4.5.51
midnight_commander midnight_commander 4.5.54
suse suse_linux 9.0
midnight_commander midnight_commander 4.5.44
suse suse_linux 8.0
midnight_commander midnight_commander 4.5.42
midnight_commander midnight_commander 4.5.41
midnight_commander midnight_commander 4.5.55
turbolinux turbolinux_workstation 8.0
suse suse_linux 9.2
CVE-2004-1025 HIGH

Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
enlightenment imlib 1.9.13
redhat linux 9.0
enlightenment imlib 1.9.14
redhat linux 7.3
gentoo linux *
CVE-2004-1026 HIGH

Multiple integer overflows in the image handler for imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
enlightenment imlib 1.9.13
redhat linux 9.0
enlightenment imlib 1.9.14
redhat linux 7.3
gentoo linux *
CVE-2004-1027 MEDIUM

Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
debian debian_linux 3.0
arjsoftware unarj 2.63
arjsoftware unarj 2.65
gentoo linux *
arjsoftware unarj 2.62
arjsoftware unarj 2.64
CVE-2004-1029 HIGH

The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sun jdk 1.4.1_02
hp hp-ux 11.11
sun jre 1.4
symantec gateway_security_5400 2.0.1
sun jre 1.3.1
sun jdk 1.4
sun jdk 1.3.1_03
sun jdk 1.3.1_07
gentoo linux *
sun jre 1.3.1_06
hp hp-ux 11.00
sun jre 1.3.1_07
sun jdk 1.4.0_02
sun jdk 1.4.1_01
conectiva linux 10.0
sun jdk 1.3.1_05
sun jre 1.3.1_05
sun jre 1.3.1_09
sun jdk 1.4.2_03
sun jdk 1.4.2_04
sun jre 1.4.2
sun jre 1.4.0_04
sun jre 1.4.1_02
sun jdk 1.4.2_05
sun jre 1.4.0_01
symantec enterprise_firewall 8.0
sun jdk 1.4.1
sun jre 1.3.0
sun jdk 1.3.1_02
sun jdk 1.4.2_02
sun jdk 1.4.0_03
hp java_sdk-rte 1.3
sun jdk 1.4.1_03
sun jdk 1.3.1_04
sun jre 1.4.1_07
sun jre 1.4.1_01
sun jdk 1.3.1_01a
sun jdk 1.4.0_4
sun jdk 1.4.2_01
sun jdk 1.4.0_01
sun jre 1.4.0_03
sun jdk 1.4.2
hp java_sdk-rte 1.4
symantec gateway_security_5400 2.0
sun jre 1.3.1_02
sun jdk 1.3.1_06
sun jre 1.3.1_03
hp hp-ux 11.22
sun jre 1.4.0_02
hp hp-ux 11.23
sun jre 1.4.1
sun jdk 1.3.1_01
CVE-2004-1030 LOW

fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to gain sensitive information by calling fcronsighup with an arbitrary file, which reveals the contents of the file that can not be parsed in an error message.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
thibault_godouet fcron 2.9.4
thibault_godouet fcron 2.0.1
gentoo linux *
CVE-2004-1031 HIGH

fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, such as /proc/self/cmdline or /proc/self/environ.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
thibault_godouet fcron 2.9.4
thibault_godouet fcron 2.0.1
gentoo linux *
CVE-2004-1032 LOW

fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash (/) characters such that fcronsighup does not properly append the intended fcrontab.sig to the resulting string.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
thibault_godouet fcron 2.9.4
thibault_godouet fcron 2.0.1
gentoo linux *
CVE-2004-1033 LOW

Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
thibault_godouet fcron 2.9.4
thibault_godouet fcron 2.0.1
gentoo linux *
CVE-2004-1034 HIGH

Buffer overflow in the http_open function in Kaffeine before 0.5, whose code is also used in gxine before 0.3.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long Content-Type header for a Real Audio Media (.ram) playlist file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xine gxine 0.3
kaffeine kaffeine_player 0.4.3
gentoo linux *
kaffeine kaffeine_player 0.4.3b
kaffeine kaffeine_player 0.5_rc1
kaffeine kaffeine_player 0.4.2
CVE-2004-1036 MEDIUM

Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
squirrelmail squirrelmail 1.2
squirrelmail squirrelmail 1.4.3a
squirrelmail squirrelmail 1.5_dev
squirrelmail squirrelmail 1.4
squirrelmail squirrelmail 1.2.6
squirrelmail squirrelmail 1.2.11
squirrelmail squirrelmail 1.4.1
squirrelmail squirrelmail 1.0.5
squirrelmail squirrelmail 1.2.3
squirrelmail squirrelmail 1.2.7
squirrelmail squirrelmail 1.2.2
squirrelmail squirrelmail 1.4.3
squirrelmail squirrelmail 1.4.2
squirrelmail squirrelmail 1.0.4
squirrelmail squirrelmail 1.2.10
squirrelmail squirrelmail 1.2.9
squirrelmail squirrelmail 1.4.3_rc1
squirrelmail squirrelmail 1.2.1
squirrelmail squirrelmail 1.2.5
squirrelmail squirrelmail 1.2.8
gentoo linux *
squirrelmail squirrelmail 1.2.4
CVE-2004-1037 HIGH

The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
twiki twiki 2003-02-01
gentoo linux *
CVE-2004-1052 HIGH

Buffer overflow in the getnickuserhost function in BNC 2.8.9, and possibly other versions, allows remote IRC servers to execute arbitrary code via an IRC server response that contains many (1) ! (exclamation) or (2) @ (at sign) characters.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
debian debian_linux 3.0
bnc bnc 2.6.4
bnc bnc 2.6.2
bnc bnc 2.4.6
bnc bnc 2.6
bnc bnc 2.8.8
gentoo linux *
bnc bnc 2.2.4
bnc bnc 2.4.8
bnc bnc 2.8.9
CVE-2004-1055 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 2.5.5_pl1
phpmyadmin phpmyadmin 2.5.1
gentoo linux 1.4
phpmyadmin phpmyadmin 2.5.2
phpmyadmin phpmyadmin 2.5.7_pl1
phpmyadmin phpmyadmin 2.5.6_rc1
phpmyadmin phpmyadmin 2.5.7
phpmyadmin phpmyadmin 2.5.4
phpmyadmin phpmyadmin 2.5.5_rc2
phpmyadmin phpmyadmin 2.6.0_pl1
phpmyadmin phpmyadmin 2.5.0
phpmyadmin phpmyadmin 2.6.0_pl2
phpmyadmin phpmyadmin 2.5.5_rc1
phpmyadmin phpmyadmin 2.5.5
CVE-2004-1090 MEDIUM

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux_advanced_workstation 2.1
midnight_commander midnight_commander 4.5.49
turbolinux turbolinux_server 8.0
suse suse_linux 8.2
turbolinux turbolinux_workstation 7.0
midnight_commander midnight_commander 4.5.45
debian debian_linux 3.0
midnight_commander midnight_commander 4.5.47
redhat enterprise_linux 2.1
suse suse_linux 8.1
midnight_commander midnight_commander 4.5.43
midnight_commander midnight_commander 4.5.52
gentoo linux *
suse suse_linux 9.1
midnight_commander midnight_commander 4.5.40
midnight_commander midnight_commander 4.5.46
turbolinux turbolinux_server 7.0
midnight_commander midnight_commander 4.6
midnight_commander midnight_commander 4.5.48
midnight_commander midnight_commander 4.5.50
midnight_commander midnight_commander 4.5.51
midnight_commander midnight_commander 4.5.54
suse suse_linux 9.0
midnight_commander midnight_commander 4.5.44
suse suse_linux 8.0
midnight_commander midnight_commander 4.5.42
midnight_commander midnight_commander 4.5.41
midnight_commander midnight_commander 4.5.55
turbolinux turbolinux_workstation 8.0
suse suse_linux 9.2
CVE-2004-1091 MEDIUM

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux_advanced_workstation 2.1
midnight_commander midnight_commander 4.5.49
turbolinux turbolinux_server 8.0
suse suse_linux 8.2
turbolinux turbolinux_workstation 7.0
midnight_commander midnight_commander 4.5.45
debian debian_linux 3.0
midnight_commander midnight_commander 4.5.47
redhat enterprise_linux 2.1
suse suse_linux 8.1
midnight_commander midnight_commander 4.5.43
midnight_commander midnight_commander 4.5.52
gentoo linux *
suse suse_linux 9.1
midnight_commander midnight_commander 4.5.40
midnight_commander midnight_commander 4.5.46
turbolinux turbolinux_server 7.0
midnight_commander midnight_commander 4.6
midnight_commander midnight_commander 4.5.48
midnight_commander midnight_commander 4.5.50
midnight_commander midnight_commander 4.5.51
midnight_commander midnight_commander 4.5.54
suse suse_linux 9.0
midnight_commander midnight_commander 4.5.44
suse suse_linux 8.0
midnight_commander midnight_commander 4.5.42
midnight_commander midnight_commander 4.5.41
midnight_commander midnight_commander 4.5.55
turbolinux turbolinux_workstation 8.0
suse suse_linux 9.2
CVE-2004-1092 MEDIUM

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux_advanced_workstation 2.1
midnight_commander midnight_commander 4.5.49
turbolinux turbolinux_server 8.0
suse suse_linux 8.2
turbolinux turbolinux_workstation 7.0
midnight_commander midnight_commander 4.5.45
debian debian_linux 3.0
midnight_commander midnight_commander 4.5.47
redhat enterprise_linux 2.1
suse suse_linux 8.1
midnight_commander midnight_commander 4.5.43
midnight_commander midnight_commander 4.5.52
gentoo linux *
suse suse_linux 9.1
midnight_commander midnight_commander 4.5.40
midnight_commander midnight_commander 4.5.46
turbolinux turbolinux_server 7.0
midnight_commander midnight_commander 4.6
midnight_commander midnight_commander 4.5.48
midnight_commander midnight_commander 4.5.50
midnight_commander midnight_commander 4.5.51
midnight_commander midnight_commander 4.5.54
suse suse_linux 9.0
midnight_commander midnight_commander 4.5.44
suse suse_linux 8.0
midnight_commander midnight_commander 4.5.42
midnight_commander midnight_commander 4.5.41
midnight_commander midnight_commander 4.5.55
turbolinux turbolinux_workstation 8.0
suse suse_linux 9.2
CVE-2004-1093 MEDIUM

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux_advanced_workstation 2.1
midnight_commander midnight_commander 4.5.49
turbolinux turbolinux_server 8.0
suse suse_linux 8.2
turbolinux turbolinux_workstation 7.0
midnight_commander midnight_commander 4.5.45
debian debian_linux 3.0
midnight_commander midnight_commander 4.5.47
redhat enterprise_linux 2.1
suse suse_linux 8.1
midnight_commander midnight_commander 4.5.43
midnight_commander midnight_commander 4.5.52
gentoo linux *
suse suse_linux 9.1
midnight_commander midnight_commander 4.5.40
midnight_commander midnight_commander 4.5.46
turbolinux turbolinux_server 7.0
midnight_commander midnight_commander 4.6
midnight_commander midnight_commander 4.5.48
midnight_commander midnight_commander 4.5.50
midnight_commander midnight_commander 4.5.51
midnight_commander midnight_commander 4.5.54
suse suse_linux 9.0
midnight_commander midnight_commander 4.5.44
suse suse_linux 8.0
midnight_commander midnight_commander 4.5.42
midnight_commander midnight_commander 4.5.41
midnight_commander midnight_commander 4.5.55
turbolinux turbolinux_workstation 8.0
suse suse_linux 9.2
CVE-2004-1096 HIGH

Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom etrust_ez_armor 2.0
sophos sophos_anti-virus 3.78d
sophos sophos_anti-virus 3.86
eset_software nod32_antivirus 1.0.11
broadcom etrust_ez_antivirus 6.2
sophos sophos_anti-virus 3.83
broadcom etrust_intrusion_detection 1.5
broadcom etrust_antivirus_gateway 7.1
broadcom etrust_ez_antivirus 6.3
broadcom etrust_intrusion_detection 1.4.5
broadcom etrust_ez_armor 2.4
broadcom inoculateit 6.0
broadcom etrust_secure_content_manager 1.1
kaspersky_lab kaspersky_anti-virus 5.0
sophos sophos_anti-virus 3.85
gentoo linux *
eset_software nod32_antivirus 1.0.12
mandrakesoft mandrake_linux 10.1
ca etrust_antivirus 7.0_sp2
rav_antivirus rav_antivirus_desktop 8.6
sophos sophos_anti-virus 3.84
broadcom etrust_antivirus_gateway 7.0
rav_antivirus rav_antivirus_for_mail_servers 8.4.2
sophos sophos_small_business_suite 1.0
gentoo linux 1.4
sophos sophos_anti-virus 3.79
sophos sophos_anti-virus 3.78
sophos sophos_anti-virus 3.81
broadcom etrust_ez_antivirus 6.1
kaspersky_lab kaspersky_anti-virus 4.0
ca etrust_secure_content_manager 1.0
sophos sophos_anti-virus 3.4.6
rav_antivirus rav_antivirus_for_file_servers 1.0
broadcom brightstor_arcserve_backup 11.1
broadcom etrust_antivirus 7.0
kaspersky_lab kaspersky_anti-virus 3.0
sophos sophos_anti-virus 3.82
mcafee antivirus_engine 4.3.20
broadcom etrust_intrusion_detection 1.4.1.13
sophos sophos_puremessage_anti-virus 4.6
sophos sophos_anti-virus 3.80
eset_software nod32_antivirus 1.0.13
broadcom etrust_ez_armor 2.3
suse suse_linux 9.2
broadcom etrust_secure_content_manager 1.0
broadcom etrust_antivirus 7.1
CVE-2004-1106 MEDIUM

Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gallery_project gallery 1.4.1
gallery_project gallery 1.4.3_pl1
gallery_project gallery 1.4_pl1
gallery_project gallery 1.4.2
gallery_project gallery 1.4
gallery_project gallery 1.4_pl2
gallery_project gallery 1.4.3_pl2
gentoo linux *
CVE-2004-1107 LOW

dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gentoo linux *
CVE-2004-1108 LOW

qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary directory.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gentoo linux *
CVE-2004-1110 LOW

The mtink status monitor before 1.0.5 for Epson printers allows local users to overwrite arbitrary files via a symlink attack on the epson temporary file.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
jean-jacques_sarton mtink 0.9.32
jean-jacques_sarton mtink 0.9.53
jean-jacques_sarton mtink 0.9.52
gentoo linux *
jean-jacques_sarton mtink 1.0.4
jean-jacques_sarton mtink 0.9.33
CVE-2004-1115 HIGH

The init scripts in Search for Extraterrestrial Intelligence (SETI) project 3.08-r3 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gentoo linux *
CVE-2004-1116 HIGH

The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gentoo linux *
CVE-2004-1117 HIGH

The init scripts in ChessBrain 20407 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gentoo linux *
CVE-2004-1161 HIGH

rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
rssh rssh 2.2.2
rssh rssh 2.0
rssh rssh 2.2.1
rssh rssh 2.1
rssh rssh 2.2
gentoo linux *
CVE-2004-1162 HIGH

The unison command in scponly before 4.0 does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via the (1) -rshcmd or (2) -sshcmd flags.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
scponly scponly 2.4
scponly scponly 3.11
scponly scponly 2.1
scponly scponly 3.9
scponly scponly 3.5
scponly scponly 2.0
scponly scponly 3.0
scponly scponly 2.3
gentoo linux *
scponly scponly 3.8
CVE-2004-1167 MEDIUM

mirrorselect before 0.89 creates temporary files in a world-writable location with predictable file names, which allows remote attackers to overwrite arbitrary files via a symlink attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gentoo mirrorselect 0.88
gentoo mirrorselect 0.81
gentoo mirrorselect 0.83
gentoo mirrorselect 0.87
gentoo mirrorselect 0.84
gentoo mirrorselect 0.86
gentoo mirrorselect 0.85
gentoo mirrorselect 0.82
gentoo mirrorselect 0.80
CVE-2004-1174 MEDIUM

direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux_advanced_workstation 2.1
midnight_commander midnight_commander 4.5.49
turbolinux turbolinux_server 8.0
suse suse_linux 8.2
turbolinux turbolinux_workstation 7.0
midnight_commander midnight_commander 4.5.45
debian debian_linux 3.0
midnight_commander midnight_commander 4.5.47
redhat enterprise_linux 2.1
suse suse_linux 8.1
midnight_commander midnight_commander 4.5.43
midnight_commander midnight_commander 4.5.52
gentoo linux *
suse suse_linux 9.1
midnight_commander midnight_commander 4.5.40
midnight_commander midnight_commander 4.5.46
turbolinux turbolinux_server 7.0
midnight_commander midnight_commander 4.6
midnight_commander midnight_commander 4.5.48
midnight_commander midnight_commander 4.5.50
midnight_commander midnight_commander 4.5.51
midnight_commander midnight_commander 4.5.54
suse suse_linux 9.0
midnight_commander midnight_commander 4.5.44
suse suse_linux 8.0
midnight_commander midnight_commander 4.5.42
midnight_commander midnight_commander 4.5.41
midnight_commander midnight_commander 4.5.55
turbolinux turbolinux_workstation 8.0
suse suse_linux 9.2
CVE-2004-1175 HIGH

fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux_advanced_workstation 2.1
midnight_commander midnight_commander 4.5.49
turbolinux turbolinux_server 8.0
suse suse_linux 8.2
turbolinux turbolinux_workstation 7.0
midnight_commander midnight_commander 4.5.45
debian debian_linux 3.0
midnight_commander midnight_commander 4.5.47
redhat enterprise_linux 2.1
suse suse_linux 8.1
midnight_commander midnight_commander 4.5.43
midnight_commander midnight_commander 4.5.52
gentoo linux *
suse suse_linux 9.1
midnight_commander midnight_commander 4.5.40
midnight_commander midnight_commander 4.5.46
turbolinux turbolinux_server 7.0
midnight_commander midnight_commander 4.6
midnight_commander midnight_commander 4.5.48
midnight_commander midnight_commander 4.5.50
midnight_commander midnight_commander 4.5.51
midnight_commander midnight_commander 4.5.54
suse suse_linux 9.0
midnight_commander midnight_commander 4.5.44
suse suse_linux 8.0
midnight_commander midnight_commander 4.5.42
midnight_commander midnight_commander 4.5.41
midnight_commander midnight_commander 4.5.55
turbolinux turbolinux_workstation 8.0
suse suse_linux 9.2
CVE-2004-1176 HIGH

Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux_advanced_workstation 2.1
midnight_commander midnight_commander 4.5.49
turbolinux turbolinux_server 8.0
suse suse_linux 8.2
turbolinux turbolinux_workstation 7.0
midnight_commander midnight_commander 4.5.45
debian debian_linux 3.0
midnight_commander midnight_commander 4.5.47
redhat enterprise_linux 2.1
suse suse_linux 8.1
midnight_commander midnight_commander 4.5.43
midnight_commander midnight_commander 4.5.52
gentoo linux *
suse suse_linux 9.1
midnight_commander midnight_commander 4.5.40
midnight_commander midnight_commander 4.5.46
turbolinux turbolinux_server 7.0
midnight_commander midnight_commander 4.6
midnight_commander midnight_commander 4.5.48
midnight_commander midnight_commander 4.5.50
midnight_commander midnight_commander 4.5.51
midnight_commander midnight_commander 4.5.54
suse suse_linux 9.0
midnight_commander midnight_commander 4.5.44
suse suse_linux 8.0
midnight_commander midnight_commander 4.5.42
midnight_commander midnight_commander 4.5.41
midnight_commander midnight_commander 4.5.55
turbolinux turbolinux_workstation 8.0
suse suse_linux 9.2
CVE-2004-1304 HIGH

Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
file file 4.10
file file 4.0
file file 4.11
file file 4.1
trustix secure_linux 2.0
trustix secure_linux 2.2
file file 4.7
file file 4.6
file file 4.3
file file 4.9
trustix secure_linux 2.1
file file 4.4
file file 4.2
gentoo linux *
file file 4.5
file file 4.8
CVE-2004-1307 HIGH

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya call_management_system_server 8.0
libtiff libtiff 3.7.0
apple mac_os_x_server 10.3.1
libtiff libtiff 3.5.1
apple mac_os_x 10.3
apple mac_os_x 10.3.3
f5 icontrol_service_manager 1.3.5
apple mac_os_x 10.3.5
avaya call_management_system_server 13.0
libtiff libtiff 3.5.5
apple mac_os_x 10.3.9
libtiff libtiff 3.6.0
apple mac_os_x 10.3.7
apple mac_os_x_server 10.3.7
libtiff libtiff 3.5.4
gentoo linux *
f5 icontrol_service_manager 1.3.4
mandrakesoft mandrake_linux 10.0
sco unixware 7.1.4
conectiva linux 10.0
apple mac_os_x 10.3.8
avaya call_management_system_server 11.0
libtiff libtiff 3.6.1
avaya interactive_response 1.2.1
sun sunos 5.8
avaya integrated_management *
apple mac_os_x_server 10.3.6
sun sunos 5.7
avaya interactive_response *
mandrakesoft mandrake_linux_corporate_server 3.0
avaya cvlan *
sgi propack 3.0
conectiva linux 9.0
avaya mn100 *
avaya intuity_audix_lx *
apple mac_os_x_server 10.3.4
avaya modular_messaging_message_storage_server 1.1
avaya interactive_response 1.3
apple mac_os_x_server 10.3.9
libtiff libtiff 3.5.7
apple mac_os_x 10.3.1
avaya modular_messaging_message_storage_server 2.0
f5 icontrol_service_manager 1.3
mandrakesoft mandrake_linux 10.1
sun solaris 9.0
libtiff libtiff 3.4
avaya call_management_system_server 12.0
apple mac_os_x 10.3.6
libtiff libtiff 3.5.3
apple mac_os_x 10.3.4
sun solaris 7.0
libtiff libtiff 3.5.2
apple mac_os_x_server 10.3.2
apple mac_os_x_server 10.3
apple mac_os_x_server 10.3.5
sun solaris 10.0
sun solaris 8.0
apple mac_os_x_server 10.3.3
avaya call_management_system_server 9.0
apple mac_os_x_server 10.3.8
f5 icontrol_service_manager 1.3.6
apple mac_os_x 10.3.2
CVE-2004-1336 LOW

The xdvizilla script in tetex-bin 2.0.2 creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
debian tetex-bin 2.0.2
gentoo linux *
CVE-2004-1452 HIGH

Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gentoo linux 0.5
gentoo linux 0.7
gentoo linux 1.4
gentoo linux 1.2
gentoo linux 1.1a
CVE-2004-1471 HIGH

Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.2
freebsd freebsd 2.2.4
freebsd freebsd 2.2
freebsd freebsd 4.4
cvs cvs 1.11.1_p1
freebsd freebsd 2.2.5
freebsd freebsd 3.2
freebsd freebsd 4.7
cvs cvs 1.12.2
freebsd freebsd 3.3
cvs cvs 1.12.5
freebsd freebsd 5.0
cvs cvs 1.11.6
freebsd freebsd 2.1.0
freebsd freebsd 4.1
cvs cvs 1.11.16
gentoo linux 1.4
freebsd freebsd 3.5
freebsd freebsd 4.6
freebsd freebsd 5.1
cvs cvs 1.11.4
freebsd freebsd 4.8
cvs cvs 1.10.7
freebsd freebsd 2.0.5
freebsd freebsd 2.2.2
freebsd freebsd 2.2.3
cvs cvs 1.11.14
freebsd freebsd 1.1.5.1
openbsd openbsd 3.5
openpkg openpkg 1.3
freebsd freebsd 2.0
freebsd freebsd 2.1.6.1
freebsd freebsd 2.2.6
freebsd freebsd 4.5
cvs cvs 1.12.8
freebsd freebsd 3.5.1
freebsd freebsd 4.3
cvs cvs 1.11.3
freebsd freebsd 3.4
cvs cvs 1.12.1
openpkg openpkg current
freebsd freebsd 2.1.5
freebsd freebsd 5.2
sgi propack 3.0
cvs cvs 1.10.8
freebsd freebsd 4.6.2
cvs cvs 1.11.1
freebsd freebsd 5.2.1
freebsd freebsd 3.1
cvs cvs 1.11.15
cvs cvs 1.12.7
cvs cvs 1.11
cvs cvs 1.11.2
freebsd freebsd 2.1.6
openbsd openbsd current
freebsd freebsd 2.1.7.1
freebsd freebsd 4.9
freebsd freebsd 4.10
freebsd freebsd 2.2.8
freebsd freebsd 4.0
freebsd freebsd 4.1.1
sgi propack 2.4
cvs cvs 1.11.11
freebsd freebsd 3.0
cvs cvs 1.11.10
openpkg openpkg 2.0
cvs cvs 1.11.5
openbsd openbsd 3.4
CVE-2004-1491 MEDIUM

Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
suse suse_linux 4.2
suse suse_linux 7.1
suse suse_linux 7.2
suse suse_linux 8.2
kde kde 3.2.3
suse suse_linux 4.4.1
suse suse_linux 4.0
suse suse_linux 5.1
suse suse_linux 4.3
suse suse_linux 7.3
suse suse_linux 7.0
suse suse_linux 6.0
suse suse_linux 8.1
suse suse_linux 2.0
opera opera_browser *
gentoo linux *
suse suse_linux 9.1
suse suse_linux 4.4
suse suse_linux 3.0
suse suse_linux 5.0
suse suse_linux 5.3
suse suse_linux 9.0
suse suse_linux 1.0
suse suse_linux 6.3
suse suse_linux 5.2
suse suse_linux 6.4
suse suse_linux 8.0
suse suse_linux 6.2
suse suse_linux 6.1
suse suse_linux 9.2
CVE-2004-1737 HIGH

SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
the_cacti_group cacti 0.8.3a
the_cacti_group cacti 0.6.3
the_cacti_group cacti 0.8.1
gentoo linux 1.4
the_cacti_group cacti 0.8
the_cacti_group cacti 0.8.3
the_cacti_group cacti 0.8.5
the_cacti_group cacti 0.6.2
the_cacti_group cacti 0.6.8
the_cacti_group cacti 0.6.4
the_cacti_group cacti 0.6.5
the_cacti_group cacti 0.6.7
the_cacti_group cacti 0.8.5a
the_cacti_group cacti 0.6.8a
the_cacti_group cacti 0.6.6
the_cacti_group cacti 0.8.2a
the_cacti_group cacti 0.8.4
the_cacti_group cacti 0.6.1
the_cacti_group cacti 0.6
the_cacti_group cacti 0.8.2
CVE-2004-1901 MEDIUM

Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,CWE-59,

Products Affected

Vendor Product Version
gentoo portage *
gentoo portage 2.0.50
gentoo linux 1.4
CVE-2004-1983 LOW

The arch_get_unmapped_area function in mmap.c in the PaX patches for Linux kernel 2.6, when Address Space Layout Randomization (ASLR) is enabled, allows local users to cause a denial of service (infinite loop) via unknown attack vectors.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
the_pax_team pax_linux 2.6.5
gentoo linux 1.4
CVE-2004-2778 LOW

Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or executing the affected commands.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
gentoo portage *
CVE-2005-0002 HIGH

poppassd_pam 1.0 and earlier, when changing a user password, does not verify that the user entered the old password correctly, which allows remote attackers to change passwords for arbitrary users.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gentoo poppassd_pam *
CVE-2005-0005 HIGH

Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
imagemagick imagemagick 6.2.0.7
imagemagick imagemagick 6.1.3
suse suse_linux 8.2
imagemagick imagemagick 6.0.7
imagemagick imagemagick 6.2.0.4
imagemagick imagemagick 6.1.1.6
sgi propack 3.0
imagemagick imagemagick 5.4.3
imagemagick imagemagick 6.0.2
imagemagick imagemagick 6.1
debian debian_linux 3.0
graphicsmagick graphicsmagick 1.1.4
gentoo linux 0.7
imagemagick imagemagick 6.0.4
imagemagick imagemagick 6.1.6
suse suse_linux 8.1
imagemagick imagemagick 6.1.2
graphicsmagick graphicsmagick 1.1.3
suse suse_linux 9.1
gentoo linux 1.1a
gentoo linux 1.4
imagemagick imagemagick 6.1.5
graphicsmagick graphicsmagick 1.0.6
imagemagick imagemagick 6.0
imagemagick imagemagick 6.0.2.5
imagemagick imagemagick 5.3.3
suse suse_linux 9.0
imagemagick imagemagick 6.0.5
imagemagick imagemagick 6.1.7
gentoo linux 0.5
imagemagick imagemagick 6.0.3
suse suse_linux 8.0
imagemagick imagemagick 6.0.6
imagemagick imagemagick 6.0.1
imagemagick imagemagick 6.1.4
gentoo linux 1.2
graphicsmagick graphicsmagick 1.1
imagemagick imagemagick 5.4.7
graphicsmagick graphicsmagick 1.0
suse suse_linux 9.2
imagemagick imagemagick 6.0.8
imagemagick imagemagick 6.2
CVE-2005-0077 LOW

The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
debian debian_linux 3.0
redhat enterprise_linux_desktop 4.0
ubuntu ubuntu_linux 4.10
gentoo linux *
redhat enterprise_linux 4.0
CVE-2005-0206 HIGH

The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
easy_software_products cups 1.1.12
easy_software_products cups 1.1.10
suse suse_linux 7.1
kde kde 3.2.3
kde kpdf 3.2
suse suse_linux 4.0
easy_software_products cups 1.1.6
easy_software_products cups 1.1.20
xpdf xpdf 0.93
suse suse_linux 4.3
easy_software_products cups 1.1.1
pdftohtml pdftohtml 0.33a
gnome gpdf 0.131
suse suse_linux 6.0
kde kde 3.2
redhat enterprise_linux 3.0
pdftohtml pdftohtml 0.32a
pdftohtml pdftohtml 0.33
gnome gpdf 0.110
suse suse_linux 3.0
suse suse_linux 5.3
redhat enterprise_linux_desktop 3.0
pdftohtml pdftohtml 0.34
easy_software_products cups 1.1.15
suse suse_linux 1.0
easy_software_products cups 1.0.4_8
suse suse_linux 8.0
suse suse_linux 6.1
suse suse_linux 9.2
easy_software_products cups 1.1.4_2
mandrakesoft mandrake_linux_corporate_server 3.0
sgi propack 3.0
suse suse_linux 7.3
redhat fedora_core core_1.0
suse suse_linux 7.0
debian debian_linux 3.0
redhat enterprise_linux 2.1
kde koffice 1.3_beta2
easy_software_products cups 1.1.7
easy_software_products cups 1.1.14
pdftohtml pdftohtml 0.32b
kde koffice 1.3_beta1
kde koffice 1.3
ascii ptex 3.1.4
xpdf xpdf 0.90
suse suse_linux 6.3
redhat fedora_core core_3.0
easy_software_products cups 1.1.16
kde koffice 1.3.3
easy_software_products cups 1.1.19_rc5
easy_software_products cups 1.1.4
xpdf xpdf 1.1
easy_software_products cups 1.1.17
redhat linux_advanced_workstation 2.1
kde kde 3.3.1
suse suse_linux 7.2
xpdf xpdf 0.91
easy_software_products cups 1.1.4_5
suse suse_linux 5.1
gnome gpdf 0.112
xpdf xpdf 0.92
kde koffice 1.3.1
tetex tetex 2.0.1
gentoo linux *
sgi advanced_linux_environment 3.0
suse suse_linux 4.4
xpdf xpdf 2.1
tetex tetex 2.0
tetex tetex 1.0.6
xpdf xpdf 2.3
cstex cstetex 2.0.2
suse suse_linux 9.0
suse suse_linux 5.2
suse suse_linux 6.4
easy_software_products cups 1.0.4
easy_software_products cups 1.1.19
easy_software_products cups 1.1.18
suse suse_linux 6.2
kde kde 3.2.2
pdftohtml pdftohtml 0.35
kde kde 3.2.1
tetex tetex 2.0.2
suse suse_linux 4.2
suse suse_linux 8.2
suse suse_linux 4.4.1
xpdf xpdf 2.0
kde koffice 1.3.2
ubuntu ubuntu_linux 4.1
suse suse_linux 8.1
suse suse_linux 2.0
tetex tetex 1.0.7
redhat fedora_core core_2.0
suse suse_linux 9.1
xpdf xpdf 3.0
easy_software_products cups 1.1.4_3
kde kde 3.3
kde koffice 1.3_beta3
suse suse_linux 5.0
xpdf xpdf 1.0
pdftohtml pdftohtml 0.36
xpdf xpdf 1.0a
easy_software_products cups 1.1.13
redhat linux 9.0
CVE-2005-0427 MEDIUM

The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the encrypted root password in the miniserv.users file when building a tbz2 of the webmin package, which allows remote attackers to obtain and possibly crack the encrypted password.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gentoo webmin 1.160
gentoo webmin 1.140
gentoo webmin 1.170
gentoo webmin 1.150
CVE-2005-0470 MEDIUM

Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
wpa_supplicant wpa_supplicant 0.2
wpa_supplicant wpa_supplicant 0.2.1
wpa_supplicant wpa_supplicant 0.2.4
wpa_supplicant wpa_supplicant 0.2.5
wpa_supplicant wpa_supplicant 0.2.6
wpa_supplicant wpa_supplicant 0.2.3
gentoo linux *
suse suse_linux 9.2
wpa_supplicant wpa_supplicant 0.2.2
CVE-2005-0535 HIGH

Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mediawiki mediawiki 1.3
mediawiki mediawiki 1.3.7
mediawiki mediawiki 1.3.2
mediawiki mediawiki 1.3.4
mediawiki mediawiki 1.3.1
mediawiki mediawiki 1.3.10
mediawiki mediawiki 1.3.3
mediawiki mediawiki 1.3.5
mediawiki mediawiki 1.3.6
gentoo linux *
mediawiki mediawiki 1.3.8
mediawiki mediawiki 1.3.9
CVE-2005-0667 MEDIUM

Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sylpheed sylpheed 0.9.9
sylpheed sylpheed 1.0.1
redhat linux_advanced_workstation 2.1
sylpheed sylpheed 0.9.6
sylpheed sylpheed 1.0.0
sylpheed sylpheed 1.0.2
sylpheed sylpheed 0.9.8
sylpheed sylpheed 0.9.10
sylpheed sylpheed 0.9.11
redhat fedora_core core_3.0
altlinux alt_linux 2.3
sylpheed sylpheed 0.9.5
sylpheed sylpheed 0.9.4
sylpheed sylpheed 0.9.7
redhat enterprise_linux 2.1
sylpheed-claws sylpheed-claws 1.0.2
sylpheed sylpheed 0.8.11
sylpheed sylpheed 0.9.12
sylpheed sylpheed 0.9.99
gentoo linux *
CVE-2005-0754 HIGH

Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kde kde 3.3
kde kde 3.3.1
kde kde 3.2.3
conectiva linux 10.0
conectiva linux 9.0
redhat fedora_core core_3.0
kde kde 3.3.2
ubuntu ubuntu_linux 4.1
kde kde 3.2.2
kde kde 3.2
kde quanta 3.1
kde kde 3.2.1
gentoo linux *
kde kde 3.4
ubuntu ubuntu_linux 5.04
CVE-2005-0988 LOW

Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.2
redhat linux_advanced_workstation 2.1
turbolinux turbolinux_server 8.0
turbolinux turbolinux_home *
freebsd freebsd 4.4
freebsd freebsd 5.3
turbolinux turbolinux_workstation 7.0
gnu gzip 1.2.4a
freebsd freebsd 5.2
freebsd freebsd 4.7
freebsd freebsd 4.6.2
redhat enterprise_linux 2.1
freebsd freebsd 5.4
gnu gzip 1.2.4
ubuntu ubuntu_linux 4.1
freebsd freebsd 5.0
freebsd freebsd 5.2.1
turbolinux turbolinux_desktop 10.0
trustix secure_linux 2.1
redhat enterprise_linux 3.0
gentoo linux *
turbolinux turbolinux_server 7.0
freebsd freebsd 4.1
gnu gzip 1.3.3
redhat enterprise_linux_desktop 4.0
freebsd freebsd 4.6
freebsd freebsd 5.1
redhat enterprise_linux_desktop 3.0
freebsd freebsd 4.8
freebsd freebsd 4.9
freebsd freebsd 4.10
trustix secure_linux 2.0
freebsd freebsd 4.11
redhat enterprise_linux 4.0
freebsd freebsd 4.0
trustix secure_linux 2.2
freebsd freebsd 4.1.1
turbolinux turbolinux_appliance_server 1.0_hosting
turbolinux turbolinux_server 10.0
freebsd freebsd 4.5
freebsd freebsd 4.3
turbolinux turbolinux_workstation 8.0
ubuntu ubuntu_linux 5.04
turbolinux turbolinux_appliance_server 1.0_workgroup
CVE-2005-1121 MEDIUM

Format string vulnerability in the my_xlog function in lib.c for Oops! Proxy Server 1.5.23 and earlier, as called by the auth functions in the passwd_mysql and passwd_pgsql modules, may allow attackers to execute arbitrary code via a URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
igor_khasilev oops_proxy_server 1.4.22
gentoo linux *
igor_khasilev oops_proxy_server 1.5.19
igor_khasilev oops_proxy_server 1.5.53
CVE-2005-1267 MEDIUM

The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
lbl tcpdump 3.8.2
lbl tcpdump 3.4
lbl tcpdump 3.7.2
lbl tcpdump 3.7.1
mandrakesoft mandrake_linux 10.2
lbl tcpdump 3.8.1
trustix secure_linux 2.0
lbl tcpdump 3.8.3
redhat fedora_core core_3.0
lbl tcpdump 3.5_alpha
trustix secure_linux 2.2
lbl tcpdump 3.9.1
lbl tcpdump 3.6.3
lbl tcpdump 3.9
lbl tcpdump 3.7
lbl tcpdump 3.5
lbl tcpdump 3.5.2
trustix secure_linux 2.1
redhat fedora_core core_4.0
lbl tcpdump 3.4a6
gentoo linux *
lbl tcpdump 3.6.2
mandrakesoft mandrake_linux 10.1
CVE-2005-1270 LOW

The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter before 1.2.3-r1 create temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gentoo rootkit_hunter 1.2
gentoo rootkit_hunter 1.2.2
gentoo rootkit_hunter 1.2.3
gentoo rootkit_hunter 1.2.1
CVE-2005-1707 MEDIUM

The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 allows local users to overwrite arbitrary files via a symlink attack on the postinst.txt temporary file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gentoo linux_webapp-config 1.10
CVE-2005-2557 MEDIUM

Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mantis mantis 0.19.1
mantis mantis 0.19.0a2
mantis mantis 1.0.0a3
debian debian_linux 3.1
mantis mantis 1.0.0a1
mantis mantis 0.19.0_rc1
mantis mantis 1.0.0a2
gentoo linux *
mantis mantis 0.19.2
mantis mantis 0.19.0a1
mantis mantis 0.19.0
CVE-2005-3624 MEDIUM

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
redhat linux_advanced_workstation 2.1
mandrakesoft mandrake_linux 2006
ubuntu ubuntu_linux 5.10
easy_software_products cups 1.1.23
kde kpdf 3.2
suse suse_linux 9.3
turbolinux turbolinux_personal *
easy_software_products cups 1.1.22_rc1
kde koffice 1.4
turbolinux turbolinux_multimedia *
kde kdegraphics 3.4.3
tetex tetex 2.0.1
kde kdegraphics 3.2
redhat enterprise_linux 3.0
slackware slackware_linux 9.1
tetex tetex 3.0
gentoo linux *
turbolinux turbolinux_appliance_server 1.0_hosting_edition
tetex tetex 2.0
libextractor libextractor *
mandrakesoft mandrake_linux 10.2
debian debian_linux 3.1
redhat enterprise_linux_desktop 3.0
slackware slackware_linux 9.0
conectiva linux 10.0
suse suse_linux 9.0
kde kpdf 3.4.3
suse suse_linux 1.0
trustix secure_linux 2.0
redhat enterprise_linux 4.0
trustix secure_linux 2.2
turbolinux turbolinux_workstation 8.0
redhat fedora_core core_4.0
redhat linux 7.3
easy_software_products cups 1.1.22
suse suse_linux 9.2
tetex tetex 2.0.2
easy_software_products cups 1.1.23_rc1
turbolinux turbolinux_server 8.0
turbolinux turbolinux_home *
kde kword 1.4.2
mandrakesoft mandrake_linux_corporate_server 3.0
sgi propack 3.0
redhat fedora_core core_1.0
sco openserver 5.0.7
slackware slackware_linux 10.0
slackware slackware_linux 10.1
debian debian_linux 3.0
redhat enterprise_linux 2.1
turbolinux turbolinux_appliance_server 1.0_workgroup_edition
kde koffice 1.4.1
ubuntu ubuntu_linux 4.1
sco openserver 6.0
turbolinux turbolinux_desktop 10.0
turbolinux turbolinux fuji
tetex tetex 1.0.7
redhat fedora_core core_2.0
kde koffice 1.4.2
turbolinux turbolinux 10
suse suse_linux 9.1
mandrakesoft mandrake_linux 10.1
xpdf xpdf 3.0
trustix secure_linux 3.0
redhat enterprise_linux_desktop 4.0
poppler poppler 0.4.2
slackware slackware_linux 10.2
redhat fedora_core core_3.0
mandrakesoft mandrake_linux_corporate_server 2.1
redhat linux 9.0
turbolinux turbolinux_server 10.0
turbolinux turbolinux_server 10.0_x86
suse suse_linux 10.0
ubuntu ubuntu_linux 5.04
CVE-2005-3625 HIGH

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
redhat linux_advanced_workstation 2.1
mandrakesoft mandrake_linux 2006
ubuntu ubuntu_linux 5.10
easy_software_products cups 1.1.23
kde kpdf 3.2
suse suse_linux 9.3
turbolinux turbolinux_personal *
easy_software_products cups 1.1.22_rc1
kde koffice 1.4
turbolinux turbolinux_multimedia *
kde kdegraphics 3.4.3
tetex tetex 2.0.1
kde kdegraphics 3.2
redhat enterprise_linux 3.0
slackware slackware_linux 9.1
tetex tetex 3.0
gentoo linux *
turbolinux turbolinux_appliance_server 1.0_hosting_edition
tetex tetex 2.0
libextractor libextractor *
mandrakesoft mandrake_linux 10.2
debian debian_linux 3.1
redhat enterprise_linux_desktop 3.0
slackware slackware_linux 9.0
conectiva linux 10.0
suse suse_linux 9.0
kde kpdf 3.4.3
suse suse_linux 1.0
trustix secure_linux 2.0
redhat enterprise_linux 4.0
trustix secure_linux 2.2
turbolinux turbolinux_workstation 8.0
redhat fedora_core core_4.0
redhat linux 7.3
easy_software_products cups 1.1.22
suse suse_linux 9.2
tetex tetex 2.0.2
easy_software_products cups 1.1.23_rc1
turbolinux turbolinux_server 8.0
turbolinux turbolinux_home *
kde kword 1.4.2
mandrakesoft mandrake_linux_corporate_server 3.0
sgi propack 3.0
redhat fedora_core core_1.0
sco openserver 5.0.7
slackware slackware_linux 10.0
slackware slackware_linux 10.1
debian debian_linux 3.0
redhat enterprise_linux 2.1
turbolinux turbolinux_appliance_server 1.0_workgroup_edition
kde koffice 1.4.1
ubuntu ubuntu_linux 4.1
sco openserver 6.0
turbolinux turbolinux_desktop 10.0
turbolinux turbolinux fuji
tetex tetex 1.0.7
redhat fedora_core core_2.0
kde koffice 1.4.2
turbolinux turbolinux 10
suse suse_linux 9.1
mandrakesoft mandrake_linux 10.1
xpdf xpdf 3.0
trustix secure_linux 3.0
redhat enterprise_linux_desktop 4.0
poppler poppler 0.4.2
slackware slackware_linux 10.2
redhat fedora_core core_3.0
mandrakesoft mandrake_linux_corporate_server 2.1
redhat linux 9.0
turbolinux turbolinux_server 10.0
turbolinux turbolinux_server 10.0_x86
suse suse_linux 10.0
ubuntu ubuntu_linux 5.04
CVE-2005-3626 MEDIUM

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
redhat linux_advanced_workstation 2.1
mandrakesoft mandrake_linux 2006
ubuntu ubuntu_linux 5.10
easy_software_products cups 1.1.23
kde kpdf 3.2
suse suse_linux 9.3
turbolinux turbolinux_personal *
easy_software_products cups 1.1.22_rc1
kde koffice 1.4
turbolinux turbolinux_multimedia *
kde kdegraphics 3.4.3
tetex tetex 2.0.1
kde kdegraphics 3.2
redhat enterprise_linux 3.0
slackware slackware_linux 9.1
tetex tetex 3.0
gentoo linux *
turbolinux turbolinux_appliance_server 1.0_hosting_edition
tetex tetex 2.0
libextractor libextractor *
mandrakesoft mandrake_linux 10.2
debian debian_linux 3.1
redhat enterprise_linux_desktop 3.0
slackware slackware_linux 9.0
conectiva linux 10.0
suse suse_linux 9.0
kde kpdf 3.4.3
suse suse_linux 1.0
trustix secure_linux 2.0
redhat enterprise_linux 4.0
trustix secure_linux 2.2
turbolinux turbolinux_workstation 8.0
redhat fedora_core core_4.0
redhat linux 7.3
easy_software_products cups 1.1.22
suse suse_linux 9.2
tetex tetex 2.0.2
easy_software_products cups 1.1.23_rc1
turbolinux turbolinux_server 8.0
turbolinux turbolinux_home *
kde kword 1.4.2
mandrakesoft mandrake_linux_corporate_server 3.0
sgi propack 3.0
redhat fedora_core core_1.0
sco openserver 5.0.7
slackware slackware_linux 10.0
slackware slackware_linux 10.1
debian debian_linux 3.0
redhat enterprise_linux 2.1
turbolinux turbolinux_appliance_server 1.0_workgroup_edition
kde koffice 1.4.1
ubuntu ubuntu_linux 4.1
sco openserver 6.0
turbolinux turbolinux_desktop 10.0
turbolinux turbolinux fuji
tetex tetex 1.0.7
redhat fedora_core core_2.0
kde koffice 1.4.2
turbolinux turbolinux 10
suse suse_linux 9.1
mandrakesoft mandrake_linux 10.1
xpdf xpdf 3.0
trustix secure_linux 3.0
redhat enterprise_linux_desktop 4.0
poppler poppler 0.4.2
slackware slackware_linux 10.2
redhat fedora_core core_3.0
mandrakesoft mandrake_linux_corporate_server 2.1
redhat linux 9.0
turbolinux turbolinux_server 10.0
turbolinux turbolinux_server 10.0_x86
suse suse_linux 10.0
ubuntu ubuntu_linux 5.04
CVE-2005-3785 MEDIUM

Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX (eix) before 0.5.0_pre2 allows local users to overwrite arbitrary files via a symlink attack on the exi.X.sync temporary file, which is processed by the diff-eix program.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gentoo linux_eix *
CVE-2005-4279 HIGH

Untrusted search path vulnerability in Qt-UnixODBC before 3.3.4-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gentoo qt-unixodbc *
CVE-2005-4595 HIGH

Untrusted search path vulnerability (RPATH) in XnView 1.70 and NView 4.51 on Gentoo Linux allows local users to execute arbitrary code via a malicious library in the current working directory.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gentoo nview 4.51
gentoo xnview 1.70
CVE-2006-0071 MEDIUM

The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gentoo linux *
gentoo app-crypt_pinentry 0.7.2
CVE-2006-1390 MEDIUM

The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a and earlier, and Slash'EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files to execute arbitrary code via buffer overflows and overwrite arbitrary files via symlink attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gentoo linux 0.5
gentoo linux 0.7
gentoo linux 1.4
gentoo linux 1.2
gentoo linux 1.1a
CVE-2006-3005 MEDIUM

The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted JPEG file that exceeds the intended memory limits.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gentoo media-libs_jpeg 6b
gentoo linux *
CVE-2007-3508 HIGH

Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitable for code execution

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
gentoo glibc *
CVE-2008-0386 MEDIUM

Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2) xdg-email.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
gentoo xdg-utils *
CVE-2008-1078 HIGH

expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-59,

Products Affected

Vendor Product Version
gentoo linux *
rpath rpath_linux *
CVE-2008-4579 LOW

The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
gentoo fence 2.02.00
gentoo cman 2.02.00
CVE-2008-4580 HIGH

fence_manual, as used in fence 2.02.00-r1 and possibly cman, allows local users to modify arbitrary files via a symlink attack on the fence_manual.fifo temporary file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-59,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
gentoo fence 2.02.00
gentoo cman 2.02.00
CVE-2011-1098 LOW

Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.

CVSS 2.0

Severity: LOW

Problem Type: CWE-362,

Products Affected

Vendor Product Version
gentoo logrotate 3.3
gentoo logrotate 3.6.5
gentoo logrotate 3.7.7
gentoo logrotate 3.7
gentoo logrotate 3.7.2
gentoo logrotate 3.7.6
gentoo logrotate 3.5.9
gentoo logrotate 3.7.1
gentoo logrotate 3.7.8
gentoo logrotate *
CVE-2011-1154 MEDIUM

The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
gentoo logrotate 3.3
gentoo logrotate 3.6.5
gentoo logrotate 3.7.7
gentoo logrotate 3.7
gentoo logrotate 3.7.2
gentoo logrotate 3.7.6
gentoo logrotate 3.5.9
gentoo logrotate 3.7.1
gentoo logrotate 3.7.8
gentoo logrotate *
CVE-2011-1155 LOW

The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.

CVSS 2.0

Severity: LOW

Problem Type: CWE-399,

Products Affected

Vendor Product Version
gentoo logrotate 3.3
gentoo logrotate 3.6.5
gentoo logrotate 3.7.7
gentoo logrotate 3.7
gentoo logrotate 3.7.2
gentoo logrotate 3.7.6
gentoo logrotate 3.5.9
gentoo logrotate 3.7.1
gentoo logrotate 3.7.8
gentoo logrotate *
CVE-2011-1548 MEDIUM

The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by /var/log/postgresql/.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
gentoo logrotate *
CVE-2011-1549 MEDIUM

The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
gentoo logrotate *
CVE-2011-1550 MEDIUM

The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
gentoo logrotate *
CVE-2013-0348 LOW

thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
opensuse opensuse 12.3
open_source_development_team sthttpd *
open_source_development_team sthttpd 2.26.3
opensuse opensuse 13.1
opensuse opensuse 12.2
fedoraproject fedora 17
open_source_development_team sthttpd 2.26
open_source_development_team sthttpd 2.26.1
open_source_development_team sthttpd 2.26.2
acme thttpd 2.25
fedoraproject fedora 18
gentoo linux *
CVE-2013-2031 MEDIUM

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
mediawiki mediawiki 1.13.3
mediawiki mediawiki 1.20.1
mediawiki mediawiki 1.11.0
mediawiki mediawiki 1.11.2
mediawiki mediawiki 1.12.1
mediawiki mediawiki 1.1.0
mediawiki mediawiki 1.19
mediawiki mediawiki 1.15.4
gentoo linux *
mediawiki mediawiki 1.18.1
mediawiki mediawiki 1.15.1
mediawiki mediawiki 1.16.1
mediawiki mediawiki 1.19.3
mediawiki mediawiki 1.19.4
mediawiki mediawiki 1.17.2
mediawiki mediawiki 1.15.3
mediawiki mediawiki 1.10.1
mediawiki mediawiki 1.18
mediawiki mediawiki 1.10.4
mediawiki mediawiki 1.19.2
mediawiki mediawiki 1.20.2
mediawiki mediawiki 1.12.2
mediawiki mediawiki 1.16.2
mediawiki mediawiki 1.10.2
mediawiki mediawiki 1.10.0
mediawiki mediawiki 1.15.2
mediawiki mediawiki 1.14.0
mediawiki mediawiki *
mediawiki mediawiki 1.18.3
mediawiki mediawiki 1.17.3
mediawiki mediawiki 1.15.0
mediawiki mediawiki 1.19.1
mediawiki mediawiki 1.18.0
mediawiki mediawiki 1.20.4
mediawiki mediawiki 1.13.0
mediawiki mediawiki 1.18.2
mediawiki mediawiki 1.17.1
mediawiki mediawiki 1.16.0
mediawiki mediawiki 1.20.3
mediawiki mediawiki 1.10.3
mediawiki mediawiki 1.17.0
mediawiki mediawiki 1.19.0
mediawiki mediawiki 1.17.4
mediawiki mediawiki 1.11
mediawiki mediawiki 1.13.4
mediawiki mediawiki 1.17
mediawiki mediawiki 1.15.5
mediawiki mediawiki 1.13.2
mediawiki mediawiki 1.12.3
mediawiki mediawiki 1.11.1
mediawiki mediawiki 1.14.1
mediawiki mediawiki 1.12.0
mediawiki mediawiki 1.12.4
mediawiki mediawiki 1.13.1
CVE-2013-2032 MEDIUM

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
mediawiki mediawiki 1.13.3
mediawiki mediawiki 1.20.1
mediawiki mediawiki 1.11.0
mediawiki mediawiki 1.11.2
mediawiki mediawiki 1.12.1
fedoraproject fedora 18
mediawiki mediawiki 1.1.0
mediawiki mediawiki 1.19
mediawiki mediawiki 1.15.4
gentoo linux *
mediawiki mediawiki 1.18.1
mediawiki mediawiki 1.15.1
mediawiki mediawiki 1.16.1
mediawiki mediawiki 1.19.3
mediawiki mediawiki 1.19.4
mediawiki mediawiki 1.17.2
mediawiki mediawiki 1.15.3
mediawiki mediawiki 1.10.1
mediawiki mediawiki 1.18
mediawiki mediawiki 1.10.4
mediawiki mediawiki 1.19.2
mediawiki mediawiki 1.20.2
mediawiki mediawiki 1.12.2
mediawiki mediawiki 1.16.2
mediawiki mediawiki 1.10.2
mediawiki mediawiki 1.10.0
mediawiki mediawiki 1.15.2
mediawiki mediawiki 1.14.0
mediawiki mediawiki *
mediawiki mediawiki 1.18.3
mediawiki mediawiki 1.17.3
mediawiki mediawiki 1.15.0
mediawiki mediawiki 1.19.1
mediawiki mediawiki 1.18.0
mediawiki mediawiki 1.20.4
mediawiki mediawiki 1.13.0
mediawiki mediawiki 1.18.2
mediawiki mediawiki 1.17.1
mediawiki mediawiki 1.16.0
mediawiki mediawiki 1.20.3
mediawiki mediawiki 1.10.3
mediawiki mediawiki 1.17.0
mediawiki mediawiki 1.19.0
mediawiki mediawiki 1.17.4
mediawiki mediawiki 1.11
mediawiki mediawiki 1.13.4
mediawiki mediawiki 1.17
mediawiki mediawiki 1.15.5
fedoraproject fedora 17
mediawiki mediawiki 1.13.2
fedoraproject fedora 19
mediawiki mediawiki 1.12.3
mediawiki mediawiki 1.11.1
mediawiki mediawiki 1.14.1
mediawiki mediawiki 1.12.0
mediawiki mediawiki 1.12.4
mediawiki mediawiki 1.13.1
CVE-2013-2100 HIGH

The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a crafted certificate.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-310,

Products Affected

Vendor Product Version
gentoo portage 2.1.12
CVE-2013-4223 MEDIUM

The Gentoo Nullmailer package before 1.11-r2 uses world-readable permissions for /etc/nullmailer/remotes, which allows local users to obtain SMTP authentication credentials by reading the file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
gentoo nullmailer 1.11
CVE-2014-4909 MEDIUM

Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
transmissionbt transmission 2.33
transmissionbt transmission 1.72
transmissionbt transmission 1.92
transmissionbt transmission 1.42
transmissionbt transmission 1.30
transmissionbt transmission 0.95
transmissionbt transmission 1.90
transmissionbt transmission *
transmissionbt transmission 1.54
transmissionbt transmission 1.53
transmissionbt transmission 2.10
fedoraproject fedora 20
transmissionbt transmission 2.12
transmissionbt transmission 2.32
transmissionbt transmission 1.51
transmissionbt transmission 2.11
transmissionbt transmission 1.10
transmissionbt transmission 1.93
transmissionbt transmission 2.21
transmissionbt transmission 1.75
transmissionbt transmission 2.76
transmissionbt transmission 1.00
transmissionbt transmission 0.94
transmissionbt transmission 1.80
transmissionbt transmission 2.82
transmissionbt transmission 0.4
transmissionbt transmission 1.11
transmissionbt transmission 2.80
transmissionbt transmission 1.2
transmissionbt transmission 2.61
transmissionbt transmission 2.50
transmissionbt transmission 1.34
transmissionbt transmission 2.75
transmissionbt transmission 1.20
transmissionbt transmission 0.1
transmissionbt transmission 1.52
transmissionbt transmission 1.82
transmissionbt transmission 2.42
transmissionbt transmission 0.6.1
transmissionbt transmission 2.70
transmissionbt transmission 0.96
transmissionbt transmission 1.61
transmissionbt transmission 1.81
transmissionbt transmission 0.80
transmissionbt transmission 1.50
transmissionbt transmission 2.60
transmissionbt transmission 2.31
transmissionbt transmission 2.72
transmissionbt transmission 1.83
transmissionbt transmission 1.03
transmissionbt transmission 2.00
transmissionbt transmission 2.13
transmissionbt transmission 2.03
transmissionbt transmission 0.81
transmissionbt transmission 0.3
transmissionbt transmission 0.90
transmissionbt transmission 2.71
transmissionbt transmission 1.01
transmissionbt transmission 2.04
gentoo linux *
transmissionbt transmission 0.93
transmissionbt transmission 1.70
transmissionbt transmission 2.52
transmissionbt transmission 1.40
transmissionbt transmission 1.05
transmissionbt transmission 2.81
transmissionbt transmission 2.51
transmissionbt transmission 2.01
transmissionbt transmission 2.22
transmissionbt transmission 2.77
transmissionbt transmission 0.92
transmissionbt transmission 1.91
transmissionbt transmission 1.02
transmissionbt transmission 1.04
transmissionbt transmission 0.71
transmissionbt transmission 1.74
transmissionbt transmission 2.41
transmissionbt transmission 2.73
transmissionbt transmission 1.22
transmissionbt transmission 2.30
transmissionbt transmission 1.71
canonical ubuntu_linux 14.04
transmissionbt transmission 1.06
transmissionbt transmission 1.73
transmissionbt transmission 1.33
transmissionbt transmission 0.82
transmissionbt transmission 0.91
transmissionbt transmission 1.21
transmissionbt transmission 1.31
canonical ubuntu_linux 13.10
transmissionbt transmission 2.20
transmissionbt transmission 0.72
transmissionbt transmission 1.60
transmissionbt transmission 0.6
transmissionbt transmission 1.77
transmissionbt transmission 2.74
canonical ubuntu_linux 12.04
transmissionbt transmission 1.32
transmissionbt transmission 1.76
transmissionbt transmission 0.70
transmissionbt transmission 0.2
transmissionbt transmission 2.02
transmissionbt transmission 2.40
transmissionbt transmission 0.5
transmissionbt transmission 1.41
CVE-2014-9622 MEDIUM

Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
gentoo xdg-utils 1.1.0
CVE-2016-20021

In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
gentoo portage *
CVE-2017-14483 MEDIUM

flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
gentoo dev-python-flower *
CVE-2017-14484 MEDIUM

The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users to gain privileges by creating a hard link under /var/lib/gimps, because an unsafe "chown -R" command is executed.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
gentoo sci-mathematics-gimps 28.10
CVE-2019-20384 LOW

Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-362,

Products Affected

Vendor Product Version
gentoo portage *
CVE-2020-36770

pkg_postinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root's ownership on files in the live root filesystem. This could be exploited by the slurm user to become the owner of root-owned files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
gentoo ebuild_for_slurm *
CVE-2023-26033

Gentoo soko is the code that powers packages.gentoo.org. Versions prior to 1.0.1 are vulnerable to SQL Injection, leading to a Denial of Service. If the user selects (in user preferences) the "Recently Visited Packages" view for the index page, the value of the `search_history` cookie is used as a base64 encoded comma separated list of atoms. These are string loaded directly into the SQL query with `atom = '%s'` format string. As a result, any user can modify the browser's cookie value and inject most SQL queries. A proof of concept malformed cookie was generated that wiped the database or changed it's content. On the database, only public data is stored, so there is no confidentiality issues to site users. If it is known that the database was modified, a full restoration of data is possible by performing a full database wipe and performing full update of all components. This issue is patched with commit id 5ae9ca83b73. Version 1.0.1 contains the patch. If users are unable to upgrade immediately, the following workarounds may be applied: (1.) Use a proxy to always drop the `search_history` cookie until upgraded. The impact on user experience is low. (2.) Sanitize to the value of `search_history` cookie after base64 decoding it.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

Products Affected

Vendor Product Version
gentoo soko *
CVE-2023-28424

Soko if the code that powers packages.gentoo.org. Prior to version 1.0.2, the two package search handlers, `Search` and `SearchFeed`, implemented in `pkg/app/handler/packages/search.go`, are affected by a SQL injection via the `q` parameter. As a result, unauthenticated attackers can execute arbitrary SQL queries on `https://packages.gentoo.org/`. It was also demonstrated that primitive was enough to gain code execution in the context of the PostgreSQL container. The issue was addressed in commit `4fa6e4b619c0362728955b6ec56eab0e0cbf1e23y` of version 1.0.2 using prepared statements to interpolate user-controlled data in SQL queries.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
gentoo soko *
CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

Products Affected

Vendor Product Version
ssh ssh *
ssh2_project ssh2 *
connectbot sshlib *
apple macos *
filezilla-project filezilla_client *
crates thrussh *
debian debian_linux 10.0
bitvise ssh_server *
panic transmit_5 *
netgate pfsense_plus *
redhat openshift_api_for_data_protection -
lancom-systems lcos_sx 5.20
apache sshd *
redhat openshift_developer_tools_and_services -
redhat single_sign-on 7.0
dropbear_ssh_project dropbear_ssh *
proftpd proftpd *
redhat openshift_pipelines -
redhat openshift_data_foundation 4.0
netgate pfsense_ce *
redhat jboss_enterprise_application_platform 7.0
netsarang xshell_7 *
panic nova *
microsoft powershell *
paramiko paramiko *
lancom-systems lcos *
apache sshj *
redhat enterprise_linux 8.0
redhat openstack_platform 16.2
asyncssh_project asyncssh *
libssh libssh *
redhat storage 3.0
lancom-systems lcos_sx 4.20
jadaptive maverick_synergy_java_ssh_api *
redhat advanced_cluster_security 4.0
redhat discovery -
libssh2 libssh2 *
golang crypto *
tera_term_project tera_term *
redhat enterprise_linux 9.0
tinyssh tinyssh *
net-ssh net-ssh 7.2.0
roumenpetrov pkixssh *
redhat openshift_gitops -
winscp winscp *
openbsd openssh *
redhat openshift_serverless -
fedoraproject fedora 38
redhat openstack_platform 16.1
redhat openshift_container_platform 4.0
crushftp crushftp *
oryx-embedded cyclone_ssh *
fedoraproject fedora 39
erlang erlang/otp *
redhat keycloak -
russh_project russh *
bitvise ssh_client *
lancom-systems lanconfig -
matez jsch *
redhat cert-manager_operator_for_red_hat_openshift -
redhat advanced_cluster_security 3.0
freebsd freebsd *
vandyke securecrt *
redhat openstack_platform 17.1
putty putty *
kitty_project kitty *
redhat ceph_storage 6.0
trilead ssh2 6401
lancom-systems lcos_lx -
gentoo security -
redhat openshift_dev_spaces -
lancom-systems lcos_fx -
sftpgo_project sftpgo *
redhat openshift_virtualization 4
thorntech sftp_gateway_firmware *
CVE-2024-12084

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
gentoo linux -
samba rsync 3.2.7
tritondatacenter smartos *
redhat enterprise_linux 10.0
archlinux arch_linux -
almalinux almalinux 10.0
nixos nixos *
novell suse_linux -
samba rsync 3.3.0
nixos nixos 24.11
CVE-2024-12085

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 9.4
redhat enterprise_linux_for_power_little_endian 9.2_ppc64le
redhat enterprise_linux_eus 9.6
redhat enterprise_linux_update_services_for_sap_solutions 8.6
redhat enterprise_linux_for_arm_64 9.0_aarch64
redhat enterprise_linux_for_power_little_endian_eus 9.6_ppc64le
redhat enterprise_linux_for_arm_64_eus 8.8_aarch64
redhat openshift_container_platform 4.15
redhat enterprise_linux_server_aus 9.4
redhat enterprise_linux_server 6.0
redhat enterprise_linux_eus 8.8
redhat enterprise_linux_for_power_little_endian_eus 9.4_ppc64le
almalinux almalinux 10.0
redhat enterprise_linux_for_ibm_z_systems 8.0_s390x
redhat enterprise_linux_update_services_for_sap_solutions 9.2
redhat openshift_container_platform 4.17
redhat enterprise_linux_server_tus 8.8
redhat enterprise_linux_server_aus 9.6
almalinux almalinux 9.0
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.6_ppc64le
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.2_ppc64le
redhat enterprise_linux_for_ibm_z_systems_eus 8.8_s390x
redhat enterprise_linux_for_ibm_z_systems_eus 9.4_s390x
redhat enterprise_linux_for_ibm_z_systems 9.2_s390x
redhat enterprise_linux_for_arm_64_eus 9.6_aarch64
redhat enterprise_linux 8.0
redhat openshift_container_platform 4.16
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.4_ppc64le
redhat openshift_container_platform 4.12
redhat enterprise_linux_update_services_for_sap_solutions 9.6
redhat enterprise_linux 9.0
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.0_ppc64le
suse suse_linux -
redhat enterprise_linux_for_ibm_z_systems_eus 9.6_s390x
redhat enterprise_linux_server_tus 8.6
archlinux arch_linux -
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.6_ppc64le
nixos nixos *
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_for_power_little_endian 9.0_ppc64le
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_for_arm_64 8.0_aarch64
almalinux almalinux 8.0
tritondatacenter smartos *
samba rsync *
redhat enterprise_linux_eus 9.2
redhat enterprise_linux_for_arm_64_eus 9.4_aarch64
redhat enterprise_linux_update_services_for_sap_solutions 8.4
redhat enterprise_linux_update_services_for_sap_solutions 9.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 8.6
gentoo linux -
redhat openshift_container_platform 4.13
redhat enterprise_linux_for_arm_64 9.2_aarch64
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.8_ppc64le
redhat enterprise_linux_for_power_little_endian 8.0_ppc64le
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.4_ppc64le
redhat openshift 5.0
redhat enterprise_linux_server_aus 9.2
redhat enterprise_linux_for_ibm_z_systems 9.0_s390x
redhat openshift_container_platform 4.14
redhat enterprise_linux_for_power_little_endian 8.8_ppc64le
CVE-2024-12086

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N 1.6 4.0

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
suse suse_linux -
archlinux arch_linux -
almalinux almalinux 10.0
redhat enterprise_linux 7.0
nixos nixos *
redhat enterprise_linux 6.0
gentoo linux -
redhat enterprise_linux 8.0
redhat openshift_container_platform 4.0
almalinux almalinux 8.0
tritondatacenter smartos *
redhat enterprise_linux 10.0
samba rsync *
almalinux almalinux 9.0
CVE-2024-12087

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 9.6
redhat enterprise_linux_for_arm_64 9.0_aarch64
redhat enterprise_linux_update_services_for_sap_solutions 9.6
redhat enterprise_linux 9.0
redhat enterprise_linux_for_power_little_endian_eus 9.6_ppc64le
suse suse_linux -
redhat enterprise_linux_for_ibm_z_systems_eus 9.6_s390x
archlinux arch_linux -
almalinux almalinux 10.0
redhat enterprise_linux_for_ibm_z_systems 8.0_s390x
nixos nixos *
redhat enterprise_linux_for_power_little_endian 9.0_ppc64le
redhat enterprise_linux_for_arm_64 8.0_aarch64
almalinux almalinux 8.0
tritondatacenter smartos *
samba rsync *
redhat enterprise_linux_server_aus 9.6
almalinux almalinux 9.0
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.6_ppc64le
gentoo linux -
redhat enterprise_linux_for_power_little_endian 8.0_ppc64le
redhat enterprise_linux_for_arm_64_eus 9.6_aarch64
redhat enterprise_linux 8.0
redhat enterprise_linux_for_ibm_z_systems 9.0_s390x
CVE-2024-12088

A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6
secalert@redhat.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 9.6
redhat enterprise_linux_for_arm_64 9.0_aarch64
redhat enterprise_linux_update_services_for_sap_solutions 9.6
redhat enterprise_linux 9.0
redhat enterprise_linux_for_power_little_endian_eus 9.6_ppc64le
redhat enterprise_linux_for_ibm_z_systems_eus 9.6_s390x
archlinux arch_linux -
almalinux almalinux 10.0
redhat enterprise_linux_for_ibm_z_systems 8.0_s390x
nixos nixos *
redhat enterprise_linux 6.0
redhat enterprise_linux_for_power_little_endian 9.0_ppc64le
redhat discovery 1.14
redhat enterprise_linux_for_arm_64 8.0_aarch64
redhat openshift_container_platform 4.0
almalinux almalinux 8.0
tritondatacenter smartos *
samba rsync *
redhat enterprise_linux_server_aus 9.6
almalinux almalinux 9.0
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.6_ppc64le
redhat enterprise_linux 7.0
gentoo linux -
redhat enterprise_linux_for_power_little_endian 8.0_ppc64le
redhat enterprise_linux_for_arm_64_eus 9.6_aarch64
redhat enterprise_linux 8.0
redhat enterprise_linux 10.0
redhat enterprise_linux_for_ibm_z_systems 9.0_s390x
novell suse_linux -